Search
Content type: Press release
25th May 2021
Privacy International (PI), together with Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb - the European Center for Digital Rights, has today filed a series of legal complaints against Clearview AI, Inc. The facial recognition company claims to have “the largest known database of 3+ billion facial images”. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.
As our complaints detail, Clearview AI…
Content type: Advocacy
4th May 2021
This report is presented by TEDIC (Technology and Community Association) and Privacy International (PI). TEDIC is a non-governmental, non-profit organization, based in Asunción, that promotes and defends human rights on the Internet and extends its networking to Latin America. PI is a London based human rights organization that works globally at the intersection of modern technologies and rights.
TEDIC and PI wish to express some concerns about the protection and promotion of the right to…
Content type: News & Analysis
11th March 2021
Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019.
This first landmark…
Content type: Advocacy
3rd March 2021
Background
Giphy is a searchable database for Graphic Interchange Format (‘GIF’) files, stickers, emojis, text, videos and Arcade (remixable video games). This database can be queried through the Giphy search engine, either via its main website (giphy.com), its API or its SDK. Content obtained can then be shared via their URL or be integrated in another service such as a website or an app. Well known integrations of Giphy include messaging services like Whatsapp, Slack, Signal, Telegram, or…
Content type: Long Read
19th January 2021
Political parties depend on data to drive their campaigns, from deciding where to hold rallies, which campaign messages to focus on in which area, and how to target supporters, undecided voters and non-supporters, including with ads on social media. Political parties increasingly hire private companies to do the bulk of this work, and our primary concern is how these companies use personal data to “profile” people and drive election campaigning.
As part of PI’s programme of work on Defending…
Content type: Long Read
4th December 2020
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: Frequently Asked Questions
27th October 2020
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content type: News & Analysis
27th October 2020
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.
Read our Q&A on the report here.…
Content type: Examples
23rd September 2020
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: Examples
21st September 2020
An audit of two apps and a website used by national and local governments in Colombia finds: an absence of public information about the tools, how they work, or how their security and privacy is protected; non-compliance with Colombia’s data protection legal framework, particularly in the area of consent; and reckless deployment of solutions that put hundreds of thousands of users’ personal data at risk. Fundación Karisma, which conducted the audit, makes a number of recommendations for…
Content type: Examples
21st September 2020
Following trials in Leicester, Luton, and Blackburn with Darwen, the UK government will assign teams of health care professionals to more than ten local authorities and offer them Public Health England’s near real-time data on infections and a dedicated team of contact tracers, shifting away from its £10 billion centralised national system run under contract by Serco. As of early August, the Serco scheme was still failing to reach a significant proportion of those who had been in close contact…
Content type: Case Study
17th September 2020
The Peruvian government has a history of collaboration with the private sector in developing technology with the alleged purpose of providing greater security to citizens. The most recent example, the smartphone application "Peru En Tus Manos" launched in the context of the Covid-19 crisis, has been developed in a similar fashion and currently collects geolocation data on more than a million users. Although Peru has a proper legal framework for public private partnerships, developments are…
Content type: Report
11th September 2020
National identity systems naturally implicate data protection issues, given the high volume of data necessary for the systems’ functioning.
This wide range and high volume of data implicates raises the following issues:
consent as individuals should be aware and approve of their data’s collection, storage, and use if the system is to function lawfully. Despite this, identity systems often lack necessary safeguards requiring consent and the mandatory nature of systems ignores consent entirely…
Content type: Report
11th September 2020
While identity systems pose grave dangers to the right to privacy, based on the particularities of the design and implementation of the ID system, they can also impact upon other fundamental rights and freedoms upheld by other international human rights instruments including the International Covenant on Civil and Political Right and the International Covenant on Economic, Social and Cultural Rights such as the right to be free from unlawful discrimination, the right to liberty, the right to…
Content type: Examples
20th August 2020
The outsourcing company Serco, which the UK government has contracted to perform contact tracing, accidentally shared the email addresses of almost 300 of the contact tracers it hired when a staff member sent an introductory email and used CC rather than blind CC. Serco does not intend to refer itself to the Information Commissioner's office.
