Search
Content type: News & Analysis
6th February 2020
On 30 January 2020, Kenya’s High Court handed down its judgment on the validity of the implementation of the National Integrated Identity Management System (NIIMS), known as the Huduma Namba. Privacy International submitted an expert witness testimony in the case. We await the final text of the judgment, but the summaries presented by the judges in Court outline the key findings of the Court. Whilst there is much there that is disappointing, the Court found that the implementation of NIIMS…
Content type: Long Read
24th February 2020
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content type: Impact Case Study
2nd May 2018
What happened
As we traveled the world we saw alarming use and spread of surveillance capabilities. From country to country we saw the same policy ideas, and the same kit. The role of industry to the growth of surveillance capability had never been exposed before.
What we did
In 1996 we published the first ‘Big Brother Incorporated’ study, identifying the vast numbers of technology firms who were investing in surveillance technologies. We were particularly surprised by the rise of German…
Content type: Impact Case Study
2nd May 2018
The right to privacy had previously been side-lined and largely unaddressed within the UN human rights monitoring mechanisms, despite being upheld as a fundamental human right in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights (ICCPR). Beyond the ICCPR General Comment No.16: Article 17 (Right to Privacy) in 1988 and the 2010 report of the UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while…
Content type: Impact Case Study
2nd May 2018
What happened
Strong and effective data protection law is a necessary safeguard against industry and governments' quest to exploit our data. A once-in-a-generation moment arose to reform the global standard on data protection law when the European Union decided to create a new legal regime. PI had to fight to ensure it wasn't a moment where governments and industry would collude to reduce protections.
In January 2012, the European Commission published a proposal to comprehensively reform the…
Content type: Long Read
14th September 2018
Yesterday, the European Court of Human Rights issued its judgement in Big Brother Watch & Others V. the UK. Below, we answer some of the main questions relating to the case.
What's the ruling all about?
In a nutshell, one of the world's most important courts, the European Court of Human Rights, yesterday found that certain UK laws about how intelligence agencies can spy on our internet communications breach our human rights. These surveillance laws have meant that the UK intelligence…
Content type: Advocacy
14th August 2018
We welcome the effort by the Pakistani Ministry of Information Technology and Telecommunications to regulate the processing of personal data in Pakistan, and take measures to guarantee the right to privacy as guaranteed under Article 14(1) of the Constitution: “[t]he dignity of man and, subject to law, the privacy of home, shall be inviolable.”
This legislative development is crucial and timely as Pakistan continues to embrace innovative governance initiatives and deploy data-intensive systems…
Content type: News & Analysis
3rd March 2020
This piece was originally published by Unwanted Witness here.
Today marks exactly one year since Uganda passed its data protection law, becoming the first East African country to recognize privacy as a fundamental human right, as enshrined in Art 27 of the 1995 Uganda Constitution as well as in regional and International laws.
The Data Protection and Privacy Act, 2019 aims to protect individuals and their personal data by regulating processing of personal information by state and non-state…
Content type: Long Read
9th September 2019
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content type: News & Analysis
26th June 2020
At a time where the mass surveillance of protests has been at the forefront, the UN High Commissioner for Human Rights released a timely report on the impact of new technologies on the promotion and protection of human rights in the context of assemblies, including peaceful protests.
The new report highlights the strong ties between protest and privacy and warns that “…the use of some such technologies to surveil or crack down on protesters can lead to human rights violations, including…
Content type: Report
6th February 2020
The changes discussed in this article are based on a second analysis performed in late November, 3 months after the original study Your Mental Health is for Sale and following the exact same methodology. All data collected can be found at the bottom of this page.
Change is possible
Back in September 2019 we published the report Your Mental Health is for Sale exposing how a majority of the top websites related to mental health in France, Germany and the UK share data for advertising purposes.…
Content type: Long Read
24th February 2020
Background
Kenya’s National Integrated Identity Management Scheme (NIIMS) is a biometric database of the Kenyan population, that will eventually be used to give every person in the country a unique “Huduma Namba” for accessing services. This system has the aim of being the “single point of truth”, a biometric population register of every citizen and resident in the country, that then links to multiple databases across government and, potentially, the private sector.
NIIMS was introduced as…
Content type: Impact Case Study
2nd May 2018
What happened
PI and our global partners have been at the forefront of challenging communications data retention for over a decade.
Communications data, also known as metadata, tells the story about your data and answers the who, when, what, and how of a specific communication and activity. Companies are supposed to delete this data when it is no longer necessary, because it can be highly revelatory about people, their habits, thoughts, health and personal relationships. Governments worldwide…
Content type: News & Analysis
5th March 2019
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we have made some impact…
Content type: News & Analysis
13th March 2020
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and launching an…
Content type: Long Read
22nd October 2019
The pressing need to fix our cybersecurity (mis)understandings
Despite all the efforts made so far by different, cybersecurity remains a disputed concept. Some states are still approving cybersecurity laws as an excuse to increase their surveillance powers. Despite cybersecurity and cybercrime being different concepts, the confusion between them and the broad application of criminal statutes is still leading to the criminalise legitimate behaviour.
All of this represents a sizable challenge…
Content type: Impact Case Study
2nd May 2018
What happened
The Clinton Administration kicked off the cypto-wars in 1993 with the Clipper Chip. The continued application of export controls restrained the deployment of strong cryptography in products at a key moment of internet history: as it began to be embedded in software and networking.
