Producing real change

Long Read

Last update: 26 April 2023

In 2022, Privacy International continues to produce real change by challenging governments and corporations that use data and technology to exploit us.

We know life moves quickly. So, we wanted to keep you in the loop and ensure you don’t miss out on how we’re changing the world for the better.

That’s why we’ve created this highlight reel of our wins in the past year.

Take a look below!

PS: To continue to do this, and more, into 2023, we need your support. We have a big fight ahead of us, with the fight for privacy being more essential than ever. We know that times are hard around the world, so all we are asking is for a one off donation of £3, or whatever you can afford. Donate here

Spring

The High Court ruled that seizing mobile phones from asylum seekers was unlawful
Earlier in the year, PI intervened in a case against mobile phone seizures and data extraction applied to asylum seekers arriving by small boats in the UK. On 25 March 2022, the High Court ruled that the Home Office blanket policy of seizing mobile phones from asylum seekers was unlawful, and found that migrants shouldn’t have been compelled to provide their PIN numbers. The decision is an important step towards better protection of migrants’ rights.

The European Court of Human Rights confirmed that bulk interception violates fundamental rights
On 10 March 2022, the European Court of Human Rights (ECtHR) issued a decision, in relation to HRW and Ball case (which resulted from our campaign and was supported by PI), confirming the UK government’s admission that its bulk interception regime was not compliant with Articles 8 (right to Privacy) and 10 (Freedom of Expression) with regard to the treatment of confidential journalistic material. The UK government acknowledged that parts of its historic mass investigatory powers regime violated Articles 8 and 10 of the European Convention on Human Rights. The government has also agreed to pay compensation to the applicants.

Google gives power to people to opt-out of weight-related apps
Google added “Weight loss” as a sensitive Ad category from which users can opt-out of being targeted. The settings will apply on all Google services in Google’s Display network which includes more than 2 million websites, videos, and apps. This was one of the main demands PI advocated for following our Diet Ads research.

Clearview AI fined and ordered to stop data collection in Italy
As a result of the complaint submitted by PI and our Italian partner Hermes, the Italian Data protection authority issued a decision to fine Clearview AI €20 million and ordered it to delete collected data.

Summer

Clearview AI fined and ordered to stop data collection in the UK and Greece
PI’s challenges against Clearview AI in Europe and the UK resulted in several important decisions from regulators. The UK data protection regulator, the ICO, fined Clearview AI £7.5 million and the Hellenic data protection authority fined Clearview AI €20 million - the highest fine ever imposed by the Greek DPA. In both cases, regulators ordered Clearview AI to delete and stop collecting data of data subjects.

UK Competition Appeal Tribunal is concerned by acquisition of Giphy by Meta
In June 2022, we were granted permission to intervene in a case brought by the UK’s Competition Market Authority (CMA) after a report in 2021 found that the completed merger between Meta and Giphy will give rise to a substantial lessening of competition. The Tribunal’s judgment on the Meta/CMA case agreed that the acquisition of Giphy by Meta gives rise to substantial lessening on competition and agreed that the CMA order for Meta to sell Giphy was appropriate. The decision reflects the position we advocated in our intervention.

This is a significant intervention in challenging the Big Tech monopolies that are gatekeeping our internet by acquiring more and more companies.

The European Court of Human Rights’ (ECtHR) decision opens new possibilities for challenging governments
The ECtHR approved settlement terms we agreed with the UK Foreign, Commonwealth & Development Office in a challenge to a blanket Freedom of Information Act exemption. This decision opens the door to national challenges to blanket Freedom of Information Act exemptions applied to certain government agencies.

Digital Markets Act (DMA) - a landmark for fairer online business
The final text of the EU Digital Markets Act was approved by the Council of Europe, in July 2022, giving way to the adoption of the Act. The final text included some of the amendments proposed by PI, particularly in relation to interoperability, data protection and role of Civil Society Organisations (CSOs) in the implementation of the act. The DMA is a regulation that sets a framework for investigating and and sanctioning non-compliant behaviours of large companies in the digital space.

PI contributed to the work of international human rights institutions
We spoke at the UN Human Rights Council 50th session, focusing on post-pandemic human rights priorities.
We also gave evidence on the Global Surveillance Industry(starting with 17:31:10) before the European Parliament’s Committee of inquiry to investigate the use of the Pegasus and equivalent surveillance spyware and their human rights implications.

Innovative advocacy action against migrants’ surveillance
Privacy International, Migrants Organise and Bail For Immigration Detainees shone a light on 10 years of the ‘hostile environment’ with a vast light projection on Home Office building. The projection generate massive support and attention from organisations working in the migration and human rights domains.

Autumn

UK High Court orders redress for thousands of migrants
In its recent decision, the UK High Court ordered the UK Home Office to provide remedy to the thousands of migrants affected by its unlawful policy and practice of seizing mobile phones from people arriving by small boats to UK shores. According to the existing estimates, around 8,500 people would be able to claim compensation due to unlawful phone seizures. The court also ruled claims the Home Office breached the duty of candour in the conduct of the litigation.

