Search
Content type: Long Read
If you’ve ever used TikTok, Instagram, or X/Twitter, you will already be familiar with centralised social media.Centralised social media means big company owns the app, controls the software, and keeps all your data.For example, ByteDance makes TikTok. They own it, run the servers, decide what you see in your feed, and hold onto every video you like or comment on. They call the shots when it comes to your data.But what if social media didn’t work that way? What if no single company was in…
Content type: Long Read
IntroductionIn early October this year, Google announced its AI Overviews would now have ads. AI companies have been exploring ways to monetise their AI tools to compensate for their eye watering costs, and advertising seems to be a part of many of these plans. Microsoft have even rolled out an entire Advertising API for its AI chat tools.As AI becomes a focal point of consumer tech, the next host of the AdTech expansion regime could well be the most popular of these AI tools: AI chatbots.…
Content type: News & Analysis
Is the AI hype fading? Consumer products with AI assistant are disappointing across the board, Tech CEOs are struggling to give examples of use cases to justify spending billions into Graphics Processing Units (GPUs) and models training. Meanwhile, data protection concerns are still a far cry from having been addressed.
Yet, the believers remain. OpenAI's presentation of ChatGPT was reminiscent of the movie Her (with Scarlett Johannsen's voice even being replicated a la the movie), Google…
Content type: Long Read
Why does this decision matter?
Our complaint against Criteo formed part of a larger set of coordinated complaints we filed in 2018 against 7 data brokers (Acxiom, Oracle), AdTech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France (CNIL), Ireland, (DPC) and the UK (ICO). The EU General Data Protection Regulation (GDPR) had recently come into force, and the AdTech industry was (and still is) a prime affront to the…
Content type: Press release
La CNIL a aujourd'hui prononcé une sévère sanction contre Criteo, une des plus grandes sociétés françaises de pistage et publicité en ligne. Le montant de l'amende a été réduit de 60 à 40 millions d'euros depuis l'audience qui s'est tenue à la CNIL en Mars 2023, durant laquelle Criteo avait mis en avant son bénéfice net de 10 millions d'euros en 2022 pour plaider en faveur d'une réduction de sa peine. La CNIL semble avoir entendu ces arguments, mais a heureusement maintenu une amende…
Content type: Press release
French data regulator CNIL announced today a strong sanction against Criteo, one of the world's largest AdTech companies. Although close to the maximum GDPR fine, the amount of the fine was reduced from 60 to 40 million following a hearing at CNIL's offices in March 2023, during which Criteo pleaded for a reduced fine in light of its 10 million euros profit in 2022. CNIL seems to have acknowledged this argument but maintained a significant fine. This sanction follows a Privacy International…
Content type: Examples
Sidestepping the need to obtain a search warrant, the US Department of Homeland Security (DHS) has been accessing smartphone location data by buying it from private marketing that typically embed tracker in apps. This data, which maps the movement of millions of cellphones in America, was collected from ordinary cellphone apps, to which users gave access to their location. In this particular instance, it was used by the DHS to search for undocumented immigrants according to the Wall Street…
Content type: Case Study
Your phone is the ideal profit tool for data brokers and advertisers: it's always in your pocket and can be used both as a means of collecting information and serving you ads based on that information. But how does this data collection happen through your apps?
Most, if not all, apps on our phones use Software Development Kits (SDKs). SDKs themselves are not trackers, but they are the means through which most tracking through mobile apps occurs. These kits are provided by third parties and…
Content type: Case Study
Behind their tecchie names, AddThis and ShareThis are simple services: they allow web-developers and less tech-savvy users to integrate social networking "share" buttons on their site. While they might also offer some additional services such as analytics, these tools gained traction mostly by providing an easy and free way to integrate Facebook, Twitter and other social networks share buttons. Anyone can use any of these service and in a few clicks be provided with a plugin for their site or a…
Content type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content type: Explainer
Hello friend,
You may have found your way here because you are thinking about, or have just submitted, a Data Subject Access Request, maybe to your Facebook advertisers like we did. Or maybe you are curious to see if Policing, Inc. has your personal data.
