Search
Content type: Examples
In 2018, a week before the General Data Protection Regulation came into force in the EU, Quantcast and several other publishing industry groups complained that Google in an open letter that Google was imposing GDPR risks on publishers and consumers. Under the system Google proposed for GDPR compliance, Google would impose limits on the number of technical vendors publishers could work with, thereby limiting innovation and competition, had yet to commit to joining the IAB Europe's Transparency…
Content type: Examples
In September 2017, unrelated to the massive data breach the company simultaneously announced, Equifax withdrew its mobile apps from Apple's App Store and Google Play because of security flaws that meant that data transferred between users and Equifax was not encrypted in transmission. Given the flaws in implementing HTTPS, attackers could inject their own markup, including JavaScript - which in turn would allow them to ask for any information they wanted without any indication to the user that…
Content type: Examples
In 2017, a group of data brokers led by Acxiom, AppNexus, and MediaMath, and including Index Exchange, LiveIntent, OpenX, and Rocket Fuel,
launched a consortium to make targeted programmatic advertising more widely available. Part of the consortium's goal is to enable the companies involved to compete better with Google's Ad words and Facebook's ad platform, which together account for 48% of all digital advertising spend. The consortium also intended to create a common omnichannel, people-…
Content type: Long Read
Photo Credit: Max Pixel
The fintech sector, with its data-intensive approach to financial services, faces a looming problem. Scandals such as Cambridge Analytica have brought public awareness about abuses involving the use of personal data from Facebook and other sources. Many of these are the same data sets that the fintech sector uses. With the growth of the fintech industry, and its increase in power and influence, it becomes essential to interrogate this use of data by the…
Content type: Examples
Google announced on October 8 having discovered a vulnerability in the Google+ API which has been open since 2015. This vulnerability allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information. While Google only retains 2 weeks of activity logs and cannot assert the exact reach of the breach, it believes that up to 438 applications had access to these data.…
Content type: Explainer
In the digital economy there is a trend towards corporate concentration. This is true for social media platforms, search engines, smart phone operating systems, digital entertainment, or online retailers. Meanwhile, the way in which market dominance is measured traditionally does not always capture the extent of their control: firstly, their products and services are often “free” and secondly, it’s often not clear in which “markets” and “sectors” these companies operate, since there is so much…
Content type: Long Read
Yesterday, the European Court of Human Rights issued its judgement in Big Brother Watch & Others V. the UK. Below, we answer some of the main questions relating to the case.
What's the ruling all about?
In a nutshell, one of the world's most important courts, the European Court of Human Rights, yesterday found that certain UK laws about how intelligence agencies can spy on our internet communications breach our human rights. These surveillance laws have meant that the UK intelligence…
Content type: Long Read
The European Court of Human Rights ruled today that the UK government's mass interception program violates the rights to privacy and freedom of expression. The Court held that the program "is incapable of keeping the 'interference' to what is 'necessary in a democratic society'". This finding is an important victory for human rights and the rule of law. Below, we break down the key parts of the decision.
The Court's ruling comes after a five-year battle against two UK mass surveillance…
Content type: News & Analysis
Creative Commons Photo Credit: Source
Just about everyone in Washington has found something to dislike about the tech industry: Democrats especially, are worried about foreign interference in the 2016 election — meanwhile some Republicans are more concerned about bias against conservatives of platforms and on top of it all President Trump has been tweeting about antitrust and competition.
Privacy International is a vocal critic of data exploitation more generally, and the systemic…
Content type: Advocacy
This photo originally appeared here.
For years, Privacy International and our partners in Kenya have been promoting the right to privacy in Kenya through research and investigations into government and private sector policies and practices and advocating for the adoption and enforcement of the strongest data protection and privacy safeguards.
The need for Kenya to adopt a comprehensive data protection framework (in addition to strengthening privacy protections in other legislation) has always…
Content type: Examples
In 2013, Edward Snowden, working under contract to the US National Security Agency for the consultancy Booz Allen Hamilton, copied and leaked thousands of classified documents that revealed the inner workings of dozens of previously unknown surveillance programs. One of these was PRISM, launched in 2007, which let NSA use direct access to the systems of numerous giant US technology companies to carry out targeted surveillance of the companies' non-US users and Americans with foreign contacts by…
Content type: Examples
In May 2018, Google announced an AI system to carry out tasks such as scheduling appointments over the phone using natural language. A Duplex user wanting to make a restaurant booking, for example, could hand the task off to Duplex, which would make the phone call and negotiate times and numbers. In announcing the service, Google stressed its use of "speech dysfluencies" - that is, non-verbal syllables such as "um" and "er" to make the interaction sound more natural.
