Advanced Search
Content Type: Long Read
Why does this decision matter?
Our complaint against Criteo formed part of a larger set of coordinated complaints we filed in 2018 against 7 data brokers (Acxiom, Oracle), AdTech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France (CNIL), Ireland, (DPC) and the UK (ICO). The EU General Data Protection Regulation (GDPR) had recently come into force, and the AdTech industry was (and still is) a prime affront to the…
Content Type: Press release
La CNIL a aujourd'hui prononcé une sévère sanction contre Criteo, une des plus grandes sociétés françaises de pistage et publicité en ligne. Le montant de l'amende a été réduit de 60 à 40 millions d'euros depuis l'audience qui s'est tenue à la CNIL en Mars 2023, durant laquelle Criteo avait mis en avant son bénéfice net de 10 millions d'euros en 2022 pour plaider en faveur d'une réduction de sa peine. La CNIL semble avoir entendu ces arguments, mais a heureusement maintenu une amende…
Content Type: Video
<br />
Links
Daniel's petition: https://www.change.org/p/uk-parliament-ban-advertisers-from-targeting-eating-disorders
PI's diet ads report: https://privacyinternational.org/long-read/4603/unhealthy-diet-targeted-ads-investigation-how-diet-industry-exploits-our-data
More information on Instagram, targeted ads, and Frances Haugen - the Facebook whistleblower: https://privacyinternational.org/news-analysis/4622/reduce-facebooks-harms-teens-target-its-data-hungry-business-model…
Content Type: Long Read
For many, browsing the internet or checking social media comes with its fair share of being targeted with ads selling “fad diet” subscription-based programmes, magic weight-loss powders, or promising a secret trick to lose weight quickly. Some of the products and programmes sold have been described as scams, with a very real impact for those suffering from eating disorders and those who fall prey to these ads. This is even more problematic due to the Covid-19 pandemic, which has seen the…
Content Type: Examples
Sidestepping the need to obtain a search warrant, the US Department of Homeland Security (DHS) has been accessing smartphone location data by buying it from private marketing that typically embed tracker in apps. This data, which maps the movement of millions of cellphones in America, was collected from ordinary cellphone apps, to which users gave access to their location. In this particular instance, it was used by the DHS to search for undocumented immigrants according to the Wall Street…
Content Type: Long Read
Now more than ever with a global pandemic happening, our lives are being shaped by our interaction with the digital world. Work meetings on Zoom followed by Skype with family before a quick run with your favourite running app and a Google search for your next meal: technologies and services offer us a lot and greatly improve our daily lives. But what's the real cost of these tools we rely on so much?
A lot of these companies, especially those offering free services, collect data about you. It…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: News & Analysis
This blogpost is a preview of the full 'Our Data Future' story, produced by Valentina Pavel, PI Mozilla-Ford Fellow, 2018-2019.
2030.
Four worlds.
One choice. Which one is yours?
All aboard! Time to step into the imaginarium. Explore four speculative future scenarios, examining how different ways of governing data create vastly different worlds. How is our digital environment going to look like in ten years' time? What’s going to be our relationship with data?
Each of us has a role in…
Content Type: News & Analysis
In December 2018, we revealed how some of the most widely used apps in the Google Play Store automatically send personal data to Facebook the moment they are launched. That happens even if you don't have a Facebook account or are logged out of the Facebook platform (watch our talk at the Chaos Communication Congress (CCC) in Leipzig or read our full legal analysis here).
Today, we have some good news for you: we retested all the apps from our report and it seems as if we…
Content Type: Long Read
Creative Commons Photo Credit: Source
In the midst of continued widespread public outrage at the US government’s brutal ‘zero-tolerance’ policy around immigration – multiple data and analytics companies have quietly avoided answering questions about their role in feeding the US Immigration and Customs Enforcement (ICE) agency’s data backbone. These companies are bidding to work with an agency that has time and time again shown itself to be a brutal and problematic.
