Search
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Lebanon is the result of an ongoing collaboration between Privacy International and SMEX.
Key privacy facts
1. Constitutional privacy protection: The Lebanon constitution does not explicitly mention the right to privacy.
2. Data protection law: The Electronic Transactions and…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Colombia is the result of an ongoing collaboration by Privacy International and Fundación Karisma and Dejusticia.
Key Privacy Facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Article 15 of the 1991 constitution).
2…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in the Philippines is the result of an ongoing collaboration by Privacy International and Foundation for Media Alternatives.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy (Art. III, section 3).
2.…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Mexico is the result of an ongoing collaboration by Privacy International and Red in Defensa de los Derechos Digitales (R3D) in Mexico.
Key Privacy Facts
1. Constitutional privacy protections: The right to privacy is enshrined in article 6 of the Mexican constitution.
2. Data…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Privacy in Indonesia is the result of an ongoing collaboration by Privacy International and The Institute for Policy Research and Advocacy (ELSAM).
Key privacy facts
Key privacy facts
1. Constitutional privacy protection: The constitution does not explicitly mention privacy.
2. Data protection…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in India is the result of an ongoing collaboration by Privacy International and the Centre for Internet & Society.
Key Privacy Facts
1. Constitutional privacy protections: In 2017, the Indian Supreme Court ruled that the Indian constitution guarantees a right to privacy.
2. Data…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgment
The State of Surveillance in Egypt is the result of an ongoing collaboration by Privacy International and its partners.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit protection of the right to privacy.
2. Data protection law: In August 2018, the Cabinet…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Brazil is the result of an ongoing collaboration by Privacy International and Coding Rights.
Between 2014-2017, Privacy LatAm contributed to previous versions of this briefing.
Key privacy facts
1. Constitutional privacy protection: The constitution contains an explicit…
Content type: State of Privacy
Table of contents
Introduction
Right to Privacy
Communication Surveillance
Data Protection
Identification Schemes
Policies and Sectoral Initiatives
Introduction
Acknowledgement
The State of Privacy in Argentina is the result of an ongoing collaboration by Privacy International and Asociación por los Derechos Civiles (ADC).
Key Privacy Facts
1. Constitutional privacy protections: While Argentina's constitution does not mention the word 'privacy', Section 19 has been taken by the…
Content type: News & Analysis
On 22 January 2019 Google updated its Terms of Service and Privacy Policy for Europe.
The message is quite reassuring:
“Nothing about your experience in Google services will change. And nothing is changing in terms of your privacy settings, the way your data is processed, nor the purposes of its processing”.
Then it says: “However, if you don’t want to accept these changes in our terms and Privacy Policy, you can choose to stop using the applicable services.”
Simple. If you don’t like it,…
Content type: News & Analysis
We found this image here.
In order for GDPR to be effective at protecting people's data, it must be implemented and enforced. Therefore, we are pleased to see that CNIL has taken action and issued Google a fine of €50 million based on complaints by NOYB and La Quadrature Du Net in May 2018. Despite numerous statements by Google that it takes the protection of people's data seriously, the decision demonstrates that they have a long way to go and that regulators will take action to hold…
Content type: Report
A video presentation of the finding of this report can be found here, as presented at 35th Chaos Computer Congress (35C3)
Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet. In this report, Privacy International illustrates what this data sharing looks like in practice, particularly for people who do not have a Facebook account.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
format: json
sdk: android
event…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.…
Content type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content type: Impact Case Study
What HappenedOn 5 June 2013, The Guardian published the first in a series of documents disclosed by Edward Snowden, a whistleblower who had worked with the NSA. The documents revealed wide-ranging mass surveillance programs conducted by the USA’s National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), which capture the communications and data of hundreds of millions of people around the world. In addition to revealing the mass surveillance programs of the NSA…
Content type: Examples
In June 2018, security researchers found that Google's smart speaker and home assistant, Google Home, and its Chromecast streaming device could be made to leak highly accurate location information because they failed to require authentication from other machines on their local network. The attack worked by requesting a list of nearby wireless networks from the Google device and sending that list on to Google's geolocation lookup service, whose map of wireless network names around the world is…
