Advanced Search
Content Type: Advocacy
We are responding to the UK Government's consultation to expand its powers around Technical Capabilities Notices and National Security Notices.
Background
Following Edward Snowden's revelations about the illegal and expansive secret powers of the US and UK intelligence agencies, the UK Government took the opportunity to, rather than reflect on what powers are proportionate in the modern era, to expand its arsenal of surveillance powers.
One of the powers it added was the ability to issue…
Content Type: Press release
A YouGov survey commissioned by PI shows that consumers expect their smartphones, computers, smart TVs and gaming consoles to receive security updates for a much longer period than what several manufacturers actually provide, leaving consumers with expensive tech that is vulnerable to cyberattacks.
The majority of consumers in the survey assumed their devices would be protected beyond two years, but current industry practices fail to meet these expectations. PI investigated the software…
Content Type: Report
End-to-end encryption (E2EE) contributes significantly to security and privacy. For that reason, PI has long been in favour of the deployment of robust E2EE.Encryption is a way of securing digital communications using mathematical algorithms that protect the content of a communication while in transmission or storage. It has become essential to our modern digital communications, from personal emails to bank transactions. End-to-end encryption is a form of encryption that is even more private.…
Content Type: Long Read
Introduction
In response to the unprecedented social, economic, and public health threats posed by the Covid-19 pandemic, the World Bank financed at least 232 "Covid-19 Response" projects. The projects were implemented across countries the World Bank classifies as middle and low-income.
This article will focus on eight (8) Covid-19 Response projects which sought to deliver social assistance to individuals and families on a "non-contributory" basis (this means that the intended beneficiaries…
Content Type: Long Read
This piece is a part of a collection of research that demonstrates how data-intensive systems that are built to deliver reproductive and maternal healthcare are not adequately prioritising equality and privacy.
What are they?
Short Message Services (SMS) are being used in mobile health (MHealth) initiatives which aim to deliver crucial information to expecting and new mothers. These initiatives are being implemented in developing countries experiencing a large percentage of maternal and…
Content Type: News & Analysis
After almost 20 years of presence of the Allied Forces in Afghanistan, the United States and the Taliban signed an agreement in February 2020 on the withdrawal of international forces from Afghanistan by May 2021. A few weeks before the final US troops were due to leave Afghanistan, the Taliban had already taken control of various main cities. They took over the capital, Kabul, on 15 August 2021, and on the same day the President of Afghanistan left the country.
As seen before with regime…
Content Type: News & Analysis
Around the world, we see migration authorities use technology to analyse the devices of asylum seekers. The UK via the Policing Bill includes immigration officers amongst those who can exercise powers to extract information from electronic devices. There are two overarching reasons why this is problematic:
The sole provision in the Policing Bill to extract information rests on voluntary provision and agreement, which fails to account for the power imbalance between individual and state. This…
Content Type: News & Analysis
It is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer ... when connected to the internet, computers serve as portals to an almost infinite amount of information that is shared between different users and is stored almost anywhere in the world.
R v Vu 2013 SCC 60, [2013] 3 SCR 657 at [40] and [41].
The controversial Police Crime Sentencing and Courts Bill includes provision for extracting data from electronic devices.
The Bill…
Content Type: News & Analysis
Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019.
This first landmark…
Content Type: News & Analysis
An excerpt of this piece was first published in June 2020 in Adbusters, an international not-for-profit magazine produced by a global collective of artists and activists who want to 'shake up complacent consumer culture'.
Big oil. Big tobacco. Big pharma. How did we let ‘big tech’ happen? You would have thought humanity would learn its lesson. That nothing good comes of the mass accumulation and concentration of power into the hands of so few.
The internet was meant to be different. No…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: Explainer
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content Type: News & Analysis
New technologies continue to present great risks and opportunities for any users but for some communities the implications and harms can have severe consequences and one of the sectors facing increasing challenges to keep innovating whilst protecting themselves and the people they serve is the humanitarian sector.
Over the course of engagement with the humanitarian sector, one of our key observations has been how risk assessments undertaken in the sector omitted to integrate a hollistic…
Content Type: News & Analysis
In September 2019, PI published the report Your Mental Health for Sale. Our investigation looked into popular mental health websites and their data sharing practices.
Our findings suggest that, at the time of the research, most websites we looked at were using third party tracking for advertising purposes, sometimes relying on programmatic advertising technologies such as Real Time Bidding (RTB), sharing personal data with potentially thousands of actors. Some websites were also found sharing…
Content Type: News & Analysis
Name: Google/Fitbit merger
Age: Gestating
Appearance: A bit dodgy. One of the world’s biggest tech giants, trying to purchase a company that makes fitness tracking devices, and therefore has huge amounts of our health data.
I don’t get it. Basically Google is trying to buy Fitbit. As if Google doesn’t already have enough data about us, it now wants huge amounts of health data too.
Oh, Fitbit, that’s that weird little watch-type-thing that people get for Christmas, wear for about a month…
Content Type: Call to Action
Google wants to know everything about you.
It already holds a massive trove of data about you, but by announcing its plans to acquire the health and fitness tracker company Fitbit, it now clearly wants to get its hands on your health too. We don’t think any company should be allowed to accumulate this much intimate information about you. This is why we’re trying to stop its merger with Fitbit.
