Search
Content type: Report
A video presentation of the finding of this report can be found here, as presented at 35th Chaos Computer Congress (35C3)
Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet. In this report, Privacy International illustrates what this data sharing looks like in practice, particularly for people who do not have a Facebook account.…
Content type: Examples
In 2018, the UK Information Commissioner's Office fined Emma's Diary, a site offering pregnancy and childcare advice owned by Lifecycle Marketing (Mother and Baby) Ltd, £140,000 for collecting and selling personal information belonging to more than 1 million people without disclosing in the site's privacy policy how it would be used. Although Lifecycle denied the allegations, the ICO found that the company sold the data to Experian Marketing Services to build into profiles for use by the…
Content type: Examples
In the months leading up to the US 2018 midterm elections, Republican officials in Georgia, Texas, and North Carolina made moves they described as ensuring voting integrity but which critics saw as blocking voter access. In Georgia, where Secretary of State Brian Kemp is charged with enforcing election law and was simultaneously running for governor, election officials blocked 53,000 applications to register, 70% of which are those of African-Americans, under a law requiring personal…
Content type: Examples
In 2018 genetic testing companies such as Ancestry and 23andMe agreed on guidelines for sharing users' DNA data and handling police requests. The guidelines, which include easy-to-read privacy policies, were inspired by two incidents: one in which local investigators used the GEDmatch DNA comparison service to identify a suspect in the Golden State Killer case, and the other 23andMe's announcement that in return for a $300 million investment it would grant GlaxoSmithKline access to "de-…
Content type: Advocacy
Since 2014 the Indonesian Ministry of Communication and Informatics (MOCI) has been proposing that the Parliament passes a comprehensive data protection law. A first draft data protection law was issued by the Government for public comment in 2015 but no progress was made, and then in early 2018, the Indonesian Government issued a new draft personal data protection law.
While these renewed efforts have positive intentions, a number of concerns ought to be addressed with the aim of…
Content type: Advocacy
In September 2018, the National Executive sent the proposed Data Protection Bill to the National Congress. The proposed law was directed to the Senate and it will be considered by two commissions: the Commission of Constitutional Affairs (Comision de Asuntos Constitucionales) and the Commission of Rights and Guarantees (Comision de Derechos y Garantías).
Privacy International welcomes the continued efforts by Argentina to provide protections for the right to privacy, already enshrined in the…
Content type: Examples
Although the US rejected a "National Data Center" approach in 1966, eventually instead passing the 1974 Privacy Act, in 2018 the House of Representatives proposed a national database of all 40 million recipients of benefits under the Supplemental Nutrition Assistance Program (SNAP, formerly known as "food stamps"). The proposed legislation assigned the creation of the database to the Department of Agriculture, with help from private vendors and would collect Social Security numbers, birthdates…
Content type: Examples
A 2016 Privacy International report on Syrian state surveillance found that between 2007 and 2012 the Assad regime spent millions of dollars on building a nationwide communications monitoring system. By 2012, this surveillance capability helped the Syrian government target and murder journalists, including American Sunday Times reporter Marie Colvin and French photographer Rémi Ochlik in 2012, both covering the war. In 2018, the Colvin family filed a video of the journalists' final moments…
Content type: News & Analysis
European leaders met last week in Brussels to discuss what is supposed to be two separate issues, the next trillion euro-plus budget and migration. In truth, no such separation exists: driven by nationalists and a political mainstream unable to offer any alternative but to implement their ideas, the next budget is in fact all about migration.
This strategy contained within the budget will get the approval of Hilary Clinton, who recently told the Guardian that ‘Europe needs to get a handle on…
Content type: News & Analysis
Over one month ago, Privacy International filed complaints concerning seven data brokers, ad-tech companies, and credit referencing agencies with data protection authorities across Europe. The companies named in the complaints are Acxiom, Criteo, Equifax, Experian, Oracle, Quantcast, and Tapad.
The submissions set out the myriad of ways in which these companies fall short of what is required by data protection laws in the European Union and called on the data protection authorities to…
Content type: Case Study
The exclusion caused by ID can have a devastating effect on people, limiting their opportunities and ability to survive.
Names have been changed.
Carolina is in a more privileged position than many other migrants, she admits that. She has a formal job, for one. She is – and has always been – in Chile legally: her previous visa has expired, and her new one is being processed. Under the law, she is permitted to stay and work in the country while this is happening. But she is finding the…
Content type: Long Read
Photo credit: Francisco Javier Argel
Questions of identification and ID, with their associated privacy risks, are only increasing. There are multiple dimensions to understanding the impact of ID and identification; a key one is to understand how it can exclude. This is why Privacy International is conducting research to explore this important and underreported aspect.
Read our case studies: Carolina and Iliana.
In the identity discourse, identity is often closely linked to themes of “…
Content type: Advocacy
Image source
The EU extensively bolsters the surveillance and border control capabilities of governments around the world – and is set to dramatically increase such support. Below, we look at how some of these existing funds are being used, how their proposed expansion will undermine people’s privacy around the world for decades to come, and what needs to be done about it.
