Advanced Search
Content Type: Press release
La CNIL a aujourd'hui prononcé une sévère sanction contre Criteo, une des plus grandes sociétés françaises de pistage et publicité en ligne. Le montant de l'amende a été réduit de 60 à 40 millions d'euros depuis l'audience qui s'est tenue à la CNIL en Mars 2023, durant laquelle Criteo avait mis en avant son bénéfice net de 10 millions d'euros en 2022 pour plaider en faveur d'une réduction de sa peine. La CNIL semble avoir entendu ces arguments, mais a heureusement maintenu une amende…
Content Type: Press release
French data regulator CNIL announced today a strong sanction against Criteo, one of the world's largest AdTech companies. Although close to the maximum GDPR fine, the amount of the fine was reduced from 60 to 40 million following a hearing at CNIL's offices in March 2023, during which Criteo pleaded for a reduced fine in light of its 10 million euros profit in 2022. CNIL seems to have acknowledged this argument but maintained a significant fine. This sanction follows a Privacy International…
Content Type: News & Analysis
The notorious Clearview AI first rose to prominence in January 2020, following a New York Times report. Put simply, Clearview AI is a facial recognition company that uses an “automated image scraper”, a tool that searches the web and collects any images that it detects as containing human faces. All these faces are then run through its proprietary facial recognition software, to build a gigantic biometrics database.
What this means is that without your knowledge, your face could be stored…
Content Type: News & Analysis
What if we told you that every photo of you, your family, and your friends posted on your social media or even your blog could be copied and saved indefinitely in a database with billions of images of other people, by a company you've never heard of? And what if we told you that this mass surveillance database was pitched to law enforcement and private companies across the world?
This is more or less the business model and aspiration of Clearview AI, a company that only received worldwide…
Content Type: Advocacy
The Office of the Privacy Commissioner of Canada has developed draft privacy guidance for police agencies' use of FRT, with a view to ensuring any use of FRT "complies with the law, minimizes privacy risks, and respects privacy rights". The Commissioner is undergoing consultation in relation to this guidance.
Privacy International and the Canadian Civil Liberties Association ("CCLA") welcome the Commissioner's efforts to strengthen the framework around police use of facial recognition, and the…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: Press release
Today, the European Court of Human Rights (ECtHR) has handed down a decision in a case brought by Privacy International and a coalition of internet and communications service providers and campaign groups including the Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First/People Link (US), and Riseup (US) (the “coalition”).
The case challenges the conduct of hacking operations abroad by one of the UK’s intelligence agencies, the Government Communications…
Content Type: News & Analysis
Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.
Now, the French Data Protection Authority CNIL has informed us that they are following the same route and …
Content Type: Advocacy
Privacy International provided comments to the UK Financial Conduct Authority on the Terms of Reference to its Credit Information Market Study.
We highlighted that:
Credit data (whether ‘traditional’ credit data; data from Open Banking sources, or other sources of data like social media) are hugely revealing of people’s lives far beyond the state of their financial affairs.
The affects upon consumer behaviour of this use of data in the credit sector extends beyond the choices they…
Content Type: Advocacy
Dear Chair and Committee colleagues,
Privacy International is an international NGO, based in London, which works with partners around the world to challenge state and corporate surveillance and data exploitation. As part of our work, we have a dedicated programme “Defending Democracy and Dissent” where we advocate for limits on data exploitation throughout the electoral cycle.
We have been closely following the important work of the Committee. Prompted by the additional evidence provided…
Content Type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content Type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content Type: Long Read
It’s 15:10 pm on April 18, 2018. I’m in the Privacy International office, reading a news story on the use of facial recognition in Thailand. On April 20, at 21:10, I clicked on a CNN Money Exclusive on my phone. At 11:45 on May 11, 2018, I read a story on USA Today about Facebook knowing when teen users are feeling insecure.
How do I know all of this? Because I asked an advertising company called Quantcast for all of the data they have about me.
Most people will have never heard of…
Content Type: Press release
In a remarkable development in Privacy International's four year legal battle against the UK Government's powers to hack phones and computers on a massive scale, the UK Supreme Court has agreed to hear the London-based charity's case in December 2018.