Content type: Examples
In 2018 industry insiders revealed that the gambling industry was increasingly turning to data analytics and AI to personalise their services and predict and manipulate consumer response in order to keep gamblers hooked. Based on profiles assembled by examining every click, page view, and transaction and incorporating data purchased from third-party sources, gambling operators push customised ads through Google, Facebook, and other platforms. There are also plans to geolocate customers arriving…
Content type: Examples
Three months after the 2018 discovery that Google was working on Project Maven, a military pilot program intended to speed up analysis of drone footage by automating classification of images of people and objects, dozens of Google employees resigned in protest. Among their complaints: Google executives' decreasing transparency and attention to workers' objections; that Google's move could damage user trust; and ethical concerns over using algorithms in this potentially lethal work and Google's…
Content type: Examples
In 2018, military security officers from the Israeli Defence Force accused Hamas of loading fake World Cup and dating apps with malware and making them available via the Israeli version of the Google Play store in order to hack the mobile phones of Israeli soldiers. The apps were capable of accessing locations, copying contacts, file, and photographs, and taking control of camera and microphone. The World Cup app offered HD live-streamed matches and updates. The IDF added that about 100…
Content type: News & Analysis
Taylor Swift may be tracking you, particularly if you were at her Rose Bowl show in May.
According to an article published by Vanity Fair, at Swift’s concert at the California stadium, fans were drawn to a kiosk where they could watch rehearsal clips. At the same time – and without their knowledge - facial-recognition cameras were scanning them, and the scans were then reportedly sent to a “command post” in Nashville, where they were compared to photos of people who are known…
Content type: Examples
In 2018, a group of researchers from the Campaign for Accountability posed as Russian trolls and were able to purchase divisive online ads and target them at Americans using Google's advertising platform. The researchers constructed fake profiles using the name and identifying details of the Internet Research Agency, a known Kremlin-linked troll farm; the ads appeared on the YouTube channels and websites belonging to CNN, CBS, Huffington Post, and the Daily Beast. The ads were approved in less…
Content type: Examples
In May 2018, researchers in the US and China demonstrated that they could send commands that activate Apple's Siri, Amazon's Alexa, and Google Assistant but that are inaudible to the human ear. The researchers were able to make smartphones and smart speakers dial phone numbers and open websites; the potential is there to make them operate Internet of Things devices, wire money, or execute retail transactions by hiding commands in music or other audio.
https://www.nytimes.com/2018/05/10/…
Content type: Examples
In September 2018, a number of people whose Google Pixel phones, Essential Phone, OnePlus 6, Nokia handsets, and other devices running Android 9 Pie discovered that the devices had, apparently autonomously, activated the software's Battery Saver feature. Google later explained that an internal experiment to test battery-saving features had accidentally - and erroneously - been rolled out to more users than it had intended. The silent and invasive nature of the mistake made it particularly…
Content type: Examples
In October 2018, a transparency report from the smart home company Nest, which Google acquired for $3.2 billion in 2014, found that between 2015 and 2018 Nest had been told to hand over data on 300 separate occasions relating to up to 525 Nest account holders. Nest turned over data in fewer than 20% of the cases in the first half of 2018, down from the second half of 2015, when the company complied nearly 60% of the time. Nest is best known for its smart thermostats, but it also makes…
Content type: Examples
In September 2018, AI Now co-founder Meredith Whittaker sounded the alarm about the potential for abuse of the convergence of neuroscience, human enhancement, and AI in the form of brain-computer interfaces. Part of Whittaker's concern was that the only companies with the computational power necessary to develop these technologies are those already leading in AI: Google, Facebook, Microsoft, and equivalent. The result would be that the neural data collected from individuals' thoughts would be…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following HTTP GET request is made to graph.facebook.com
GET https://graph.facebook.com/v3.0/115882278440564?fields=…
Content type: App Analysis
This documentation demonstrates actions taken by the test user and the apps subsequent responses.
Test user action 1: The user taps on the application icon, which opens the application
Response from app: The application is initialised and the following data is sent and received by the app:
Immediately after the app is opened, the following data is sent to graph.facebook.com (Graph)
The app sends the following HTTP GET request to graph.facebook.com
GET https://…