Search
Content type: App Analysis
5th December 2018
This app prerequest permissions when installing from the app store, a screenshot is attached for reference
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the applicationResponse from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph…
Content type: Examples
27th June 2018
In 2012, Facebook CEO Mark Zuckerberg's sister, Randi, tweeted to fellow Twitter user Callie Schweitzer that Schweitzer had violated her privacy by posting a picture taken in her kitchen. Randi Zuckerberg, the former head of Facebook's marketing department, had posted the picture, which was taken in her kitchen and showed four people including her brother, to Facebook intending it to be viewed by Friends only. Schweitzer responded that the picture had popped up in her Facebook News Feed. Randi…
Content type: Examples
5th May 2018
In the wake of Tesla’s first recorded autopilot crash, automakers are reassessing the risk involved with rushing semi-autonomous driving technology into the hands of distractible drivers. But another aspect of autopilot—its ability to hoover up huge amounts of mapping and “fleet learning” data—is also accelerating the auto industry’s rush to add new sensors to showroom-bound vehicles. This may surprise some users: Tesla’s Terms of Use (TOU) does not explicitly state that the company will…
Content type: App Analysis
29th November 2018
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the applicationResponse from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following GET request was made:
GET https://graph.facebook.com/v3.1/97534753161?fields=…
Content type: Long Read
2nd February 2018
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
Content type: News & Analysis
2nd February 2018
The recent announcement by the Minister for Justice that serious and organised crime will receive legislative attention from the Government and the Oireachtas is most welcome. However, the stated means of achieving this are deeply concerning for the Irish public and larger digital economy. The statements indicate that the Government intends to follow the British model of surveillance where Irish companies can be compelled to betray their users. Why would any user engage with a service that…
Content type: Examples
26th September 2018
In September 2018, a software patch was found by journalists to be widely available, that disabled or weakened the security features in the software used to enroll people on the Aadhaar databse, potentially from anywhere in the world. The patch was reportedly widely-available in WhatsApp groups, available for around $35USD. The demand for individuals to access the Aadhaar databse goes back to 2010, when private entities were allowed to enroll people in the Aadhaar database, to encourage…
Content type: Advocacy
8th November 2018
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more stringent…
Content type: News & Analysis
9th January 2018
This post was written by Chair Emeritus of PI’s Board of Trustees, Anna Fielder.
The UK Data Protection Bill is currently making its way through the genteel debates of the House of Lords. We at Privacy International welcome its stated intent to provide a holistic regime for the protection of personal information and to set the “gold standard on data protection”. To make that promise a reality, one of the commitments in this government’s ‘statement of intent’ was to enhance people’s enforcement…
Content type: Long Read
27th March 2018
As we said before, Facebook and Cambridge Analytica scandals are a wake-up call for policy makers. And also a global issue. People around the world are concerned by the exploitation of their data. The current lack of transparency into how companies are using people’s data is unacceptable and needs to be addressed.
There is an entire hidden ecosystem of companies harvesting and sharing personal data. From credit scoring and insurance quotations to targeted political communication, this data is…
Content type: Long Read
14th May 2018
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content type: News & Analysis
23rd August 2018
This month Brazil adopted a new data protection law, joining the ranks of more than 120 countries which have adopted such legislation, providing individuals with rights against the exploitation of their personal data. But after a veto from the Brazilian president, the law lacks an independent authority in charge of its application, which can severely undermine its impact.
When drafting data protection bills, one of the most important and often politically contentious issue tends to be their…
Content type: Long Read
25th May 2018
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content type: Long Read
25th May 2018
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations for…
Content type: Long Read
9th August 2018
Creative Commons Photo Credit: Source
In the midst of continued widespread public outrage at the US government’s brutal ‘zero-tolerance’ policy around immigration – multiple data and analytics companies have quietly avoided answering questions about their role in feeding the US Immigration and Customs Enforcement (ICE) agency’s data backbone. These companies are bidding to work with an agency that has time and time again shown itself to be a brutal and problematic.
Privacy International has…
Content type: News & Analysis
9th October 2018
Image Source
On 10 October 2018, the US Senate Committee on Commerce, Science, and Transportation, will convene a hearing titled “Consumer Data Privacy: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act".