Writer: Ross Hawkins
Publication: BBC
Content type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
4th August 2020
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content type: Explainer
30th July 2020
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: Examples
24th July 2020
After ORG asked questions via its legal representative, AWO’s Ravi Naik, the UK’s Department of Health and Social Care agreed to change the period it would retain Test and Trace data from 20 years to eight. Public Health England manager Yvonne Doyle explained that the novelty of COVID-19 was the reason for keeping the data longer, in case PHE needed to get back in touch with those who had tested positive with additional information.
Publication: ZDNet
Writer: Daphne Leprince-Ringuet
Content type: Examples
24th July 2020
In early July the Open Rights Group issued a pre-action legal letter to UK health secretary Matt Hancock and the Department of Health and Social Care saying they have breached requirements under the Data Protection Act 2018 and GDPR by failing to conduct an impact assessment for the Test and Trace system. ORG and its lawyers, AWO, had been asking for details of the DPIA since the beginning of June, a few days after the system was launched. In their response, the DHSC’s lawyers said “there were…
Content type: Advocacy
17th July 2020
Identification systems across the world increasingly rely on biometric data. In the context of border management, security and law enforcement, biometric data can play an important role in supporting the investigation and prevention of acts of terrorism.
This Briefing aims to map out some of the implications of the adoption of identification systems based on biometrics.
Content type: Examples
13th July 2020
Hours before OpenDemocracy filed suit to compel the UK government to release all the contracts governing its deals with a list of technology firms including Amazon, Microsoft, Google, Palantir, and Faculty, the UK government released the contracts. Faculty is being paid more than £1 million to provide AI services for the NHS, and the companies involved in the NHS data store project, including Faculty and Palantir, were originally granted intellectual property rights and were allowed to train…
Content type: Advocacy
1st July 2020
Privacy International responded to the call for submissions on Zimbabwe’s Cyber Security and Data Protection Bill, 2019.
According to its Memorandum, the Bill seeks to “consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest.” The Bill also proposes the establishment of a Cyber Security Centre and a Data Protection Authority.
In its submission, PI applauds the positive aspects…
Content type: Long Read
26th June 2020
What Do We Know?
In late March, the NHS quietly announced that it would give technology businesses access to unprecedented quantities of patient data for processing and analysis in response to COVID-19. One of those businesses is CIA-backed Palantir Technologies. Palantir’s software is allegedly “mission critical” to US Immigration and Customs Enforcement’s (ICE) mass raids, detentions, and deportations. Despite trusting Palantir with patient data, the NHS has been tight-lipped about the scope…
Content type: Video
23rd June 2020
Immediately following the UK general election in December 2019, we worked with Open Rights Group to commission a YouGov poll about public understanding and public opinion about the use of data-driven campaigning in elections.
The poll used a representative sample of 1,664 adults across the UK population.
'Data-driven political campaigning' is about using specific data about you to target specific messages at you. So, for this might involve knowing that you are, for example, likely to have…
Content type: Call to Action
18th June 2020
Google wants to know everything about you.
It already holds a massive trove of data about you, but by announcing its plans to acquire the health and fitness tracker company Fitbit, it now clearly wants to get its hands on your health too. We don’t think any company should be allowed to accumulate this much intimate information about you. This is why we’re trying to stop its merger with Fitbit.
Google and Fitbit need the European Commission’s approval before they can merge. The merger would…
Content type: Long Read
17th June 2020
There are few places in the world where an individual is as vulnerable as at the border of a foreign country.
As migration continues to be high on the social and political agenda, Western countries are increasingly adopting an approach that criminalises people at the border. Asylum seekers are often targeted with intrusive surveillance technologies and afforded only limited rights (including in relation to data protection), often having the effect of being treated as “guilty until proven…
Content type: Explainer
16th June 2020
Hello friend,
You may have found your way here because you are thinking about, or have just submitted, a Data Subject Access Request, maybe to your Facebook advertisers like we did. Or maybe you are curious to see if Policing, Inc. has your personal data.
The right to access your personal data (or access right) is just one of a number of data rights that may be found in data protection law, including the European Union's General Data Protection Regulation, better known as "GDPR",…
Content type: Examples
15th June 2020
The AI firm Faculty, which worked on the Vote Leave campaign, was given a £400,000 UK government contract to analyse social media data, utility bills, and credit ratings, as well as government data, to help in the fight against the coronavirus. This is at least the ninth contract awarded to Faculty since 2018, for a total of at least £1.6 million. No other firm was asked to bid on the contract, as normal public bodies’ requirements for competitive procurement have been waived in the interests…