Google and Fitbit need the European Commission’s approval before they can merge. The merger would…
Content Type: Press release
Today, the ICO has issued a long-awaited and critical report on Police practices regarding extraction of data from people's phones, including phones belonging to the victims of crime.
The report highlights numerous risks and failures by the police in terms of data protection and privacy rights. The report comes as a result of PI’s complaint, dating back to 2018, where we outlined our concerns about this intrusive practice, which involves extraction of data from devices of victims, witnesses…
Content Type: Press release
On 15 June 2020, Google formally notified the European Commission of its proposed acquisition of Fitbit, enabling them to capture a massive trove of sensitive health data that will expand and entrench its digital dominance. Privacy International is calling on EU regulators to block the merger.
In November 2019, Google announced its plan to acquire Fitbit, a company that produces and sells health tracking technologies and wearables - including smartwatches, health trackers and smart scales -…
Content Type: Call to Action
You might have read our investigation into advertisers who upload your data on Facebook and found out some companies doing the same to you. Well, you can join us and hold them accountable by sending your own Data Subject Access Request (DSAR)!
Before you get started we suggest you read our FAQ and take a look at our 7+1 tips to make the most out of your DSAR before and after.
To do so you simply need to copy the message bellow and send it to the companies that uploaded your data…
Content Type: Report
Back in October 2019, PI started investigating advertisers who uploaded personal data to Facebook for targeted advertising purposes. We decided to take a look at "Advertisers Who Uploaded a Contact List With Your Information", a set of information that Facebook provides to users about advertisers who upload files containing their personal data (including unique identifier such as phone numbers, emails etc...). Looking at the limited and often inaccurate information provided by Facebook through…
Content Type: Long Read
Covid Apps are on their way to a phone near you. Is it another case of tech-solutionism or a key tool in our healthcare response to the pandemic? It’s fair to say that nobody quite knows just yet.
We’ve been tracking these apps since the early days. We’ve been monitoring Apple and Google closely, have been involved in the UK’s app process, our partners in Chile and Peru have been tracking their governments’ apps, and more.
Of course privacy concerns arise. But only a simplistic analysis would…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of COVID-19, governments around the world are rushing to track the locations of their populace.
In this third installment of our Covid-19 tracking technology primers, we look at Satellite Navigation technology. In Part 1 of our mini-series on we discussed apps that use Bluetooth for proximity tracking. Telecommunications operators ('telcos'), which we discussed in Part 2, are also handing over customer data, showing the cell towers…
Content Type: Long Read
On 15th April Margaret Atwood, author of the Handmaid's Tale, gave an interview to BBC Radio 5 Live where she commented that ‘people may be making arrangements that aren’t too pleasant, but it’s not a deliberate totalitarianism’. You can read more about the interview in the Guardian.
While we agree with Margaret Atwood that we are not necessarily entering an era of "deliberate totalitarianism" we have written the following open letter (download link at the bottom of the page) to her as a ‘…
Content Type: News & Analysis
This week International Health Day was marked amidst a global pandemic which has impacted every region in the world. And it gives us a chance to reflect on how tech companies, governments, and international agencies are responding to Covid-19 through the use of data and tech.
All of them have been announcing measures to help contain or respond to the spread of the virus; but too many allow for unprecedented levels of data exploitation with unclear benefits, and raising so many red flags…
Content Type: Explainer
In a scramble to track, and thereby stem the flow of, new cases of Covid-19, Governments around the world are rushing to track the locations of their populace. One way to do this is to write a smartphone app which uses Bluetooth technology, and encourage (or mandate) that individuals download and use the app. We have seen such examples in Singapore and emerging plans in the UK.
Apps that use Bluetooth are just one way to track location. There are several different technologies in a smartphone…
Content Type: News & Analysis
In the last few days, PI and its Network have been recording and documenting the measures being proposed by various governments, international institutions and companies to help contain the spread of Covid-19.
In a recent development, the Guardian have reported that the UK government is the latest to seek to use mobile phone location and other traffic data from telecommunication operators to help with measures the government may develop next as part of the response to Covid-19.
It comes…
Content Type: News & Analysis
This piece was originally published by Unwanted Witness here.
Today marks exactly one year since Uganda passed its data protection law, becoming the first East African country to recognize privacy as a fundamental human right, as enshrined in Art 27 of the 1995 Uganda Constitution as well as in regional and International laws.
The Data Protection and Privacy Act, 2019 aims to protect individuals and their personal data by regulating processing of personal information by state and non-state…
Content Type: Long Read
This piece was written by Aayush Rathi and Ambika Tandon, who are policy officers at the Centre for Internet and Society (CIS) in India. The piece was originally published on the website Economic Policy Weekly India here.
In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices…
Content Type: Examples
Recent study shows that Americans are wary of data from smart speakers being used in criminal investigations, the Pew Research Center reported. A recent study showed that 49% of Americans answered that it is unacceptable for smart speakers companies to share audio recordings of their customers with law enforcement in order to help with criminal investigations. Only 25% said it is acceptable. Aparently, this result contrasts with some other data use practices measured in the same survey. For…