The Senate will hear from:
Dr. Andrea Jelinek, Chair, European Data Protection Board
Mr. Alastair Mactaggart, Board Chair, Californians for Consumer Privacy
Ms. Laura Moy, Executive Director and Adjunct Professor of Law,…
Content type: News & Analysis
8th November 2018
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: Explainer
4th May 2018
“Smart city” is a marketing term used to define the use of technology – and in particular data collection – to improve the functioning of cities. The idea behind smart cities is that the more local governments know about city inhabitants the better the services they deliver will be. However, the reality is that the term means different things to different actors from companies to governments.
The World Bank suggests two possible definitions of smart cities. The first one is “a technology-…
Content type: Long Read
27th September 2018
Written jointly by Privacy International and the American Civil Liberties Union (ACLU).
In a landmark decision earlier this month, the European Court of Human Rights ruled that one of the mass surveillance programs revealed by Edward Snowden violates the rights to privacy and freedom of expression. While the case challenges the U.K. government’s mass interception of internet traffic transiting its borders, the court’s judgment has broader implications for mass spying programs in Europe and…
Content type: Examples
8th December 2018
In September 2018, researchers discovered that websites accessed via mobile phones could access an array of device sensors, unlike apps, which request permissions for such access. The researchers found that 3,695 of the top 100,000 websites incorporate scripts that tap into one or more sensors, including Wayfair, Priceline, and Kayak. Unlike location sensors, motion, lighting, and proximity sensors have no mechanism for notifying users and requesting permission. Ad blockers were not effective…
Content type: Examples
5th May 2018
By 2015, the cost, invasiveness, and effort involved in conducting medical tests led to proposals for lightweight wearable sensors that could perform the same job. Several such efforts focus on making these sensors fashionably acceptable by making them out of skinlike substances with electronics embedded in them. A team at the University of Illinois is working on biostamps, which can be applied to the skin, include flexible circuits, and can be wirelessly powered. At the University of Tokyo, a…
Content type: News & Analysis
7th August 2018
Create Commons Photo Credit: Source
Privacy International has achieved an important victory for government transparency and information access rights. This victory stems from a long-running battle with the government to obtain information about the UK police’s purchase and use of IMSI catchers. The Information Commissioner’s Office (ICO) recently issued a series of decisions, which agree with Privacy International that police forces cannot rely on a position of “neither confirm nor deny” (NCND…
Content type: Long Read
25th September 2018
The UK's domestic-facing intelligence agency, MI5, today admitted that it captured and read Privacy International's private data as part of its Bulk Communications Data (BCD) and Bulk Personal Datasets (BPD) programmes, which hoover up massive amounts of the public's data. In further startling legal disclosures, all three of the UK's primary intelligence agencies - GCHQ, MI5, and MI6 - also admitted that they unlawfully gathered data about Privacy International or its staff. You can read the…
Content type: Long Read
29th January 2018
Privacy International is celebrating Data Privacy Week, where we’ll be talking about privacy and issues related to control, data protection, surveillance and identity. Join the conversation on Twitter using #dataprivacyweek.
Exercising the right to privacy extends to the ability of accessing and controlling our data and information, the way it is being handled, by whom, and for what purpose. This right is particularly important when it comes to control of how States perform these activities.…
Content type: Examples
3rd May 2018
Documents submitted as part of a 2015 US National Labor Relations Board investigation show that Walmart, long known to be hostile to unions, spied on and retaliated against a group of employees who sought higher wages, more full-time jobs, and predictable schedules. In combating the group, who called themselves the Organization United for Respect at Walmart (OUR Walmart), Walmart hired an intelligence-gathering service from Lockheed Martin, contacted the FBI, and set up an internal Delta team…
Content type: Examples
19th December 2018
In July 2018 Walmart filed a patent on a system of sensors that would gather conversations between cashiers and customers, the rattle of bags, and other audio data to monitor employee performance. Earlier in 2018, Amazon was awarded a patent on a wristaband that would monitor and guide workers in processing items. UPS uses sensors to monitor whether its drivers are wearing seatbelts and when they open and close truck doors. All these examples, along with others such as technology that allows…
Content type: Examples
20th December 2018
In July 2018, Election Systems and Software (ES&S), long the top US manufacturer of voter machines, admitted in a letter to Senator Ron Wyden (D-OR) that it had installed pcAnywhere remote access software and modems on a number of the election management systems it had sold between 2000 and 2006. The admission was in direct contradiction to the company's response for a New York Times article earlier in the year on US voting machines' vulnerability to hacking. ES&S says it stopped…
Content type: App Analysis
5th December 2018
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the applicationResponse from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event:…