What we did
In the early phases of the crypto-wars we placed pressure on global industry to implement encryption in their products. We ran campaigns and events across the world on the need for strong…
Content type: Impact Case Study
20th December 2018
What Happened
On 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the…
Content type: Impact Case Study
2nd May 2018
What happened
Since the late 1980s governments across the world have been trying to build identity registries. By the early 1990s, there were similar policies being pursued by a number of governments across the Pacific region, with similar technologies from the same companies. In the mid-90s ID cards became a ‘modern’ policy, implementing smart cards. By 9/11 biometric IDs became the preferred solution to undefinable problems. Then came vast databases of biometrics to identify people — with…
Content type: Impact Case Study
2nd May 2018
What happened
Governments continuously seek to expand their communications surveillance powers. In the 1990s it was in the context of applying telephone surveillance laws to the internet. In the 2000s a spate of new laws arrived in response to 9/11. Expansions were then sought to monitor over-the-top services within the framing of Web 2.0. Then in the post-Snowden environment Governments rushed to legislate their previously secret powers.
What we did
We supported partners across the world by…
Content type: Long Read
15th May 2019
Details of case:
R (on the application of Privacy International) (Appellant) v Investigatory Powers Tribunal and others (Respondents)
[2019] UKSC 22
15 May 2019
The judgment
What two questions was the Supreme Court asked to answer?
Whether section 67(8) of RIPA 2000 “ousts” the supervisory jurisdiction of the High Court to quash a judgment of the Investigatory Powers Tribunal for error of law?
Whether, and, if so, in accordance with what principles, Parliament may by statute “oust”…
Content type: Impact Case Study
2nd May 2018
What happened
Under pressure to be more accountable for their use of resources, but also due to the post-9/11 push to track and identify terrorists across the world, the humanitarian and development sectors began increasingly to look to identity registration, including biometrics, and the collection and sharing of vast amounts of data on their beneficiaries.
Development funding was supporting the deployment of ID systems, and both sectors were enthralled with ‘big data’ initiatives, all done…
Content type: Impact Case Study
2nd May 2018
What happened
For too long, in the eyes of policy-makers and the market, these companies could do no wrong. We worked hard to bring down their halo. Since the 1990s, much of the industry has been pushing the boundaries of law and surveillance to advantage and abuse their own financial position. First it was within the exhuberrance of the dot-com boom, then in the second phase with the rise of search engines and portals, then within the Web 2.0 and social media craze, and now under the ‘fourth…
Content type: News & Analysis
16th September 2019
Today, the High Court of South Africa in Pretoria in a historic decision declared that bulk interception by the South African National Communications Centre is unlawful and invalid.
The judgment is a powerful rejection of years of secret and unchecked surveillance by South African authorities against millions of people - irrespective of whether they reside in South Africa.
The case was brought by two applicants, the amaBhungane Centre for Investigative Journalism and journalist Stephen…
Content type: Impact Case Study
2nd May 2018
What happened
In the aftermath of 9/11, Governments across the world rushed to legislate to expand surveillance. Governments
Moved to limit debate and reduce consultations as they legislated with speed.
Created new systems to collect data on all travellers, for the purpose of profiling and risk scoring.
Expanded identity schemes, and began demanding biometrics, particularly at borders.
Developed financial surveillance mechanisms on an unprecedented scale.
What we did
Few non-governmental…
Content type: Impact Case Study
2nd May 2018
What happened
In the 1990s privacy was often maligned as a ‘rich Westerner’s right’. We were told often that the poor didn’t need privacy, and non-Westerners had different cultural attitudes and would greet surveillance policies and technologies — often exported from the West. Global civil society was composed mostly of people like us: a few individuals with no resources but great passion. The larger and more established NGOs, such as consumer and human rights organisations were less…
Content type: Long Read
13th May 2020
This article has been written by our partner organisation InternetLab. Read this article in Portuguese here.
Over the last months, the organisation InternetLab has researched privacy, data protection, gender, and social protection, focusing on the beneficiaries of the Bolsa Familia Program (PBF). The PBF is the most extensive Brazilian cash transfer program, and its functioning is linked to CadÚnico, a database that comprises 40% of the country’s population. Moreover, it is a program whose…
Content type: Advocacy
29th January 2020
We welcome the effort by the Government of Kenya to give life to and specify the right to privacy, already enshrined in Article 31(c) and (d) of the Constitution of Kenya by proposing a draft Data Protection Act. We particularly appreciate the direct reference to this Constitutional right in the purpose of the Act and the way it is referred to on several occasions in the Act.
While these efforts have positive intentions and we are pleased that Kenya has adopted a comprehensive data protection…
Content type: News & Analysis
15th January 2020
The AG addressed two major questions:
(1) When states seek to impose obligations on electronic communications services in the name of national security, do such requirements fall within the scope of EU law?
(2) If the answer to the first question is yes, then what does EU law require of the national schemes at issue, which include: a French data retention regime, a Belgian data retention regime, and UK regime for the collection of bulk communications data?
The AG’s short answers to those…
Content type: Advocacy
19th November 2019
As any data protection lawyer and privacy activist will attest, there’s nothing like a well-designed and enforced data protection law to keep the totalitarian tendencies of modern Big Brother in check.
While the EU’s data protection rules aren’t perfect, they at least provide some limits over how far EU bodies, governments and corporations can go when they decide to spy on people.
This is something the bloc’s border control agency, Frontex, learned recently after coming up with a plan to…