Search
Content type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content type: Guide step
Depending on where in the world you are visiting from, websites may seek consent as one way to justify their collection of data about you. This has become general practice across the web, and the typical way to ask for user consent is via banners that pop up first thing when the webpage loads. Often these banners will make use of design elements and user interfaces aiming to mislead or influence you in giving away consent to collect and process your data - these are called Dark Patterns and are…
Content type: Long Read
What happened?On 19 July 2024, American cybersecurity company CrowdStrike released an update to its CrowdStrike Falcon software that ultimately caused 8.5 million computers running Microsoft Windows to crash. The damage done was both deep and wide: deep because the computers affected were unable to recover without direct user intervention. Wide because a whole range of companies - from airlines to healthcare to media - across a whole range of countries - from Sweden to India to New Zealand -…
Content type: Long Read
IntroductionIn early October this year, Google announced its AI Overviews would now have ads. AI companies have been exploring ways to monetise their AI tools to compensate for their eye watering costs, and advertising seems to be a part of many of these plans. Microsoft have even rolled out an entire Advertising API for its AI chat tools.As AI becomes a focal point of consumer tech, the next host of the AdTech expansion regime could well be the most popular of these AI tools: AI chatbots.…
Content type: Long Read
IntroductionHarnessing new digital technology to improve people’s health is now commonplace across the world. Countries and international organisations alike are devising digital health strategies and looking to emerging technology to help solve tricky problems within healthcare. At the same time, more and more start-ups and established tech companies are bringing out new, and at times innovative, digital tools aimed at health and wellbeing.
Content type: Explainer
Behind every machine is a human person who makes the cogs in that machine turn - there's the developer who builds (codes) the machine, the human evaluators who assess the basic machine's performance, even the people who build the physical parts for the machine. In the case of large language models (LLMs) powering your AI systems, this 'human person' is the invisible data labellers from all over the world who are manually annotating datasets that train the machine to recognise what is the colour…
Content type: Long Read
IntroductionFor years PI has been documenting the market dominance and associated power of Big Tech over the digital economy, and the threats this poses to our privacy and wider rights.The digital economy is characterised by a handful of Big Tech companies that have established and maintained dominance over the digital market through opaque and exploitative practices. Big Tech exploits the data of those who use their platforms in ways which interfere with our privacy and wider rights. In…
Content type: Long Read
Table of contentsIntroductionWeighing the (potential) benefits with the risksPrivacy rights and the right to healthThe right to healthPrivacy, data-protection and health dataThe right to health in the digital contextWhy the drive for digitalImproved access to healthcarePatient empowerment and remote monitoringBut these same digital solutions carry magnified risks…More (and more connected) dataData leaks and breachesData sharing without informed consentProfiling and manipulationTools are not…
Content type: News & Analysis
Is the AI hype fading? Consumer products with AI assistant are disappointing across the board, Tech CEOs are struggling to give examples of use cases to justify spending billions into Graphics Processing Units (GPUs) and models training. Meanwhile, data protection concerns are still a far cry from having been addressed.
Yet, the believers remain. OpenAI's presentation of ChatGPT was reminiscent of the movie Her (with Scarlett Johannsen's voice even being replicated a la the movie), Google…
Content type: Examples
Companies like the Australian data services company Appen are part of a vast, hidden industry of low-paid workers in some of the globe's cheapest labour markets who label images, video, and text to provide the datasets used to train the algorithms that power new bots. Appen, which has 1 million contributors, includes among its clients Amazon, Microsoft, Google, and Meta. According to Grand View Research, the global data collection and labelling market was valued at $2.22 billion in 2022 and is…
Content type: Examples
Microsoft pitched the use of OpenAI's DALL-E software to support battlefield operations of the US Department of Defense, in seeming contravention of OpenAI's ban against working in the military field. One of the potential use cases proposed by Microsoft is to use DALL-E, OpenAI's image generation model, to train battle management systems. The efficacy, reliability and ethics of such a use of private AI are questioned by various experts. https://theintercept.com/2024/04/10/microsoft-openai-…
Content type: Examples
A student in Minneapolis was outed when their parents were contacted by school administrators when surveillance software found LGBTQ keywords in their writing on a school-supplied laptop. The risk of many more such cases is increasing as the use of edtech spread, fuelled by the pandemic, and legislation, lawsuits, and pressure campaigns push schools to implement anti-LGBTQ policies. Software such as Gaggle, which surveils school computers and student accounts, constantly monitors students…
Content type: Video
Since we recorded this podcast there has been an update on the Microsoft Activision mergerLinksPI competition page (our "very influential work")More about Dr MantzariEcosystems and competition law in theory and practice - a research paper about ecosystemsPower Imbalances in Online Marketplaces: At the Crossroads of Competition Law and Regulation - one of Dr Deni's papers looking at peconomic dependence in online marketplacesGoogle Android European court case on abuse of dominance and more info…
Content type: Examples
Four people in Kenya have filed a petition calling on the government to investigate conditions for contractors reviewing the content used to train large language models such as OpenAI's ChatGPT. They allege that these are exploitative and have left some former contractors traumatized. The petition relates to a contract between OpenAI and data annotation services company Sama. Content moderation is necessary because LLM algorithms must be trained to recognise prompts that would generate harmful…
Content type: Long Read
Why does this decision matter?
