Advanced Search
Content Type: Press release
La CNIL a aujourd'hui prononcé une sévère sanction contre Criteo, une des plus grandes sociétés françaises de pistage et publicité en ligne. Le montant de l'amende a été réduit de 60 à 40 millions d'euros depuis l'audience qui s'est tenue à la CNIL en Mars 2023, durant laquelle Criteo avait mis en avant son bénéfice net de 10 millions d'euros en 2022 pour plaider en faveur d'une réduction de sa peine. La CNIL semble avoir entendu ces arguments, mais a heureusement maintenu une amende…
Content Type: Press release
French data regulator CNIL announced today a strong sanction against Criteo, one of the world's largest AdTech companies. Although close to the maximum GDPR fine, the amount of the fine was reduced from 60 to 40 million following a hearing at CNIL's offices in March 2023, during which Criteo pleaded for a reduced fine in light of its 10 million euros profit in 2022. CNIL seems to have acknowledged this argument but maintained a significant fine. This sanction follows a Privacy International…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: Press release
Today, the European Court of Human Rights (ECtHR) has handed down a decision in a case brought by Privacy International and a coalition of internet and communications service providers and campaign groups including the Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US) (the “coalition”).
The case challenges the conduct of hacking operations abroad by one of the UK’s intelligence agencies, the Government Communications…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: Advocacy
Privacy International provided comments to the UK Financial Conduct Authority on the Terms of Reference to its Credit Information Market Study.
We highlighted that:
Credit data (whether ‘traditional’ credit data; data from Open Banking sources, or other sources of data like social media) are hugely revealing of people’s lives far beyond the state of their financial affairs.
The affects upon consumer behaviour of this use of data in the credit sector extends beyond the choices they…
Content Type: Advocacy
Dear Chair and Committee colleagues,
Privacy International is an international NGO, based in London, which works with partners around the world to challenge state and corporate surveillance and data exploitation. As part of our work, we have a dedicated programme “Defending Democracy and Dissent” where we advocate for limits on data exploitation throughout the electoral cycle.
We have been closely following the important work of the Committee. Prompted by the additional evidence provided…
Content Type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content Type: Long Read
It’s 15:10 pm on April 18, 2018. I’m in the Privacy International office, reading a news story on the use of facial recognition in Thailand. On April 20, at 21:10, I clicked on a CNN Money Exclusive on my phone. At 11:45 on May 11, 2018, I read a story on USA Today about Facebook knowing when teen users are feeling insecure.
How do I know all of this? Because I asked an advertising company called Quantcast for all of the data they have about me.
Most people will have never heard of…
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: Long Read
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content Type: Press release
Today, Privacy International, together with five internet and communications providers from around the world, have lodged an application before the European Court of Human Rights to challenge the British Government's use of bulk hacking abroad. Until we brought our original case at the Investigatory Powers Tribunal (IPT) in 2014, the Government had never admitted that it engaged in hacking. Now we are learning for the first time how far-reaching the Government's global hacking capabilities are…
Content Type: Long Read
This piece originally appeared here.
On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory…
Content Type: Long Read
The recent back and forth between Apple and the FBI over security measures in place to prevent unauthorised access to data has highlighted the gulf in understanding of security between technologists and law enforcement. Modern debates around security do not just involve the state and the individual, the private sector plays a very real role too. There are worrying implications for the safety and security of our devices. Today, a new company stepped in to this discussion -- though it had been…
Content Type: Press release
Privacy International and Human Rights Watch have submitted a briefing to a US court, arguing that compelling Apple to build new software for the FBI will be a dangerous game changer in the security of the technology we rely on every day. If the FBI wins its case against Apple, it will open the floodgates for governments across the world to make similar demands. Compelling technology companies to weaken the security of their products and services …
Content Type: News & Analysis
On Tuesday (16th February 2016) Apple posted a message to their customers stating that the company had been ordered by the FBI to “make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation.” Apple are currently opposing this order. A fascinating debate is currently playing out in the media about whether Apple should comply with or resist the FBI's demands.
Whatever…
Content Type: Press release
In response to the Investigatory Powers Tribunal (IPT) ruling today that GCHQ's hacking is lawful, we have issued the following press statement:
"We are disappointed by the IPT’s judgment today, which has found Government hacking lawful based on a broad interpretation of a law dating back to 1994, when the internet and mobile phone technology were in their infancy.
Until we brought this case, GCHQ would neither confirm nor deny that it was they were engaging in mass hacking of…
Content Type: Long Read
The Investigatory Powers Tribunal (“IPT”) today held that GCHQ hacking of computers, mobile devices and networks is lawful, wherever it occurs around the world. We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings.
Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights…
Content Type: Press release
Documents released today confirm GCHQ, the UK intelligence agency, is hacking computers in the United Kingdom without individual warrants. The documents contain previously unknown details and defenses of GCHQ's use of "thematic warrants" to hack. The legal challenge in which these documents are being disclosed was brought by Privacy International and seven internet and communications service providers from around the world in response to disclosures made by Edward Snowden.…
Content Type: Press release
The Government has quietly ushered through legislation amending the anti-hacking laws to exempt GCHQ from prosecution. Privacy International and other parties were notified of this just hours prior to a hearing of their claim against GCHQ's illegal hacking operations in the Investigatory Powers Tribunal.
In its legal filings, sent to Privacy International only the day before the hearing began, the Government notified claimants that the Computer Misuse Act was rewritten on 3 March 2015 to…
Content Type: Press release
The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
These startling admissions come from a government court document published today by Privacy International. The document was filed by the government in response to two …
Content Type: Press release
Privacy International today filed a legal complaint demanding an end to the unlawful hacking being carried out by GCHQ which, in partnership with the NSA, is infecting potentially millions of computer and mobile devices around the world with malicious software that gives them the ability to sweep up reams of content, switch on users' microphones or cameras, listen to their phone calls and track their locations.
The complaint, filed in the UK’s Investigatory Powers Tribunal, is the…
Content Type: Long Read
Today, Privacy International lodged a legal challenge to GCHQ's extensive and intrusive hacking of personal computers and devices. Below, we answer a few questions about the law underlying our complaint, and why it matters.
Is hacking legal?
As a result of the Snowden revelations, we have learned that GCHQ, often in partnership with the NSA, has been using malicious software to intrude upon our computers and mobile devices.
This type of activity, often called "hacking," is a…