Search
Content type: Long Read
Like millions of other people, you use messaging apps, social media, share, read and watch content on your phone or computer. If that’s the case then hundreds of AdTech companies collect and exchange your data every single day. AdTech, a short form of advertisement technology, is a catch-all term that describes tools and services that connect advertisers with target audiences and publishers. It’s also a multi-billion-dollar industry that is facing investigations by Data Protection Authorities…
Content type: Examples
In November 2018, a report by the consultancy Privacy Company, on behalf of the Dutch Ministry of Justice, found that Microsoft could be breaking European data collection rules because its Office software was collecting large amounts of personal data including email subject lines and snippets of content typed into emails or Word. The data was originally transmitted to the US, but in an effort to comply with GDPR Microsoft had switched to storing the data in Europe. The Dutch government was…
Content type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content type: Long Read
Image Source: "Voting Key" by CreditDebitPro is licensed under CC BY 2.0
Democratic society is under threat from a range of players exploiting our data in ways which are often hidden and unaccountable. These actors are manifold: traditional political parties (from the whole political spectrum), organisations or individuals pushing particular political agendas, foreign actors aiming at interfering with national democratic processes, and the industries that provide products that …
Content type: Advocacy
In December 2018, PI responded to the UK Information Commissioner's (ICO) Call for Views on a Code of Practice for the use of personal information in political campaigns.
The consultation followed on from the ICO's policy report Democracy Disrupted?, published in July 2018, which recommended that the Government should legislate at the earliest opportunity to introduce a statutory Code of Practice under the Data Protection Act 2018 for the use of personal information in campaigns.…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: News & Analysis
We found this image here.
Today, a panel of competition experts, headed by Professor Jason Furman, the former chief economic adviser of in the Obama administration, confirmed that tech giants, like Facebook, Amazon, Google, Apple and Microsoft, do not face enough competition.
Significantly, the report finds that control over personal data by tech giants is one of the main causes preventing competition and ultimately innovation.
Privacy International's research has shown clear examples of…
Content type: News & Analysis
At the beginning of November 2018, the first GDPR-related privacy and freedom of expression case arose in Romania in connection to the publication by the RISE Project of several articles about a corruption investigation. The articles reported a close relationship between a road construction company that is currently under investigation for fraud, European funds, and a high-profile politician.
Shortly after the first article was published, the Romanian data protection authority (“ANSPDCP”) sent…
Content type: News & Analysis
Dear will.i.am,
We saw your piece in the Economist and were very excited to learn that you care about privacy as much as we do. At PI we expose government and corporate bad behaviours, we disrupt their plans, and identify a hopeful path forward.
That’s why we very much agree with you that people need much more protection, transparency and control over their personal data. Cheers for: “I want to have it clearly explained in plain language who has access to my camera, to my photos, who’s…
Content type: News & Analysis
Over one month ago, Privacy International filed complaints concerning seven data brokers, ad-tech companies, and credit referencing agencies with data protection authorities across Europe. The companies named in the complaints are Acxiom, Criteo, Equifax, Experian, Oracle, Quantcast, and Tapad.
The submissions set out the myriad of ways in which these companies fall short of what is required by data protection laws in the European Union and called on the data protection authorities to…
Content type: News & Analysis
We found this here.
The European Union’s new privacy law, the General Data Protection Regulation, or GDPR, is being tested across Europe. The first GDPR privacy case in Romania began with an investigation that was published on November 5 about a corruption scandal involving a politician and his close relationships to a company being investigated for fraud. The Romanian data protection authority (ANSPDCP) sent a series of questions to the journalists who authored the article and asked for…
Content type: Advocacy
Privacy International, European Digital Rights, and the Association for Technology and Internet (ApTI) together with 15 other digital rights organisations sent a letter on Monday 21 November 2018, to the European Data Protection Board (EDPB), with copies to the Romanian Data Protection Authority (ANSPDCP), and the European Commission, asking for the General Data Protection Regulation (GDPR) not to be misused in order to threaten media freedom in Romania.
Shortly after a journalistic…
Content type: News & Analysis
Email addresses
Acxiom: [email protected]
Criteo: [email protected]
Equifax: [email protected]
Experian: [email protected]
Oracle: https://oracle.ethicspointvp.com/custom/oracle/dp/en/form_data.asp
Quantcast: [email protected] cc: [email protected]
Tapad: [email protected]
Letter for Acxiom and Oracle
subject line: Right to Erasure Request
I am concerned your company exploits my data.
In accordance with my right[s] under the General Data…
Content type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content type: Long Read
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content type: News & Analysis
Today, the Transatlantic Consumer Dialogue (TACD) sent a letter to the CEO of Facebook, Mark Zuckerberg, urging Facebook to adopt the General Data Protection Regulation (GDPR) as a baseline standard, not just for EU consumers as it is required, but for all Facebook services.
The letter comes ahead of Facebook Chief Executive Officer, Mark Zuckerberg’s, appearance before congressional committee over Cambridge Analytica’s misuse of customer data to interfere in the U.S. presidential election.…
Content type: Long Read
We found the image here.
When we browse the internet, go to work, drive down the street, go shopping, interact with institutions, or simply move through the city, data is collected about us.
Advanced profiling technologies answer questions we did not raise. They generate knowledge we did not anticipate, but are eager to apply. As knowledge is power, profiling changes the power relationships between the profilers and the profiled.
In a world where everything we do becomes more and more…
Content type: Report
In contrast to automated decision-making, profiling is a relatively novel concept in European data protection law. It is now explicitly defined in Article 4(4) of the EU General Data Protection Regulation (GDPR), and refers to the automated processing of data (personal and not) to derive, infer, predict or evaluate information about an individual (or group), in particular to analyse or predict an individual’s identity, their attributes, interests or behaviour.
Through profiling, highly…
Content type: Advocacy
Privacy International's briefing on the UK's Data Protection Bill for the second reading in the House of Commons.
Content type: News & Analysis
This post was written by Chair Emeritus of PI’s Board of Trustees, Anna Fielder.
The UK Data Protection Bill is currently making its way through the genteel debates of the House of Lords. We at Privacy International welcome its stated intent to provide a holistic regime for the protection of personal information and to set the “gold standard on data protection”. To make that promise a reality, one of the commitments in this government’s ‘statement of intent’ was to enhance…
Content type: Advocacy
Privacy International's comments to the Article 29 Working Party Guidelines on automated individual decision-making and profiling are here.
Content type: Advocacy
This briefing consolidates Privacy International's concerns on the UK Data Protection Bill as it reached Report Stage in the House of Lords.
Content type: News & Analysis
This piece was written by PI Legal Office Millie Graham Wood.
“The UK is leading the way on modern data protection laws and we have worked closely with our EU partners to develop world leading data protection standards”[1] according to, Matt Hancock MP, Minister of State for Digital. However, the proposals in the UK Data Protection Bill continue and expand a highly secretive system which allows processing of personal data to be exempt from key safeguards and fundamental protections on…
Content type: Advocacy
Privacy International welcomes the willingness of the UK government to implement the EU General Data Protection Regulation (GDPR), which provides stronger standards of protection of personal data to those contained in the EU Directive 1995, whose provisions were implemented in the Data Protection Act 1998. Improved rights and enforcement measures will generate greater trust and therefore greater engagement in the digital environment, which will in turn benefit the economy. …