Privacy International…
Content Type: Long Read
Privacy and data protection are currently being debated more intensively than ever before. In this interview, Frederike Kaltheuner from the civil rights organisation Privacy International explains why those terms have become so fundamentally important to us. The article was first published in the newly launched magazine ROM. The interview was conducted by ROM publisher Khesrau Behroz and writers Patrick Stegemann and Milosz Paul Rosinski.
Frederike Kaltheuner, you work for Privacy…
Content Type: Long Read
Yesterday the UK's Information Commissioner's Office (ICO) - which is responsible for ensuring people's personal data is protected - announced it intends to fine Facebook the maximum amount possible for its role in the Cambridge Analytica scandal.
This decision highlights of how serious and rampant misuse and exploitation of data is. Facebook is responsible and failed to comply with data protection 101: be upfront and honest about what you are doing with people's data.
Importantly, the ICO's…
Content Type: Press release
Privacy International (PI) has today sent an open letter to the President of Thomson Reuters Corporation asking whether he will commit to ensuring the multinational company’s products or services are not used to enforce cruel, arbitrary, and disproportionate measures, including those currently being implemented by US immigration authorities.
Documentation shows that Thomson Reuters Corporation is selling access to highly sensitive and personal data to the US Immigration and Customs Enforcement…
Content Type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content Type: Long Read
We found the image here.
Open a Russian Matryoshka doll and you will find a smaller doll inside. Ask a large data company such as Acxiom and Oracle where they get their data from, and the answer will be from smaller data companies.
Data companies – a catch all term for data brokers, advertisers, marketers, web trackers, and more – facilitate a hidden data ecosystem that collects, generates and supplies data to wide variety of beneficiaries. The beneficiaries of the ecosystem can include other…
Content Type: Press release
On the day that GDPR comes into force, PI has launched a campaign investigating a range of data companies that make up a largely hidden data ecosystem. This hidden data ecosystem is comprised of thousands of non-consumer facing data companies - such as Acxiom, Criteo, Quantcast - that amass and exploit large amounts of personal data. Using the rights and obligations provided for within the new data privacy law, PI's campaign involves investigating a selection of these companies whose business…
Content Type: Long Read
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content Type: Press release
WASHINGTON, D.C. – U.S. companies should adopt the same data protection rules that are poised to go into effect in the European Union on May 25, Public Citizen, the Center for Digital Democracy and Privacy International said today.
In a sign-on letter, 28 groups are calling on some of the world’s largest companies – including Facebook, Google and Amazon, as well as digital advertisers like Nestle, Walmart and JPMorgan Chase – to use Europe’s impending General Data Protection Regulation (GDPR…
Content Type: Long Read
We found the image here.
When we browse the internet, go to work, drive down the street, go shopping, interact with institutions, or simply move through the city, data is collected about us.
Advanced profiling technologies answer questions we did not raise. They generate knowledge we did not anticipate, but are eager to apply. As knowledge is power, profiling changes the power relationships between the profilers and the profiled.
In a world where everything we do becomes more and more…
Content Type: Report
In contrast to automated decision-making, profiling is a relatively novel concept in European data protection law. It is now explicitly defined in Article 4(4) of the EU General Data Protection Regulation (GDPR), and refers to the automated processing of data (personal and not) to derive, infer, predict or evaluate information about an individual (or group), in particular to analyse or predict an individual’s identity, their attributes, interests or behaviour.
Through profiling, highly…
Content Type: Long Read
The era where we were in control of the data on our own computers has been replaced with devices containing sensors we cannot control, storing data we cannot access, in operating systems we cannot monitor, in environments where our rights are rendered meaningless. Soon the default will shift from us interacting directly with our devices to interacting with devices we have no control over and no knowledge that we are generating data. Below we outline 10 ways in which this exploitation and…
Content Type: News & Analysis
Privacy International’s Data Exploitation Programme Lead was invited to give evidence to the Select Committee on Artificial Intelligence at the U.K. House of Lords. The session sought to establish how personal data should be owned, managed, valued, and used for the benefit of society.
Link to the announcement of the session: https://www.parliament.uk/business/committees/committees-a-z/lords-select/ai-committee/news-parliament-2017/data-evidence-session/
Full video recording of the session:…