The right to access your personal data (or access right) is just one of a number of data rights that may be found in data protection law, including the European Union's General Data Protection Regulation, better known as "GDPR", which took…
Content type: Examples
In a sharp drop from the beginning of Canada's lockdown, after two months only one in six Canadians left their home on weekends compared to one in three at the beginning. The marketing company Environics Analytics compiled the report by analysing a database of anonymised location data from 2.3 million mobile phones and looking for people who went at least 100 metres beyond their home postal code for a minimum of 30 minutes on at least one weekend day, and used demographic information tied to…
Content type: Examples
The US Centers for Disease Control and Prevention, in conjunction with local and state governments, are using location data collected by the mobile advertising industry from millions of cellphones in order to better understand how Americans are moving during the COVID-19 pandemic and how those movements affect the spread of the disease. The goal is to create a portal that federal, state, and local officials can use to study geolocation from up to 500 US cities and see which retail…
Content type: Examples
In a widely circulated animated heat map, the geospatial visualisation company Tectonix GEO in partnership with the location technology company X-Mode used the secondary locations of anonymised mobile devices that were active on a single beach in in Ft Lauderdale, FL during spring break to show how the beach-goers fanned out across the US afterwards, potentially carrying infection with them. Although the visualisation was instructive in showing how contagion spreads, it was unclear whether any…
Content type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content type: News & Analysis
Yesterday, we found out that Google has been reported to collect health data records as part of a project it has named “Project Nightingale”. In a partnership with Ascension, Google has purportedly been amassing data for about a year on patients in 21 US states in the form of lab results, doctor diagnoses and hospitalization records, among other categories, which amount to a complete health history, including patient names and dates of birth.
This comes just days after the news of Google'…
Content type: News & Analysis
On 11 October 2019, Privacy International together with EDRi, BEUC, AccessNow and Open Society European Policy Institute, sent an open letter to EU Member States, to urge them to conclude the negotiations on the ePrivacy Regulation.
The letter highlights the urgent need for a strong ePrivacy Regulation in order to tackle the problems created by the commercial surveillance business models, and expresses the deep concerns by the fact that the Member States, represented in the Council of the…
Content type: News & Analysis
On Tuesday, Twitter disclosed that it may have shared data on users with advertising partners, even if they have opted out from personalised ads, and shown people ads based on inferences made about the devices they use without permission. According to Twitter, the issue was fixed on Monday, even though it is not yet clear how many users have been affected.
This is not the first time that Twitter had to admit that it leaked user data to advertisers. In May 2019, the social…
Content type: Long Read
By Valentina Pavel, PI Mozilla-Ford Fellow, 2018-2019
Our digital environment is changing, fast. Nobody knows exactly what it’ll look like in five to ten years’ time, but we know that how we produce and share our data will change where we end up. We have to decide how to protect, enhance, and preserve our rights in a world where technology is everywhere and data is generated by every action. Key battles will be fought over who can access our data and how they may use it. It’s time to take…
Content type: Long Read
Like millions of other people, you use messaging apps, social media, share, read and watch content on your phone or computer. If that’s the case then hundreds of AdTech companies collect and exchange your data every single day. AdTech, a short form of advertisement technology, is a catch-all term that describes tools and services that connect advertisers with target audiences and publishers. It’s also a multi-billion-dollar industry that is facing investigations by Data Protection Authorities…
Content type: Examples
In 2016, researchers discovered that the personalisation built into online advertising platforms such as Facebook is making it easy to invisibly bypass anti-discrimination laws regarding housing and employment. Under the US Fair Housing Act, it would be illegal for ads to explicitly state a preference based on race, colour, religion, gender, disability, or familial status. Despite this, some policies - such as giving preference to people who already this - work to ensure that white…