Advanced Search
Content Type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content Type: Explainer
Imagine this: a power that secretly orders someone anywhere in the world to abide and the receiver can’t tell anyone, can’t even publicly say if they disagree, and can’t really question the power in open court because the secret order is, well, secret. Oh and that power affects billions of people’s security and their data. And despite being affected, we too can’t question the secret order.In this piece we will outline what’s ridiculous, the absurd, and the downright disturbing about what’s…
Content Type: News & Analysis
Edit: 13 March 2025 - You can find more about what happened next on our case pageOn February 21st, Apple disabled their ‘advanced data protection’ service for UK customers. That means no-one in Great Britain can now enable a powerful security safeguard that people who use Apple devices everywhere else on the planet can: user controlled end-to-end encryption of stored data.This is likely in response to a disturbing secret government power. Well, that’s what we think happened. We can’t know for…
Content Type: Advocacy
We responded to the Home Office consultation on codes of practices under the Investigatory Powers (Amendment) Act 2024 (IPAA). Our response focused on (1) the draft codes relating to bulk personal datasets with low or no reasonable expection of privacy, (2) third-party bulk personal datasets and (3) the notices regime. You can download our full response with its 23 recommendations for reform at the bottom of this page.'Low Privacy' Bulk Personal DatasetsThe IPAA introduces a new concept of…
Content Type: Video
Links - Read more about PI's work on encryption- Matt Blaze and crypto.com; you can now find Matt at mattblaze.org - More about ITAR and the export of cryptography- More about France's ban on encryption ending in this 1999 article from the Register- More about the Data Encryption Standard - Find out more about the Clipper Chip or take a look at this NY Times article from 1994 (paywalled)- Matt Blaze's flaw in the Clipper Chip- NSA Data Center and NSA holding data- An…
Content Type: Video
The case dealt with a Russian law obliging telecommunications service providers to indiscriminately retain content and communications data for certain time periods, as well as a 2017 disclosure order by the Russian Federal Security Service requiring Telegram Messenger company to disclose technical information which would facilitate “the decoding of communications”.Links:PI case pageECtHR judgment in the Podchasov casePI's work on encryptionPI's report on End-to-End Encryption (E2EE)More…
Content Type: Video
LinksFind out more about encryption:Computerphile on YouTube is a computer science professor with a range of useful and accessible videos on encryptionCloudflare have a helpful learning centre including this article on how encryption works and why cloudflare use Lava lamps to generate keysThis is a helpful article on Diffie-Hellman including a diagram of the colours demonstration, which Ed discusses during the podcastThis article is great for learning more about hashingAnd if you're interested…
Content Type: Report
Over the past years, data retention regulation imposing generalised and indiscriminate data retention obligations to telecommunication companies and Internet service provides has been introduced in various jurisdictions across the world. As the data retention practices across the world have evolved this new report is an attempt to shed some light on the current state of affairs in data retention regulation across ten key jurisdictions. Privacy International has consulted with human…
Content Type: Advocacy
BackgroundThe Snowden revelations and subsequent litigation have repeatedly identified unlawful state surveillance by UK agencies. In response, the UK Parliament passed the highly controversial Investigatory Powers Act 2016 (IPA), which authorised massive, suspicionless surveillance on a scale never seen before, with insufficient safeguards or independent oversight.Privacy International led legal challenges to this mass surveillance regime both before and after the Act became law. The Act…
Content Type: Long Read
In June 2023, the UK government announced its proposal to expand its surveillance powers by, among others, forcing communications operators to undermine encryption or abstain from providing security software updates globally. Building on our response to the government’s plans, this piece explains why what they want to do puts every one of us at risk.
Why your trust (to technologies you use) matters
Surveillance and privacy are complex concepts to grasp – it’s part of the appeal to us at PI.…
Content Type: Advocacy
We are responding to the UK Government's consultation to expand its powers around Technical Capabilities Notices and National Security Notices.
Background
Following Edward Snowden's revelations about the illegal and expansive secret powers of the US and UK intelligence agencies, the UK Government took the opportunity to, rather than reflect on what powers are proportionate in the modern era, to expand its arsenal of surveillance powers.
One of the powers it added was the ability to issue…
Content Type: Long Read
On 18th January, it was announced that end-to-end encrypted iCloud services, Advanced Data Protection, would be offered to Apple users globally.The offer of such level of security globally, while overdue, is a key step to ensuring trust and confidence in today’s world. There are too many threats to our data and our rights. Twelve years ago, we called on Apple to encrypt iCloud storage for users all around the world.Why this is importantWhile privacy and security is often portrayed as opposite…
Content Type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content Type: Long Read
Additionally, in January 2020 Privacy International and UK-based NGO Liberty filed a new claim against MI5 and the Secretary of State for the Home Department in the Investigatory Powers Tribunal (the “Ungoverned Spaces Case”, this time, the case sought to hold MI5 and the SSHD accountable for systemic, long-term failures in the way they handle and retain millions of people’s personal data. As part of this claim, PI requested that the IPT re-opens parts of the original BPD/BCD. This aspect of…
Content Type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content Type: Video
Find out more on our website: https://privacyinternational.org/long-read/4206/qa-eus-top-court-rules-uk-french-and-belgian-mass-surveillance-regimes-must-respect
And make sure we can keep taking these fights to court: support.privacyinternational.org
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify
Apple podcasts
Google podcasts
Castbox
Overcast
Pocket Casts
Peertube
Youtube
Stitcher
And more...
Content Type: Long Read
Q&A: EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy
Content Type: Press release
By treating everyone as a suspect, the bulk data collection or retention regimes engage European fundamental rights to privacy, data protection, freedom of expression, as guaranteed respectively by Articles 7, 8, and 11 of the EU Charter of Fundamental Rights.
Caroline Wilson Palow, Legal Director of Privacy International, said:
"Today’s judgment reinforces the rule of law in the EU. In these turbulent times, it serves as a reminder that no government should be above the law. Democratic…
Content Type: News & Analysis
Today Advocate General (AG) Campos Sánchez-Bordona of the Court of Justice of the European Union (CJEU), issued his opinions (C-623/17, C-511/18 and C-512/18 and C-520/18) on how he believes the Court should rule on vital questions relating to the conditions under which security and intelligence agencies in the UK, France and Belgium could have access to communications data retained by telecommunications providers.
The AG addressed two major questions:
(1) When states seek to impose…
Content Type: Press release
Today the Advocate General (AG) of the Court of Justice of the European Union (CJEU), Campos Sánchez-Bordona, issued his opinion on how he believes the Court should rule on vital questions relating to the conditions under which security and intelligence agencies in the UK, France and Belgium could have access to communications data retained by telecommunications providers.
The AG advises the following:
The UK’s collection of bulk communications data violates EU law.
The French and Belgium…
Content Type: News & Analysis
Privacy International welcomes the judgment of the European Court of Human Rights in Catt v the United Kingdom.The Court found that the UK violated the right to privacy (Article 8 of the European Convention on Human Rights) of Mr John Catt, a peace movement activist, who despite having never being convicted of any offence, had his name and other personal data included in a police database known as the “Extremism Database”. The Court found problematic "the variety of definitions of…
Content Type: Long Read
On 8 September 2017, the Investigatory Powers Tribunal decided to refer questions to the Court of Justice of the European Union (‘CJEU’) concerning the collection of bulk communications data (‘BCD’) by the Security Intelligence Agencies from mobile network operators.
The BCD regime was initially secret. In an earlier judgment, the Investigatory Powers Tribunal ruled that the regime was not compliant with the European Convention on Human Rights prior to its public avowal, but (subject to…
Content Type: Long Read
Privacy International’s case on Bulk Personal Datasets and Bulk Communications Data comes to a head with a four-day hearing in the Investigatory Powers Tribunal which commenced on 26 July 2016.
The litigation has brought to light significant revelations about the use of section 94 of the 1984 Telecommunications Act to obtain bulk communications data.
Large amounts of disclosure have shed new light on this hitherto secret power and explained confusing aspects of the Government’s Response to…
Content Type: Press release
Tomorrow, Privacy International and Open Rights Group will argue that wholesale and indiscriminate retention of our personal data is not permissible. The case, brought by MPs Tom Watson and David Davis against the Data Retention and Investigatory Powers Act 2014 (DRIPA), and in which PI intervened, will be heard in the European Court of Justice (CJEU) on 12 April. It has the potential to send shockwaves through the Investigatory Powers Bill, the controversial…