Search
Content type: News & Analysis
Today, the CNIL announced fines of €100 million and €35 million for Gooogle and Amazon, respectively, for breaches of the French Data Protection Act.
The fines resulted from two separate investigations carried out by CNIL in relation to the use of cookies on the French websites of Google and Amazon.
The decision against Google
While it seems to be broadly stated that the CNIL fined Google €100 million, a more accurate statement is that the CNIL fined Google LLC (the parent company of Google’…
Content type: News & Analysis
The “EU Trust Fund for Stability and Addressing Root Causes of Irregular Migration and Displaced Persons in Africa” (EUTF for Africa) isn’t exactly headline news (and nor does it exactly roll off the tongue), but its influence is vast and will be felt for decades to come for millions of people across Africa.
Set up in the wake of the 2015 ‘migration crisis’ in Europe and largely made up of money earmarked for development aid (80% of its budget comes from development and humanitarian aid funds…
Content type: News & Analysis
Le « Fonds fiduciaire d’urgence de l’Union européenne en faveur de la stabilité et de la lutte contre les causes profondes de la migration irrégulière et du phénomène des personnes déplacées en Afrique » (le « fonds fiduciaire pour l’Afrique ») ne fait pas les grands titres (et il est plutôt difficile à retenir), mais son influence est vaste et aura des conséquences pendant plusieurs décennies sur la vie de millions de personnes sur le continent africain.
Mis en place suite à la « crise…
Content type: Long Read
Tucked away in a discrete side street in Hungary’s capital, the European Union Agency for Law Enforcement Training (CEPOL) has since 2006 operated as an official EU agency responsible for developing, implementing, and coordinating training for law enforcement officials from across EU and non-EU countries.
Providing training to some 29,000 officials in 2018 alone, it has seen its budget rocket from €5 million in 2006 to over €9.3 million in 2019, and offers courses in everything from…
Content type: Examples
By the end of its first three weeks of availability, the French contact tracing app, “StopCovid”, had seen 1.9 million downloads. Of these, only 68 people had entered a positive COVID-19 test result, and only 14 were notified that they might have been exposed, according to the French junior minister for digital affairs, Cédric O. He attributed the app’s uninstallation by 460,000 people to a “decline in concern” about the epidemic in France.
https://www.politico.eu/article/french-contact-…
Content type: Examples
A new requirement to wear wear masks in public in order to curb the spread of the coronavirus poses a problem in France and Belgium, where laws prohibit wearing face coverings, with health as the only allowed exception.
In France, where the law was passed in 2010, between 2011 and 2017 1,830 Muslim women were fined for wearing veils and 145 were warned. The law does not state how to distinguish when face coverings are worn for health reasons rather than religious belief.
This leaves…
Content type: Examples
France has been testing AI tools with security cameras supplied by the French technology company Datakalab in the Paris Metro system and buses in Cannes to detect the percentage of passengers who are wearing face masks. The system does not store or disseminate images and is intended to help authorities anticipate future oubreaks.
https://www.theguardian.com/world/2020/jun/18/coronavirus-mass-surveillance-could-be-here-to-stay-tracking
Writer: Oliver Holmes, Justin McCurry, and Michael Safi…
Content type: Long Read
Q&A: EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy
Content type: Press release
By treating everyone as a suspect, the bulk data collection or retention regimes engage European fundamental rights to privacy, data protection, freedom of expression, as guaranteed respectively by Articles 7, 8, and 11 of the EU Charter of Fundamental Rights.
Caroline Wilson Palow, Legal Director of Privacy International, said:
"Today’s judgment reinforces the rule of law in the EU. In these turbulent times, it serves as a reminder that no government should be above the law. Democratic…
Content type: Examples
The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their contacts, not just those who had been in recent proximity, and the privacy policy was insufficiently specific about the categories of data that were being processed and its recipients. Finally, the…
Content type: Examples
All migrants arriving in the UK since June have been ordered to quarantine, but a Border Force source said that little is being done to ensure the rules are followed and some in emergency accommodation are being given vouchers to go to the shops.
Thousands of British tourists returning from France are now being forced to self-isolate for 14 days whilst those it is understood that some of those crossing the Channel on small boats migrants are still going shopping for food.
The Home Office…
Content type: News & Analysis
In the last few weeks, the UK government has announced various new measures to ensure that crossings across the Channel were “inviable” including by appointing a new role of “clandestine Channel threat commander" and further plans to deploy the navy to stop migrants from crossing to the UK from France across the Channel. Premature plans it seems, as not only would such measures be contrary to the UK’s international obligations to allow individuals to seek asylum in the UK, but also since such…
Content type: Explainer
In the name of reinforcing migration control and increasing security, the EU is introducing a host of new surveillance measures aimed at short-term visitors to the Schengen area. New tools and technologies being introduced as part of the visa application process and the incoming “travel authorisation” requirement include automated profiling systems, a ‘pre-crime’ watchlist, and the automated cross-checking of numerous national, European and international databases. There are significant risks…
Content type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content type: Examples
The Manchester-based cybersecurity company VST Enterprises is working a digital health company Circle Pass Enterprises to create the “Covi-pass” digital health passport intended to allow holders to work and travel safely. The Covi-pass uses a colour system of red, green, and amber to indicate whether the holder has tested positive or negative for the coronavirus, and holds other key information such as name, address, and age, plus a biometric. Despite the challenge of sourcing enough…
Content type: Examples
La Quadrature du Net and La Ligue des Droits de l’Homme have won a ruling from the Conseil d’État, France’s highest administration court, making drones equipped with cameras and flying low enough to detect individuals by their clothing or a distinctive sign illegal. During the lockdown, French police having been using hundreds of drones to monitor and capture images of people in the stret who may not be respecting the lockdown rules, as well as to broadcast audio sanitation instructions.…
Content type: Examples
By the end of March 2021 Eurostar will roll out a facial verification system in which passengers will send a scan of their passport and a selfie so that when boarding they can prove their identity by walking through a camera-lined “biometric” corridor instead of presenting their documents. The Department for Transport is funding the system as part of a £9.4 million competition to revolutionise rail travel and is being developed by the British company iProov in partnership with Eurostar and the…
Content type: Examples
The lives of residents in French and Scottish nursing homes have been put in danger by the homes’ use of Dahua and Hikvision fever scanning cameras. The homes are violating ISO standards for such cameras: they have been incorrectly installed in front of large windowed doors, the staff are not given sufficient time to acclimate after coming in from outdoors, and the cameras deliver incorrect readings when the forehead is obscured by hair or a hat.