Clearview AI’s case debated in the UK Parliament
The UK House of Lords debated the topic of Clearview AI As a result of the ICO’s enforcement notice which was issued following PI’s legal challenge against Clearview AI. Parliamentarians debated how the ICO and the UK government will ensure that the company pays the fine and complies with the orders. It also led to a call for new regulation limiting use of facial recognition technologies by the police.

Better regulation of Mobile Phone Extraction
The UK government’s code of practice on Extraction of Information from electronic devices includes some of PI’s recommendations from our response to the consultation on the Code launched earlier this year. The new Code of Practice makes clear that regardless of the purpose, there must be no presumption that information will be extracted from a device. Further, the code states that other less intrusive means of obtaining information must be considered. It also includes a set of additional documents to be provided in the written notice to the person who is the subject of extraction.

Clearview AI fined and ordered to stop data collection in France
As a result of PI’s complaint in France, part of our wider challenge against Clearview AI in Europe, on 20 October 2022 the French data protection authority, CNIL, imposed a €20 million fine on Clearview AI - the maximum GDPR fine - for failing to comply with its orders of December 2021.

EU Ombudsman opened inquiries on development of surveillance capabilities in non-EU countries
Following our complaints, the European Ombudswoman has launched new investigations into the European Border and Coast Guard Agency (Frontex) and the European External Action Service (EEAS), the EU’s diplomatic agency. Our complaints were in relation to support provided to non-EU countries to develop surveillance capabilities, which was often provided without prior human rights risk and impact assessments.

UK Competition and Markets Authority confirmed that Meta should sell Giphy
On 18 October 2022, the UK Competition and Markets Authority (CMA) confirmed the decision to order Meta to sell Giphy, citing concerns over users’ data raised in PI’s intervention. The CMA’s final decision reflects our submissions and sends an important signal to Big Tech that they can’t continue entrenching their data dominance over the web by buying companies.

More scrutiny of use of technology in elections
Following PI’s collaboration with the Carter Center, data protection and privacy observations were officially integrated into the Carter Center’s Preliminary report on the Presidential elections in Kenya. PI joined the Carter Center in Kenya as part of a pre-election assessment team in July 2022 to identify and explore data protection issues around the elections. This was one of the first substantial analyses of data protection and privacy legislation and the use of technology in the Kenyan election which took place 9 August 2022.

Winter

Investigatory Powers Tribunal condemned a long-term rule breaking by MI5
Privacy International and Liberty won a landmark case against MI5’s unlawful handling of millions of people’s data. UK' Investigatory Powers Tribunal (IPT) found that UK's Security Service (MI5) unlawfully held large amount of data because of the lack of the necessary retention, review and deletion safeguards, imposed by the law. This conduct, the Tribunal concluded, was tolerated by the Home Secretary who issued warrants unlawfully despite knowing about signs of MI5’s breaches. The ruling could positively impact the independent review of the Investigatory Powers Act 2016 initiated recently by the UK government.

European Ombudsman finds European Commission failed to protect human rights while providing surveillance aid to African countries
Following our complaint, the European Ombudsman concluded that the European Commission failed to take necessary measures to ensure the protection of human rights in the transfers of technology with potential surveillance capacity supported by its multi-billion Emergency Trust Fund for Africa (EUTF). The Ombudsman recommended that "EUTF projects, both in Africa and elsewhere, should require an assessment of the potential human rights impact of projects" with  "corresponding mitigation measures". This decision sets up new human rights standards for EU programmes that might undermine people's rights and freedoms. The Ombudsman further opened investigations in relation to the activities of Frontex (the European Border and Coast Guard Agency) and EEAS (the European External Action Service).

EU asks for sustainable security of mobile devices
The European Commission’s proposal for the Cyber Resilience Act included provision on 5 year support duration standard for support duration of devices. This largely reflects PI’s comments to the consultations and demands articulated during the meetings with the Commission officials emphasising the need for long term software support.

Current draft of the pandemic treaty includes clear data protection principles
For preventing and fighting pandemics in the future international entities proposed a treaty “WHO Convention, Agreement or Other International Instrument on Pandemic Prevention, Preparedness and Response” (WHO CA+). As a result of PI’s advocacy, the zero draft of the convention includes a stand-alone article on confidentiality/data protection we advocated for amongst other recommendations. The article clearly articulates that “any exchange of data or information by the Parties pursuant to the WHO CA+ shall respect the right to privacy”.

Better standards for cybercrime regulations set up internationally
The UN member-states started negotiations for a new cybercrime treaty – a comprehensive international convention on countering the use of information and communications technologies for criminal purposes. As many of cybercrime laws, policies and practices currently can undermine human rights, we’ve been actively advocating for appropriate human rights safeguards in the draft treaty's provisions. As a result of our advocacy, the current consolidated negotiating document (that is the compilation of all states' positions) for UN draft Cybercrime Treaty incorporates human rights provisions PI advocated for (including the positions of the UK and of the EU).

PI's contribution towards protecting elections was recognised by key players in the filed
Due to PI's work on protection against use of technology in the elections, PI was invited and attended the Declaration of Principles for International Election Observation Implementation Meeting held at the European Parliament in December 2022. PI was the only CSO not directly connected with the area invited to the meeting. Our work and contribution towards protecting elections against abusive use of technology was highly appreciated by various election observation mission and sector organisations, that not only welcomed our involvement but also expressed interest in deepening collaboration with PI.