Advanced Search
Content Type: Video
<br />
Links
Read more about the ICO's provisional decision
Support our work
You can find out more about Clearview by listening to our podcast: The end of privacy? The spread of facial recognition
Content Type: News & Analysis
Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019.
This first landmark…
Content Type: Long Read
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: Explainer
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content Type: News & Analysis
New technologies continue to present great risks and opportunities for any users but for some communities the implications and harms can have severe consequences and one of the sectors facing increasing challenges to keep innovating whilst protecting themselves and the people they serve is the humanitarian sector.
Over the course of engagement with the humanitarian sector, one of our key observations has been how risk assessments undertaken in the sector omitted to integrate a hollistic…
Content Type: News & Analysis
In September 2019, PI published the report Your Mental Health for Sale. Our investigation looked into popular mental health websites and their data sharing practices.
Our findings suggest that, at the time of the research, most websites we looked at were using third party tracking for advertising purposes, sometimes relying on programmatic advertising technologies such as Real Time Bidding (RTB), sharing personal data with potentially thousands of actors. Some websites were also found sharing…
Content Type: Call to Action
You might have read our investigation into advertisers who upload your data on Facebook and found out some companies doing the same to you. Well, you can join us and hold them accountable by sending your own Data Subject Access Request (DSAR)!
Before you get started we suggest you read our FAQ and take a look at our 7+1 tips to make the most out of your DSAR before and after.
To do so you simply need to copy the message bellow and send it to the companies that uploaded your data…
Content Type: Report
Back in October 2019, PI started investigating advertisers who uploaded personal data to Facebook for targeted advertising purposes. We decided to take a look at "Advertisers Who Uploaded a Contact List With Your Information", a set of information that Facebook provides to users about advertisers who upload files containing their personal data (including unique identifier such as phone numbers, emails etc...). Looking at the limited and often inaccurate information provided by Facebook through…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of COVID-19, governments around the world are rushing to track the locations of their populace.
In this third installment of our Covid-19 tracking technology primers, we look at Satellite Navigation technology. In Part 1 of our mini-series on we discussed apps that use Bluetooth for proximity tracking. Telecommunications operators ('telcos'), which we discussed in Part 2, are also handing over customer data, showing the cell towers…
Content Type: Long Read
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content Type: Long Read
Valentine’s Day is traditionally a day to celebrate relationships, but many relationships that begin romantically can quickly become controlling, with partners reading emails, checking texts and locations of social media posts. This can be just the beginning.
Today, Friday 14th February, Privacy International and Women’s Aid are launching a series of digital social media cards giving women practical information on how to help stay safe digitally from control and abuse.
Did you know…
Content Type: News & Analysis
Yesterday, we found out that Google has been reported to collect health data records as part of a project it has named “Project Nightingale”. In a partnership with Ascension, Google has purportedly been amassing data for about a year on patients in 21 US states in the form of lab results, doctor diagnoses and hospitalization records, among other categories, which amount to a complete health history, including patient names and dates of birth.
This comes just days after the news of Google'…
Content Type: News & Analysis
Even if we are not Fitbit users, we all need to stop and think about the implications of this merger. There is a reason that our health data is subject to higher levels of protection - its intimate, reveals vast amounts about our everyday lives, and the potential consequences if exploited can be devastating. Google should be keeping its hands off our health data.
Sign our letter to the European Commission, asking them to block the Google/Fitbit merger.
Let's tell Google, 'NOT ON OUR WATCH!'
Content Type: Examples
A woman was killed by a spear to the chest at her home in Hallandale Beache, Florida, north of Miami, in July. Witness "Alexa" has been called yet another time to give evidence and solve the mystery. The police is hoping that the smart assistance Amazon Echo, known as Alexa, was accidentally activated and recorded key moments of the murder. “It is believed that evidence of crimes, audio recordings capturing the attack on victim Silvia Crespo that occurred in the main bedroom … may be found on…
Content Type: Long Read
Photo by Nadine Shaabana on Unsplash
Digital identity providers
Around the world, we are seeing the growth of digital IDs, and companies looking to offer ways for people to prove their identity online and off. The UK is no exception; indeed, the trade body for the UK tech industry is calling for the development of a “digital identity ecosystem”, with private companies providing a key role. Having a role for private companies in this sector is not necessarily a problem: after all, …
Content Type: Examples
In August 2017, it was reported that a researcher scraped videos of transgender Youtubers documenting their transition process without informing them or asking their permission, as part of an attempt to train artificial intelligence facial recognition software to be able to identify transgender people after they have transitioned.