https://ipvm.com/reports/hikua-nursing
Writer:…
Content type: News & Analysis
In September 2019, PI published the report Your Mental Health for Sale. Our investigation looked into popular mental health websites and their data sharing practices.
Our findings suggest that, at the time of the research, most websites we looked at were using third party tracking for advertising purposes, sometimes relying on programmatic advertising technologies such as Real Time Bidding (RTB), sharing personal data with potentially thousands of actors. Some websites were also found sharing…
Content type: Examples
As part of their preparations to ease the lockdown, French authorities have added AI tools into the CCTV cameras in the Paris Metro to detect the number of passengers who are wearing face masks. The system is also being used in outdoor markets and buses in Cannes. Although it is mandatory to wear a mask on public transport in France, the software won't be used to identify, rebuke, or fine people, and the system has not proved as contentious as contact tracing. The data protection regulator CNIL…
Content type: Examples
France, like the UK, opted to develop its own contact tracing app. "StopCovid", using a centralised design developed by the Pan-European Privacy-Preserving Proxity Tracing (PEPP-PT) group, which created a framework called ROBust and the privacy-presERving proximity Tracing protocol (ROBERT). French ministers have defended the decision to choose ROBERT rather than the decentralised options, DP3T or Apple's and Google's jointly developed API, saying that the app is not intended to monitor…
Content type: News & Analysis
On June 9th, in light of the global debate against racial injustices, the company IBM announced they would stop selling facial recognition. In a letter to the US congress, they demanded a “national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies.”
It is worth noting first of all that it is not entirely clear that IBM is actually stopping facial recognition. The letter states that "IBM no longer offers general purpose IBM facial…
Content type: Examples
As part of a survey of the human rights compliance of contact tracing apps Amnesty International's Security Lab discovered that security vulnerabilities in Qatar's mandatory contact tracing app, EHTERAZ, would have allowed attackers to access the personal information, including name, national ID, health status, and location data, of the app's more than 1 million users because the central server did not have security measures in place to protect the data. The authorities fixed the problem within…
Content type: Examples
The lower house of the French parliament paved the way for the launch of the government's independently-developed contact tracing app. The minister in charge, technology minister Cedric O, praised the app, developed by companies such as Orange and Dassault Systemes, as a French project "with the excellence but also the panache and some would say the stubbornness which characterises our country". O added that although 22 other countries have opted to use the Google/Apple platform, it was not a…
Content type: News & Analysis
GDPR was hard won. PI, together with other civil society actors, fought from the beginning for a version of the law that offers the strongest rights and protections in the face of intense industry lobbying.
Holding the hidden data ecosystem to account
Two years ago, we committed to using GDPR to seek to hold to account the hidden data ecosystem - those companies that amass and exploit large amounts of our data for profit.
Here’s some of the action we’ve taken:
In Nov 2018,…
Content type: Examples
The French government asked Apple to change the way its phones handle Bluetooth in order to accommodate the design of its contact tracing app. Downloading and installing the app will be voluntary, but the app will use a centralised design in which the data will be fed into a government server for processing.
Source: https://www.zdnet.com/article/france-asks-apple-to-relax-iphone-security-for-coronavirus-tracking-app-development/
Writer: Charlie Osborne
Publication: ZDNet
Content type: Long Read
Covid Apps are on their way to a phone near you. Is it another case of tech-solutionism or a key tool in our healthcare response to the pandemic? It’s fair to say that nobody quite knows just yet.
We’ve been tracking these apps since the early days. We’ve been monitoring Apple and Google closely, have been involved in the UK’s app process, our partners in Chile and Peru have been tracking their governments’ apps, and more.
Of course privacy concerns arise. But only a simplistic analysis would…
Content type: Explainer
In a scramble to track, and thereby stem the flow of new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to leverage the metadata held by mobile service providers (telecommunications companies - "Telcos" - such as Hutchison 3 (Also known as Three), Telefonica (Also known as O2), Vodafone, and Orange) in order to track the movements of a population, as seen in Italy, Germany and Austria, and with the European Commission…
Content type: Examples
With more than 71,000 Serbian citizens returning to the country, primarily from Germany, Austria, Italy, and France, the government has introduced systems to ensure they obey the country's self-isolation rules. The government monitors telephone numbers, especially Italian ones, and pays special attention to communities with a large influx of people from elsewhere.
https://advox.globalvoices.org/2020/03/30/covid-19-pandemic-adversely-affects-digital-rights-in-the-balkans/#
Source: https…