Migration has dominated the recent EU agenda and will once again be central during this week’s European Council meeting…
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: News & Analysis
Photo Credit: Marion S. Trikosko
This month, the World Bank's Identity for Development (ID4D) initiative is launching its inaugural "Mission Billion Challenge", a competition designed to promote innovation in the identity space with the inaugural question: "How can digital identification systems in developing countries be designed to protect people’s privacy and provide them with greater control over their personal data?” But make no mistake: introducing "privacy by design" does…
Content type: Advocacy
Consumers benefit from the existence of competitive markets, in which they can freely choose among a wide range of products and services. Competition policy plays an important role in this regard by ensuring that competition is not disrupted in a way that can harm consumers directly (e.g. leading to price increases or less choice) or indirectly (e.g. weakening competition as a process by hampering the ability of firms to compete on the merits).
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: News & Analysis
Profiling and Automated Decision Making: Is Artificial Intelligence Violating Your Right to Privacy?
Image source creative commons.
The below piece was originally posted on the UNRISD site here.
How AI is affecting our human rights
Artificial Intelligence (AI) is part of our daily lives. Its many applications inform almost all sectors of society: from the way we interact on social media, to the way traffic flows are managed in cities; from access to credit and to social services, to the functioning of our ever expanding number of devices connected to the internet.
AI is affecting our human…
Content type: Press release
Consumer groups, NGOs and industry call jointly for the Council of the EU to advance ePrivacy reform
On Monday 3 December, a coalition of more than 30 consumer groups, NGOs and industry representatives sent a letter to EU Ministers and the Council of the EU calling for the conclusion of the negotiations on the reform of the ePrivacy legislation.
The letter was sent prior to yesterday's (4 December) meeting in the TTE Council, with signatories sharing concerns over the slow progress of the negotiations in the Council of the EU despite the repeated scandals that demonstrate the clear and…
Content type: Long Read
As our four year battle against the UK government’s extraordinarily broad and intrusive hacking powers goes to the Supreme Court, we are launching a new fundraising appeal in partnership with CrowdJustice.
We are seeking to raise £5k towards our costs and need your help. If we lose, the court may order us to pay for the government’s very expensive army of lawyers. Any donation you make, large or small, will help us both pursue this important case and protect the future ability of…
Content type: Examples
Following the 9/11 attacks in 2001, the New York City Police Department installed thousands of CCTV cameras and by 2008 in partnership with Microsoft had built the Lower Manhattan Security Coordination Center to consolidate its video surveillance operations into a single command centre that also incorporated other sensors such as licence plate readers and radiation detectors. In 2010 as part of its Domain Awareness System, the NYPD began integrating cutting-edge video analytics software into…
Content type: News & Analysis
We found this here.
The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is being tested across Europe. The first GDPR privacy case in Romania began with an investigation that was published on November 5 about a corruption scandal involving a politician and his close relationships to a company being investigated for fraud. The Romanian data protection authority (ANSPDCP) sent a series of questions to the journalists who authored the article and asked for…
Content type: Advocacy
Privacy International, European Digital Rights, and the Association for Technology and Internet (ApTI) together with 15 other digital rights organisations sent a letter on Monday 21 November 2018, to the European Data Protection Board (EDPB), with copies to the Romanian Data Protection Authority (ANSPDCP), and the European Commission, asking for the General Data Protection Regulation (GDPR) not to be misused in order to threaten media freedom in Romania.
Shortly after a journalistic…
Content type: News & Analysis
Data sharing among states is gaining prominence, particularly in light of the need to coordinate counter-terrorism activities across borders. The President of the European Commission put it in stark terms just a couple of months ago: “Terrorists know no borders. We cannot allow ourselves to become unwitting accomplices because of our inability to cooperate.” And several UN Security Council resolutions have emphasized the need for international cooperation in counter-terrorism.
Privacy…
Content type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: Long Read
It’s 15:10 pm on April 18, 2018. I’m in the Privacy International office, reading a news story on the use of facial recognition in Thailand. On April 20, at 21:10, I clicked on a CNN Money Exclusive on my phone. At 11:45 on May 11, 2018, I read a story on USA Today about Facebook knowing when teen users are feeling insecure.
How do I know all of this? Because I asked an advertising company called Quantcast for all of the data they have about me.
Most people will have never heard of…
Content type: News & Analysis
Privacy International notes a recent ruling issued by Italy’s Supreme Court (Corte di Cassazione) that addresses the need to limit government hacking powers for surveillance purposes and articulates required safeguards when hacking is conducted as part of a criminal investigation.
The ruling addresses the appeals of several individuals involved in a case of corruption; the appeals challenge irregularities in the collection of data as part of the criminal investigation, which resulted in the…
Content type: Examples
In 2010, Quantcast and Clearspring agreed to settle class action lawsuits brought against them over their use of Flash cookies. Flash cookies are "Local Storage Objects" stored by Adobe's Flash player plug-in; unaffected by browser privacy settings, they can respawn HTTP cookies after a user finds and deletes them. The lawsuits cited the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, the Video Privacy Protection Act, and state laws, although it was not clear that the…