These videos were primarily of transgender people sharing the progress and results of hormone replacement therapy, including video diaries and time-lapse videos. The…
Content Type: Examples
In January 2019, Facebook announced that as of February 28 the site would add more information to that displayed when users click on the "Why am I seeing this?" button that appears next to ads on the service. Along with the brand that paid for the ad, some of the biographical details they'd targeted, and whether they'd uploaded the user's contact information, Facebook would also show when the contact information was uploaded, whether it was by the brand or one of their partners, and when access…
Content Type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content Type: Examples
In August 2018, banks and merchants had begun tracking the physical movements users make with input devices - keyboard, mouse, finger swipes - to aid in blocking automated attacks and suspicious transactions. In some cases, however, sites are amassing tens of millions of identifying "behavioural biometrics" profiles. Users can't tell when the data is being collected. With passwords and other personal information used to secure financial accounts under constant threat from data breaches, this…
Content Type: Examples
Cookies and other tracking mechanisms are enabling advertisers to manipulate consumers in new ways. For $29, The Spinner will provide a seemingly innocent link containing an embedded cookie that will allow the buyer to deliver targeted content to their chosen recipient. The service advertises packages aimed at men seeking to influence their partners to initiate sex, people trying to encourage disliked colleagues to seek new jobs, and teens trying to get their parents to get a dog. However,…
Content Type: Examples
In July 2018, Dutch researcher Foeke Postma discovered that Polar, the manufacturer of the world's first wireless heart rate monitor manufacturer, was exposing the heart rates, routes, dates, times, duration, and pace of exercises performed by individuals at military sites and at their homes via its social platform, Polar Flow. Polar placed these individuals at particular risk by showing all the exercises a particular individual has completed since 2014 on a single global map. Postma was able…
Content Type: Examples
In June 2018, Uber filed a US patent application for technology intended to help the company identify drunk riders by comparing data from new ride requests to past requests made by the same user. Conclusions drawn from data such as the number of typos or the angle at which the rider is holding the phone would determine which, if any, driver they were matched with. What plans the company may have for the technology is unknown; however, critics expressed concerns that it could deter prospective…
Content Type: Examples
In October 2018 Amazon patented a new version of its Alexa virtual assistant that would analyse speech to identify signs of illness or emotion and offer to sell remedies. The patent also envisions using the technology to target ads. Although the company may never exploit the patent, the NHS had previously announced it intended to make information from its online NHS Choices service available via Alexa.
https://www.telegraph.co.uk/technology/2018/10/09/amazon-patents-new-alexa-feature-knows-…
Content Type: Examples
In March 2018 the Palo Alto startup Mindstrong Health, founded by three doctors, began clinical tests of an app that uses patients' interactions with their smartphones to monitor their mental state. The app, which is being tested on people with serious illness, measures the way patients swipe, tap, and type into their phones; the encrypted baseline and ongoing data is then analysed using machine learning to find patterns that indicate brain disorders such as a relapse into depression, substance…
Content Type: Examples
In 2018, a Duke University medical doctor who worked with Microsoft researchers to analyse millions of Bing user searches found links between some computer users' physical behaviours - tremors while using a mouse, repeated queries, and average scrolling speed - and Parkinson's disease. The hope was to be able to diagnose conditions like Parkinson's and Alzheimer's earlier and more accurately. Other such studies tracked participants via a weekly online health survey, mouse usage, and, via…
Content Type: Examples
In 2017, the Massachusetts attorney general's office reached an agreement under which Boston-based Copley Advertising agreed to eschew sending mobile ads to patients visiting Planned Parenthood and other health clinics. In 2015, Copley's geofencing technique used location information from smartphones and other internet-enabled devices to target "abortion-minded" women and send them ads for alternatives to abortion in a campaign it conducted on behalf of a Christian pregnancy counselling and…
Content Type: Examples
In 2011, the US Department of Homeland Security funded research into a virtual border agent kiosk called AVATAR, for Automated Virtual Agent for Truth Assessments in Real-Time, and tested it at the US-Mexico border on low-risk travellers who volunteered to participate. In the following years, the system was also tested by Canada's Border Services Agency in 2016 and the EU border agency Frontex in 2014. The research team behind the system, which included the University of Arizona, claimed the…
Content Type: Examples
In 2018, the EU announced iBorderCtrl, a six-month pilot led by the Hungarian National Police to install an automated lie detection test at four border crossing points in Hungary, Latvia, and Greece. The system uses an animated AI border agent that records travellers' faces while asking questions such as "What's in your suitcase?". The AI then analyses the video, scoring each response for 38 microexpressions. Travellers who pass will be issued QR codes to let them through; those who don't will…