Search
Content type: Advocacy
28th June 2022
In our submission we outline our concerns with the industry as a result of extensive technical research and complaints taken to data protection authorities in Europe as a result.
Data brokers must specifically be included in "actors in scope."
We recommend that "data brokers" are specifically included in the list of "actors in scope". A data broker is a company that collects, buys and sells personal data and this is often how they earn their primary revenue. It is a term that is entering…
Content type: Advocacy
31st May 2022
Now is the time to strengthen not weaken data protection to keep us all safe. Here we outline some edited areas of our consultation response that highlight the impact of the proposed loss or weakening of many important protections:
The proposal to broadening consent and further processing for research purposes:
PI urges caution with regard to provisions that seek to potentially undermine the strict conditions around obtaining consent. The GDPR placed stronger conditions on obtaining consent…
Content type: Report
5th May 2022
This briefing takes a look at the private intelligence industry, a collection of private detectives, corporate intel firms, and PR agencies working for clients around the world that have made London their hub.
Often staffed by ex-spooks, and promising complete secrecy, little is known about them. But reports over the years have exposed their operations, including things like hacking and targeting of anti-corruption officials, spying on peaceful environment activists, and running fake '…
Content type: Video
5th May 2022
Links
The Enablers by the Bureau of Investigative Journalism
PI's report
Submit your podcast questions
Sign up to our mailing list
Places to listen
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify | Apple podcasts | Castbox | Google podcasts | Overcast | Stitcher | Pocket Casts | Peertube | Youtube | Soundcloud | Podbean | Podcast Republic | Breaker | Podcast Addict | Deezer | and more...
Content type: News & Analysis
17th December 2021
The notorious Clearview AI first rose to prominence in January 2020, following a New York Times report. Put simply, Clearview AI is a facial recognition company that uses an “automated image scraper”, a tool that searches the web and collects any images that it detects as containing human faces. All these faces are then run through its proprietary facial recognition software, to build a gigantic biometrics database.
What this means is that without your knowledge, your face could be stored…
Content type: Press release
25th May 2021
Privacy International (PI), together with Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb - the European Center for Digital Rights, has today filed a series of legal complaints against Clearview AI, Inc. The facial recognition company claims to have “the largest known database of 3+ billion facial images”. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.
As our complaints detail, Clearview AI…
Content type: News & Analysis
17th May 2021
The report on disinformation by the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression follows a growing trend by international bodies (including the Organization of American States and the European Commission) to assess and regulate the global phenomenon that is disinformation.
The report strongly links the spread of disinformation with the gratuitous data collection and profiling techniques utilised by the online advertising industry,…
Content type: Advocacy
4th May 2021
This report is presented by TEDIC (Technology and Community Association) and Privacy International (PI). TEDIC is a non-governmental, non-profit organization, based in Asunción, that promotes and defends human rights on the Internet and extends its networking to Latin America. PI is a London based human rights organization that works globally at the intersection of modern technologies and rights.
TEDIC and PI wish to express some concerns about the protection and promotion of the right to…
Content type: News & Analysis
26th March 2021
Uganda's Presidential election in January 2021 resulted in the incumbent President Museveni winning his sixth term in office, having held power for 35 years. The election took place amidst a global pandemic and the run up to election day was fraught. Violence left dozens dead and hundreds more arrested, including the opposition candidate Bobi Wine. Mass rallies and in person campaign meetings were banned due to Covid restrictions and political parties in Uganda were encouraged to conduct “…
Content type: News & Analysis
11th March 2021
Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019.
This first landmark…
Content type: Advocacy
3rd March 2021
Background
Giphy is a searchable database for Graphic Interchange Format (‘GIF’) files, stickers, emojis, text, videos and Arcade (remixable video games). This database can be queried through the Giphy search engine, either via its main website (giphy.com), its API or its SDK. Content obtained can then be shared via their URL or be integrated in another service such as a website or an app. Well known integrations of Giphy include messaging services like Whatsapp, Slack, Signal, Telegram, or…
Content type: Long Read
19th January 2021
Political parties depend on data to drive their campaigns, from deciding where to hold rallies, which campaign messages to focus on in which area, and how to target supporters, undecided voters and non-supporters, including with ads on social media. Political parties increasingly hire private companies to do the bulk of this work, and our primary concern is how these companies use personal data to “profile” people and drive election campaigning.
As part of PI’s programme of work on Defending…
Content type: Long Read
4th December 2020
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: Advocacy
16th November 2020
International data transfers are an important feature of the present-day global economy. However, when crossing borders, data should also be accompanied by strong and effective privacy and personal data protections. Laws, such as the General Data Protection Regulation (GDPR), play an important role in ensuring data flows respect with privacy.
Trade negotiations that cover cross-border data flows can complicate this. All 80 countries that are part of digital trade negotiations should be able to…
Content type: Frequently Asked Questions
27th October 2020
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content type: News & Analysis
27th October 2020
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.
Read our Q&A on the report here.…
Content type: Examples
23rd September 2020
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: Examples
21st September 2020
An audit of two apps and a website used by national and local governments in Colombia finds: an absence of public information about the tools, how they work, or how their security and privacy is protected; non-compliance with Colombia’s data protection legal framework, particularly in the area of consent; and reckless deployment of solutions that put hundreds of thousands of users’ personal data at risk. Fundación Karisma, which conducted the audit, makes a number of recommendations for…
Content type: Examples
21st September 2020
Following trials in Leicester, Luton, and Blackburn with Darwen, the UK government will assign teams of health care professionals to more than ten local authorities and offer them Public Health England’s near real-time data on infections and a dedicated team of contact tracers, shifting away from its £10 billion centralised national system run under contract by Serco. As of early August, the Serco scheme was still failing to reach a significant proportion of those who had been in close contact…
Content type: Case Study
17th September 2020
The Peruvian government has a history of collaboration with the private sector in developing technology with the alleged purpose of providing greater security to citizens. The most recent example, the smartphone application "Peru En Tus Manos" launched in the context of the Covid-19 crisis, has been developed in a similar fashion and currently collects geolocation data on more than a million users. Although Peru has a proper legal framework for public private partnerships, developments are…
Content type: Report
11th September 2020
National identity systems naturally implicate data protection issues, given the high volume of data necessary for the systems’ functioning.
This wide range and high volume of data implicates raises the following issues:
consent as individuals should be aware and approve of their data’s collection, storage, and use if the system is to function lawfully. Despite this, identity systems often lack necessary safeguards requiring consent and the mandatory nature of systems ignores consent…
Content type: Report
11th September 2020
While identity systems pose grave dangers to the right to privacy, based on the particularities of the design and implementation of the ID system, they can also impact upon other fundamental rights and freedoms upheld by other international human rights instruments including the International Covenant on Civil and Political Right and the International Covenant on Economic, Social and Cultural Rights such as the right to be free from unlawful discrimination, the right to liberty, the right to…
Content type: Examples
20th August 2020
The outsourcing company Serco, which the UK government has contracted to perform contact tracing, accidentally shared the email addresses of almost 300 of the contact tracers it hired when a staff member sent an introductory email and used CC rather than blind CC. Serco does not intend to refer itself to the Information Commissioner's office.
Writer: Ross Hawkins
Publication: BBC
Content type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
4th August 2020
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content type: Explainer
30th July 2020
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: Examples
24th July 2020
After ORG asked questions via its legal representative, AWO’s Ravi Naik, the UK’s Department of Health and Social Care agreed to change the period it would retain Test and Trace data from 20 years to eight. Public Health England manager Yvonne Doyle explained that the novelty of COVID-19 was the reason for keeping the data longer, in case PHE needed to get back in touch with those who had tested positive with additional information.
Publication: ZDNet
Writer: Daphne Leprince-Ringuet