Privacy International's case stems from a decision by the Investigatory Powers Tribunal (a specialised court set up to hear complaints against government surveillance, including surveillance carried out by the UK intelligence agencies) finding…
Content Type: Long Read
Introduction
A growing number of governments around the world are embracing hacking to facilitate their surveillance activities. Yet hacking presents unique and grave threats to our privacy and security. It is far more intrusive than any other surveillance technique, capable of accessing information sufficient to build a detailed profile of a person, as well as altering or deleting that information. At the same time, hacking not only undermines the security of targeted systems, but also has…
Content Type: Press release
Today, Privacy International, together with five internet and communications providers from around the world, have lodged an application before the European Court of Human Rights to challenge the British Government's use of bulk hacking abroad. Until we brought our original case at the Investigatory Powers Tribunal (IPT) in 2014, the Government had never admitted that it engaged in hacking. Now we are learning for the first time how far-reaching the Government's global hacking capabilities are…
Content Type: Long Read
This piece originally appeared here.
On both sides of the Atlantic, we are witnessing the dramatic expansion of government hacking powers. In the United States, a proposed amendment to Rule 41 of the Federal Rules of Criminal Procedure would permit the government to obtain a warrant, in certain circumstances, to hack unspecified numbers of electronic devices anywhere in the world. Meanwhile, across the pond, the British Parliament is currently debating the Investigatory…
Content Type: Press release
In response to the Investigatory Powers Tribunal (IPT) ruling today that GCHQ's hacking is lawful, we have issued the following press statement:
"We are disappointed by the IPT’s judgment today, which has found Government hacking lawful based on a broad interpretation of a law dating back to 1994, when the internet and mobile phone technology were in their infancy.
Until we brought this case, GCHQ would neither confirm nor deny that it was they were engaging in mass hacking of…
Content Type: Long Read
The Investigatory Powers Tribunal (“IPT”) today held that GCHQ hacking of computers, mobile devices and networks is lawful, wherever it occurs around the world. We are disappointed that the IPT has not upheld our complaint and we will be challenging its findings.
Our complaint is the first UK legal challenge to state-sponsored hacking, an exceptionally intrusive form of surveillance. We contended that GCHQ hacking operations were incompatible with democratic principles and human rights…
Content Type: Press release
Documents released today confirm GCHQ, the UK intelligence agency, is hacking computers in the United Kingdom without individual warrants. The documents contain previously unknown details and defenses of GCHQ's use of "thematic warrants" to hack. The legal challenge in which these documents are being disclosed was brought by Privacy International and seven internet and communications service providers from around the world in response to disclosures made by Edward Snowden.…
Content Type: Press release
The Government has quietly ushered through legislation amending the anti-hacking laws to exempt GCHQ from prosecution. Privacy International and other parties were notified of this just hours prior to a hearing of their claim against GCHQ's illegal hacking operations in the Investigatory Powers Tribunal.
In its legal filings, sent to Privacy International only the day before the hearing began, the Government notified claimants that the Computer Misuse Act was rewritten on 3 March 2015 to…
Content Type: Press release
The British Government has admitted its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime.
These startling admissions come from a government court document published today by Privacy International. The document was filed by the government in response to two …
Content Type: Press release
Privacy International today filed a legal complaint demanding an end to the unlawful hacking being carried out by GCHQ which, in partnership with the NSA, is infecting potentially millions of computer and mobile devices around the world with malicious software that gives them the ability to sweep up reams of content, switch on users' microphones or cameras, listen to their phone calls and track their locations.
The complaint, filed in the UK’s Investigatory Powers Tribunal, is the…
Content Type: Long Read
Today, Privacy International lodged a legal challenge to GCHQ's extensive and intrusive hacking of personal computers and devices. Below, we answer a few questions about the law underlying our complaint, and why it matters.
Is hacking legal?
As a result of the Snowden revelations, we have learned that GCHQ, often in partnership with the NSA, has been using malicious software to intrude upon our computers and mobile devices.
This type of activity, often called "hacking," is a…
Content Type: Long Read
Spy agencies have long sought to turn the technologies that improve all our lives against us. From some of the very first forms of remote communications such as telegraph cables, to modern-day means like Skype: if the spies can exploit it, they will.
And, as we’ve learnt over the last few months, the computer and mobile devices that millions of us own and carry around with us every day are no exception to this rule.
The smart phones, laptops, and devices that have changed how we communicate…