Producing real change: key highlights of our 2024 results

In 2024, Privacy International continued to produce real change by challenging governments and corporations that use data and technology to exploit us.

Since the beginning of the year, we’ve achieved some big wins and would like to share them with you.

Take a look below for a quick overview of the results we produced or contributed towards, by season.

Winter & Spring 2024

New EU regulation empowers consumers

On 17 January 2024, the European Parliament adopted the Directive on empowering consumers for the green transition. As a result of our advocacy the Directive reflects our demands, including that consumers will have information about the minimum period during which devices should receive security updates, accessible through a harmonised label.

What this means in short: Phones will be kept updated and secure for longer, meaning less tech gets thrown away, contributing to a more sustainable future.

Amazon and iRobot forced to terminate their merger

On 29 January 2024 Amazon terminated their plans to acquire iRobot. That decision came after the European Commission’s initiated a Phase II in-depth investigation and published its Statement of Objections pointing to potential harms of the merger onto competitors and consumers. We contributed to this result by making submissions the UK competition regulator and the European Commission. PI also obtained a ‘third person interest’ status in the review of the merger by the EC.

What this means in short: Big Tech companies are acquiring smaller companies to obtain market dominance - and also collect more data about you. This win shows Big Tech’s power can be constrained, and together we can stop this practice.

Russia’s law on access to encrypted communication violates human rights

On 13 February 2024, the European Court of Human Rights issued its judgment in the case of PODCHASOV v. RUSSIA. The Court ruled that “legislation providing for the retention of all Internet communications of all users, the security services’ direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society”. PI intervened in the case by providing a technical and legal analysis of encryption and its key role in the protection of human rights. The Court’s reasoning relies on and cites PI’s submissions. (Listen to our podcast about this fascinating case.)

What this means in short: Governments are always trying to undermine our abilities to use strong and secure encryption – and Europe’s court pushed back, setting an example for other courts across the world.

The Inter-American Court of Human Rights holds Colombia accountable for violating the right to defend human rights

In March 2024, the Inter-American Court of Human Rights issued a historic judgment declaring that the Republic of Colombia is responsible for human rights violations against several members of the Colectivo de Abogados y Abogadas José Alvear Restrepo (CAJAR) and their relatives.

This decision marks the first acknowledgment within the inter-American context of a state’s international responsibility for violating the right of people to defend human rights. This violation, according to the Court, was committed through secretive and unlawful intelligence activities, among other methods. The Court reflected in its judgment the positions presented in our intervention, alongside other organisations, represented by the International Human Rights Law Clinic at the University of California, Berkeley, in the case.

What this means in short: This decision challenged state surveillance of human rights defenders in Colombia, and won, helping them to do their vital work without fear of being unlawfully surveilled.

Regulator and Courts condemn UK’s GPS tagging of migrants

In the span of three months, following our interventions and complaints, two UK courts and one regulatory authority handed down rulings on the UK’s GPS tagging of migrants, dealing serious blows to the legality of the policy:

• On 1 March 2024, the UK privacy regulator, the ICO, issued its decision on our complaint against the UK Home Office’s GPS tagging of migrants. The regulator found that the Home Office’s pilot of GPS electronic monitoring of migrants breached UK data protection law. The ICO also issued an enforcement notice and a warning to the Home Office for failing to sufficiently assess the privacy risks posed by the electronic monitoring of people arriving in the UK via unauthorised means.
• On 12 March 2024, the High Court of England and Wales handed down the first court judgment on the GPS tagging of migrants, in which PI filed witness evidence.
  The court found that the Home Office had been unlawfully tracking the Claimant, Mark Nelson, with a GPS ankle tag for over a year. Having to wear a broken device was found to be a disproportionate interference with his right to private and family life.
• On 15 May 2024, a London Administrative Court handed down its judgment in the case of ADL & Ors v Secretary of State for the Home Department. The case was brought by four people without British citizenship who had GPS tagging conditions imposed on them upon release from immigration detention at various points in 2022. The court found GPS tagging of migrants was unlawful in several respects and breached their right to private life.

Please find out more about our work systemically challenging the GPS tagging of migrants in our analytical material.

What this means in short: Regulator and courts agree with us that it’s wrong to treat migrants with such punitive and cruel tech.

UN Human Rights Committee raised concerns about a series of privacy-undermining initiatives launched by the UK government

Being party to the International Covenant on Civil and Political Rights (ICCPR), the United Kingdom regularly reports on its implementation. Ahead of the consideration of the eighth periodic report on the implementation of the ICCPR by the United Kingdom, PI submitted to the Human Rights Committee a series of key concerns in relation to: (1) GPS tracking of migrants; (2) changes to UK surveillance law (IPA 2016 amendments); (3) the then-pending Data Protection and Digital Information Bill; (4) Technical Capabilities Notices and the weakening of encryption; and (5) Facial recognition tech. As a result, the Committee raised the issues we included in our submission (with the exception of those around Technical Capabilities Notices), including concerns on the Data Protection and Digital Information Bill related to access to bank details for benefits claimants. Reflection of these concerns put additional pressure to the UK government to address existing issues.

What this means in short: UN mechanisms share our concerns with regard to privacy issues arising from the UK Government’s policies, and urge change.

Supported privacy-related legislative developments in South Africa

In a joint statement, with other civil society, we urged the South African Parliament to reject the draft General Intelligence Laws Amendment Bill 2023 (GILAB). We also submitted our comments to the Parliament. On 26 March, the National Assembly adopted the third version of GILAB incorporating many of our suggestions. A major win, aligned with our and national civil society’s requests, was the removal of the provision allowing security vetting of non-profit organisations, churches, and their personnel. Additionally, GILAB has improved its regulation of mass interception with stricter controls on data management and protections, recognising the safeguards under the Protection of Personal Information Act. Yet the Bill, now before the National Council of Provinces for consideration, still has shortcomings that need to be addressed.

What this means in short: People in South Africa will benefit from a more human-rights compliant legislation regulating state intelligence.

To be continued…