Sign up to Newsletter

Search

Photo by Random Institute on Unsplash
Content type: News & Analysis

A win for Unwanted Witness: Uganda’s data protection authority finds ride sharing app unlawfully disclosed personal data to third parties

Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019. This first landmark…
person climbing ladder
Content type: Explainer

7+1 tips on how to make the most out of your DSAR

Hello friend, You may have found your way here because you are thinking about, or have just submitted, a Data Subject Access Request, maybe to your Facebook advertisers like we did. Or maybe you are curious to see if Policing, Inc. has your personal data. The right to access your personal data (or access right) is just one of a number of data rights that may be found in data protection law, including the European Union's General Data Protection Regulation, better known as "GDPR", which took…
eagle eating fish
Content type: News & Analysis

In big tech we trust: is Apple's and Google's COVID-19 reputation laundering enough to make us forget about their past?

This week, we read that a former Apple contractor who blew the whistle on the company’s programme to listen to users’ Siri recordings has decided to go public, in protest at the lack of action taken as a result of the July 2019 disclosures. The news adds to a series of revelations that have been reported over the past months. While the issue raises serious questions regarding the compatibility of such practices with data protection laws, at the same time, it highlights a wider problem that…
2nd anniversary
Content type: News & Analysis

GDPR - 2 years on

GDPR was hard won. PI, together with other civil society actors, fought from the beginning for a version of the law that offers the strongest rights and protections in the face of intense industry lobbying. Holding the hidden data ecosystem to account Two years ago, we committed to using GDPR to seek to hold to account the hidden data ecosystem - those companies that amass and exploit large amounts of our data for profit. Here’s some of the action we’ve taken: In Nov 2018,…
Man writting on paper on a desk
Content type: News & Analysis

French regulator launches investigation of Criteo following PI's complaint

Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements. Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …