Search
Content type: Long Read
24th February 2020
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content type: Examples
26th March 2020
Because tracking and limiting the movement of those suspected to be carrying COVID-19 carriers has been a factor in flattening the exponential curve of cases in places like Singapore, Taiwan, and South Korea, Professor Marylouise McLaws, a technical advisor to the WHO's Infection Prevention and Control Global Unit and a professor at the University of New South Wales, believes that we should use travellers' smartphones to electronically monitor their compliance with self-isolation orders. …
Content type: Examples
8th April 2020
The World Health Organization will partner with major blockchain and technology companies to launch a distributed ledger-based platform to be dubbed "MiPasa" that it says will facilitate "fully private information sharing between individuals, state authorities, and health institutions" by cross-referencing siloed location and health data to create global insights. The WHO believes the system can ensure patient privacy. MiPasa also expects to host an array of publicly accessible analytics tools…
Content type: Long Read
4th December 2020
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: Examples
19th October 2020
Manchester-based VST Enterprises is developing a rapid COVID-19 testing kit intended to help restart stadium sporting events. The results of tests, which fans will take the day before the event they wish to attend and provide results within ten minutes, will be stored in VSTE’s V-Health Passport, a secure mobile phone app into which users enter their name, address, date of birth, phone number, and doctor information, plus a scanned official identity document against which the smartphone can…
Content type: Examples
16th April 2020
Oura Rings, which measure body temperature and blood pulse volume to determine heart and respiratory rate and track sleep, are the subject of a national study being jointly conducted by the West Virginia University Rockefeller Neuroscience Institute, WVU Medicine, and Oura Health in hopes it can be used to predict infection and identify infected health workers before they become symptomatic. The rings and their accompanying smartphone app have been issued to physicians, nurses, and other…
Content type: Examples
19th October 2020
Questions have been raised about an irregular process by which the Trump administration awarded a $10.2 million dollar six-month contract to Pittsburgh-based TeleTracking Technologies. TeleTracking has traditionally sold software to help hospitals track patient status; under the new contract it is collecting key data about COVID-19 from US hospitals, bypassing the Centers for Disease Control and Prevention, to which such data is normally reported. The contract was awarded by the Department of…
Content type: Examples
1st April 2020
The UK's National Health Service is collaborating with Palantir to launch a data platform that will track the movement of critical staff and materials; it will, for the first time, give ministers a dashboard showing the first-ever comprehensive view of the entire health care system. The data Palantir gathers into a data store from across the health sector will not include individual patient data; instead, it will include A&E capacity, calls to the NHS 111 hotline, and the number and…
Content type: Examples
22nd April 2020
Palantir and the British AI start-up Faculty are data-mining large volumes of confidential UK patient information to consolidate government databases and build predictive computer models under contract to NHSx, the digital transformation arm of the UK's National Health Service. NHSx said the goal is to give ministers and officials real-time information to show where demand is rising and equipment needs to be deployed, and that the companies involved do not control the data and are not allowed…
Content type: Long Read
7th May 2020
This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over 30 other countries.
The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and…
Content type: Examples
2nd May 2018
In 2012, London Royal Free, Barnet, and Chase Farm hospitals agreed to provide Google's DeepMind subsidiary with access to an estimated 1.6 million NHS patient records, including full names and medical histories. The company claimed the information, which would remain encrypted so that employees could not identify individual patients, would be used to develop a system for flagging patients at risk of acute kidney injuries, a major reason why people need emergency care. Privacy campaigners…
Content type: News & Analysis
17th October 2019
Photo by Ray Witlin / World Bank CC BY-NC-ND 2.0
This article has been written by Ambika Tandon, Policy Officer at the Centre for Internet and Society, in collaboration with Privacy International.
On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its…
Content type: Long Read
21st September 2020
An edited version of this article was originally published on the EDRi website in September 2020.Introduction
Monopolies, mergers and acquisitions, anti-trust laws. These may seem like tangential or irrelevant issues for privacy and digital rights organisations. But having run our first public petition opposing a big tech merger, we wanted to set out why we think this is an important frontier for people's rights across Europe and indeed across the world.
In June, Google notified the European…
Content type: Examples
24th March 2020
The Thai Tech Startup Association, Department of Disease Control (Ministry of Public Health), Digital Economy Promotion Agency (Ministry of Digital Economy and Society), and National Innovation Agency have developed a questionnaire on an app which as adverised on the Thai Tech Startup Associaiton the questionnaire is designed for people to self-assess if they are in high risk or not. Developed by the Department of Diseases the questionnaire asks a variety of questions related to symptoms and…
Content type: Examples
1st December 2017
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content type: Examples
17th May 2019
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content type: Advocacy
23rd April 2020
Background
In February 2020, the Australian Competition and Consumer Commission (ACCC) commenced an investigation into the proposed acquisition of Fitbit by Google, which was originally announced in November 2019.
Google, whose parent company, Alphabet, in 2018, generated 85% of its $136.22 billion in revenue from delivering targeted advertisements, has a past of competition law infringements in the European Union. Fitbit is a company that produces and sells health tracking technologies and…
Content type: Examples
26th March 2020
The new Singaporean app, TraceTogether, developed by the Government Technology Agency in collaboration with the Ministry of Health was launched on March 20 after eight weeks of development. The app, which can be downloaded by anyone with a Singapore mobile number and a Bluetooth-enabled smartphone, asks users to turn on Bluetooth and location services, and enable push notifications. The app works by exchanging short-distance Bluetooth signals between phones to detect other users within two…
Content type: News & Analysis
11th July 2013
It is a long-standing privacy principle that an individual should have access to their personal information. This is particularly necessary in healthcare - after all there is nothing more personal than health information.
As the mass digitisation of health records increases, many issues arise about this access right. The right of 'subject access' comes with its own complexities. One challenge is that individuals can sometimes be compelled to conduct subject access requests in order to share…
Content type: Advocacy
24th July 2020
Introduction
In February 2020, the Australian Competition and Consumer Commission (ACCC) commenced an investigation into the proposed acquisition of Fitbit by Google, which was originally announced in November 2019.
In March 2020, we made a submission to the ACCC, arguing that the acquisition would very likely have onerous implications for both consumers and markets. We asked the Australian regulator to apply strict scrutiny and not let hisory once again repeat itself. We concluded that the…
Content type: Report
3rd September 2019
The full report of Privacy International's study on how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
Content type: Long Read
3rd September 2019
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our full report…
Content type: Press release
17th June 2020
On 15 June 2020, Google formally notified the European Commission of its proposed acquisition of Fitbit, enabling them to capture a massive trove of sensitive health data that will expand and entrench its digital dominance. Privacy International is calling on EU regulators to block the merger.
In November 2019, Google announced its plan to acquire Fitbit, a company that produces and sells health tracking technologies and wearables - including smartwatches, health trackers and smart scales -…
Content type: Press release
29th April 2020
Photo by Ashkan Forouzani on Unsplash
Today Privacy International, Big Brother Watch, medConfidential, Foxglove, and Open Rights Group have sent Palantir 10 questions about their work with the UK’s National Health Service (NHS) during the Covid-19 public health crisis and have requested for the contract to be disclosed.
On its website Palantir says that the company has a “culture of open and critical discussion around the implications of [their] technology” but the company have so far…
Content type: News & Analysis
26th April 2013
We very much welcome today's announcement by Health Secretary Jeremy Hunt that people will be allowed to opt out of having their medical records shared in the NHS England centralised information bank.
The move is an important one for data privacy and patient choice, and has been a key objective of Privacy International in our collaboration with the new medConfidential (which launched yesterday). A month ago, NHS England (and the Director of Patients and Information) was refusing to offer any…
Content type: Press release
PI, Genewatch and the Council for Responsible Genetics launch the Forensic Genetic Policy Initiative
7th March 2012
Today, 60 countries worldwide operate national DNA databases, and at least 34 more are considering putting them in place. The use of DNA evidence in criminal investigations can bring great benefits to society, helping to solve crimes, convict the guilty and exonerate the innocent. However, the mass storage of DNA samples and computerized profiles in databases raises important human rights concerns. Your DNA profile can be used to track you or your relatives. Your DNA sample has the potential to…
Content type: Examples
26th March 2020
On March 20, the Peruvian government introduced a website where citizens can retrieve the results of tests for COVID-19. The site asks only for the patient to fill in their National ID number and a simple captcha, making it easy for unauthorised parties to access others' results and put people at risk of exploitation and discrimination.
Source: https://saludconlupa.com/noticias/peru-debilidades-de-plataforma-del-ministerio-de-salud-pueden-exponer-informacion-clinica-de-pacientes-covid-19/…
Content type: News & Analysis
24th June 2020
Name: Google/Fitbit mergerAge: GestatingAppearance: A bit dodgy. One of the world’s biggest tech giants, trying to purchase a company that makes fitness tracking devices, and therefore has huge amounts of our health data.I don’t get it. Basically Google is trying to buy Fitbit. As if Google doesn’t already have enough data about us, it now wants huge amounts of health data too.Oh, Fitbit, that’s that weird little watch-type-thing that people get for Christmas, wear for about a month while they…
Content type: Examples
16th April 2020
An Excel file containing complete data pertaining to patients tested for coronavirus in the cities Quetta and Taftan in the the Balochistan region of Pakistan has been circulating in WhatsApp groups about Balochistan. The file contains information such as names, phone numbers, age address and other identifying information for the patients. The leaked data puts the patients at risk of personal harm and social stigma, even after recovery. Balochistan government officials say the data leaked…
Content type: Examples
12th April 2020
GDPRHub is collecting a list of projects around the world that are using personal data to combat the novel coronavirus. The list is divided into categories such as decentralised contact tracing apps and frameworks; centralised contact tracing systems; lockdown enforcement; self-assessment apps; mapping projects; and statistical analysis. The site also tracks COVID-19-releated data protection issues.
Source: https://gdprhub.eu/index.php?title=Projects_using_personal_data_to_combat_SARS-CoV-2…