Our complaint against Criteo formed part of a larger set of coordinated complaints we filed in 2018 against 7 data brokers (Acxiom, Oracle), AdTech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France (CNIL), Ireland, (DPC) and the UK (ICO). The EU General Data Protection Regulation (GDPR) had recently come into force, and the AdTech industry was (and still is) a prime affront to the…
Content type: Examples
German data protection authorities have ruled that the use of Microsoft Office 365 in schools is not compliant with GDPR, citing a lack of transparency around how and where Microsoft processes and stores student data as well as the potential for third-party access. German federal and state data protection authorities have been looking at how to improve Office 365 for two years but deems changes Microsoft has made insufficient to bring the software into compliance.
https://www.computerweekly.…
Content type: Examples
The French minister of national education and youth has advised schools not to use the free versions of Microsoft Office 365 and Google Workspace because French public procurement contracts require payment. Paid versions may be allowed if they do not violate data protection rules, including a 2020 French ruling that cloud services that store data in the US are not compliant with GDPR.
https://www.theregister.com/2022/11/22/france_no_windows_google/
Writer: Thomas Claburn
Publication: The…
Content type: Examples
A security flaw in the mandatory "Diksha" app operated by the Education Ministry, which became an important tool for giving students access to coursework while at home during the pandemic, exposed the data of millions of Indian students and teachers for more than a year when a cloud server hosted on Microsoft Azure was left unprotected. In 2022, Human Rights Watch found that Diksha was able to track students location, and shared data with Google, which indexed more than 100 files from the…
Content type: Long Read
On 18th January, it was announced that end-to-end encrypted iCloud services, Advanced Data Protection, would be offered to Apple users globally.The offer of such level of security globally, while overdue, is a key step to ensuring trust and confidence in today’s world. There are too many threats to our data and our rights. Twelve years ago, we called on Apple to encrypt iCloud storage for users all around the world.Why this is importantWhile privacy and security is often portrayed as opposite…
Content type: Report
Introduction
Several policy initiatives are in progress at the EU level. They seek to address the sustainability of connected devices such as smartphones, tablets and smart speakers. While initiatives to extend the useful life of hardware are important, software must not be ignored. Almost any digital device with which we interact today relies on software to function, which acts as a set of instructions that tells the hardware what to do. From smart thermostats to smart speakers, to our…
Content type: Long Read
Imagine your performance at work was assessed directly from the amount of e-mails sent, the amount of time consumed editing a document, or the time spent in meetings or even moving your mouse. This may sound ludicrous but your boss might be doing exactly that. There are more and more stories emerging of people being called into meetings to justify gaps in their work only to find out their boss had been watching them work without their knowledge.
The Covid-19 global pandemic has reshuffled the…
Content type: Key Resources
The first step when looking at technology is to find basic information about it - to define and categorise it. Looking at the Wikipedia page of a given technology is often a good starting point and will help you clarify what is implied within a technology (for example for Facial recognition). This is particularly useful when there is no specific technology that is mentioned in the partnership or when you are looking at a tender. You might also want to check the company’s marketing materials to…
Content type: Long Read
This piece is a part of a collection of research that demonstrates how data-intensive systems that are built to deliver reproductive and maternal healthcare are not adequately prioritising equality and privacy.
Digital health apps of all kinds are being used by people to better understand their bodies, their fertility, and to access health information. But there are concerns that the information people both knowingly and unknowing provide to the app, which can be very personal health…
Content type: Guide step
The information you (consciously or not) share with Telegram can be very revealing. It can also be (mis)interpreted by government agencies and used to profile individuals. Once installed on a device, depending on your settings, the Telegram app may have access to information such as your location, contact information and media stored on the same device. All of this data can be potentially be accessed remotely using cloud extraction technology.
Your Telegram app generates a lot of data that can…
Content type: Guide step
The information you (consciously or not) share with Facebook can be very revealing. It can also be (mis)interpreted by government agencies and used to profile individuals. Once installed on a device, depending on your settings, the Facebook app may have access to information such as your location, contact information and media stored on the same device. All of this data can be potentially be accessed remotely using cloud extraction technology.
Your Facebook app generates a lot of data that can…
Content type: Guide step
The information you share on WhatsApp can be very revealing. Once installed on a device, the app potentially has access to information such as your location, contact information, and media stored on the same device.
Your WhatsApp app generates a lot of data that can also be stored on your device and elsewhere. It’s important for you to be able to understand the types of data that apps like WhatsApp generate. Government agencies may seek access to this data through at least two routes: they…
Content type: Long Read
For over 20 years with the start of the first use of ICTs in the 1990s, we have seen a digital revolution in the health sector. The Covid-19 pandemic significantly accelerated the digitalisation of the health sector, and it illustrates how fast this uptake can be and what opportunities can emerge; but also, importantly, the risks that it involves.
As we've said many times before, whilst technologies can be part of the solution to tackle some socio-economic and political challenges facing our…
Content type: Explainer
With more and more connected devices around us, the chance that you've been hit by an update notification is high. But what do these software updates do? How do they actually work, and why are they important?
Hardware and Software
Modern electronic devices require two main parts to function: the hardware and the software. The hardware usually refers to physical electronic pieces inside a device (usually a collection of microchips, logic gates and specialised processing chips, such as those to…
Content type: Advocacy
Our environment is increasingly populated by devices connected to the Internet, from computers and mobile phones to sound systems and TVs to fridges, kettles, toys, or domestic alarms. There has been research into the negative safety and privacy impacts of inadequate security provided by the software in such devices (such as the creation of large scale botnets). This is also the case with outdated security, a risk enabled by software support periods that are shorter than a product’s usable life…
Content type: News & Analysis
As Amnesty International and Forbidden Stories continue to publish crucial information about the potential targets of NSO Group’s spyware, we know this much already: something needs to be done.
But what exactly needs to be done is less obvious. Even though this is not the first time that the world has learned about major abuses by the surveillance industry (indeed, it’s not even the first time this month), it’s difficult to know what needs to change.
So how can the proliferation and use of…