The system almost…
Content type: Examples
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to online ad spending. EPIC argued that the purchasing information Google collected was highly sensitive, revealing details about consumers purchases, health, and private lives, and that Google was…
Content type: Examples
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick promised to keep those two databases separate; and in 2005 when the private equity firm Hellman & Friedman acquired it, that firm promised to operate the company as two separate divisions. In April…
Content type: Examples
In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour do-not-track settings in Apple's Safari web browser. The browser itself was set by default to refuse to accept third-party cookies, as these are often used to track users across the web. Google's…
Content type: Examples
In 2009, Spanish citizen Mario Costeja González objected to the fact that an auction notice from 1998, when his home was repossessed, was still accessible on the website of the Spanish newspaper La Vanguardia and the first thing people saw when they searched for him on Google. When the courts declined to order the newspaper to remove the announcement, Costeja asked Google Spain to stop linking to it in search results on his name. When Google did nothing more than forward the complaint to its…
Content type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content type: Examples
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their…
Content type: Examples
In July 2011, the established writer GrrlScientist tried to log into her Google account and found that it was suspended, barring her access to Gmail, Google Docs, YouTube, Google Reader, and the newly launched social network Google+. It turned out that the reason was then when Google launched its Google+ social network in June 2011, it included among its terms and conditions a requirement to use "the name your friends, family, or co-workers call you". In July 2011, Google began suspending the…
Content type: Examples
In 2010, Google revealed that a data audit required by Germany's data protection authority had revealed that since 2007 the cars deployed to capture images for its Street View project had accidentally captured 600GB of data from local wifi networks, including personal web browsing histories. Google said it used network names (SSIDs) and router identifiers (MAC addresses) to use for its location services, but did not use any of the payload data, which the company said consisted only of fragments…
Content type: Examples
Google launched its first version of Android in 2009. Based on a modified Linux kernel and other open source software, Android provides the operating system for mobile phones, tablets, televisions, cars, wrist watches, and many other devices including digital cameras, game consoles, PCs, and personal video recorders. By 2017, Android had become the best-selling operating system in the world, with over 2 billion monthly active users. Even in 2009, critics warned that the operating system, which…
Content type: Examples
In May 2007, Google launched Street View, an add-on to its Maps service that allows users to see and "drive" through images of streets and buildings. Almost immediately, the service provoked controversy when users realised that these images included pictures looking through the windows of their homes and images of license plates, or that caught them in embarrassing or even illegal situations on the street. Google argued that Street View only captured images taken on public property. In August,…
Content type: Examples
To personalise the services it offers, Google retains user data such as search histories and as well as the Internet Protocol (IP) addresses and other digital identifiers that enable the company to link search queries to the specific computer where they were generated. Until March 2007, the company kept this data indefinitely. At that point, it announced that in response to privacy advocates' concerns it would begin anonymising the data after 18 to 24 months. While some welcomed the change,…
Content type: Examples
When Google launched Gmail in 2004, the new service rapidly gained acceptance because it offered far more storage space than any other comparable service. From the beginning, however, Gmail scanned the contents of emails to help the company generate contextual ads. Scanning has never applied to the email service it offers paying corporate customers as part of G Suite. In 2017, Google announced it would end scanning email in the consumer service, largely to end confusion among the corporate…
Content type: Examples
The first example of internet users being blindsided by the retention of information they had thought was ephemeral was Usenet, a worldwide collection of discussion groups ("newsgroups") created in 1979. At the beginning, computers called each other directly to swap and distribute new postings; as the internet became available it became the primary medium for propagating Usenet's burgeoning collection of newsgroups. At its peak in the 1990s Usenet was a huge open system used by millions of…
Content type: Examples
In 2005, Google launched its web analytics service, which tracks and reports website traffic. The most widely-used analytics service on the web, Google Analytics comes in three versions: free, the subscription enterprise service 360, and a mobile service that collects analytics from both iOS and Android apps. The service works by storing cookies on computers that visit the websites on which Google Analytics is installed; the cookies contain a unique "cookie ID" identifier; this enables website…
Content type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content type: Examples
In September 2007, Facebook, which from its 2004 founding had stressed the privacy of its user profiles and interactions, opened up its profiles to public search engines such as Google and Bing. Facebook's new "public listing search" allowed anyone to search for a particular person; such searches returned the name and profile picture of all members who had set their search privacy to "Everyone". The benefit to Facebook was to encourage non-users to sign up when they saw their friends and family…
Content type: Examples
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and LiveJournal. A Facebook spokesman explained that while photographs were immediately deleted from the company's own servers, the data would take longer to be removed from Akamai, the Content Delivery…
Content type: Press release
Photo credit: Forbrukerrådet
The Norwegian Consumer Council has today published a report which shows how Facebook and Google appear to push users into sharing personal data, and raises questions around how such practices are GDPR compliant.
Off the back of the analysis, Privacy International is joining NCC and several other consumer and privacy groups in Europe to ask European data protection authorities to investigate whether the companies are acting in accordance with GDPR. Copies of the…