Search
Content type: Advocacy
Generative AI models cannot rely on untested technology to uphold people's rightsThe development of generative AI has been dependent on secretive scraping and processing of publicly available data, including personal data. However, AI companies have to date had an unacceptably poor approach towards transparency and have sought to rely on unproven ways to fulfill people's rights, such as to access, rectify, and request deletion of their dataOur view is that the ICO should adopt a stronger…
Content type: Advocacy
Generative AI models are based on indiscriminate and potentially harmful data scrapingExisting and emergent practices of web-scraping for AI is rife with problems. We are not convinced it stands up to the scrutiny and standards expected by existing law. If the balance is got wrong here, then people stand to have their right to privacy further violated by new technologies.The approach taken by the ICO towards web scraping for generative AI models may therefore have important downstream…
Content type: Long Read
IntroductionData about our health reveals some of the most sensitive, intimate - and potentially embarrassing - information about who we are. Confidentiality is, and has always been, at the very heart of medical ethics. People need to be able to trust their doctors, nurses and other healthcare providers so that they are not afraid to tell them something important about their health for fear of shame, judgement or social exclusion.It’s no surprise then that data protection regimes around…
Content type: Press release
La CNIL a aujourd'hui prononcé une sévère sanction contre Criteo, une des plus grandes sociétés françaises de pistage et publicité en ligne. Le montant de l'amende a été réduit de 60 à 40 millions d'euros depuis l'audience qui s'est tenue à la CNIL en Mars 2023, durant laquelle Criteo avait mis en avant son bénéfice net de 10 millions d'euros en 2022 pour plaider en faveur d'une réduction de sa peine. La CNIL semble avoir entendu ces arguments, mais a heureusement maintenu une amende…
Content type: Press release
French data regulator CNIL announced today a strong sanction against Criteo, one of the world's largest AdTech companies. Although close to the maximum GDPR fine, the amount of the fine was reduced from 60 to 40 million following a hearing at CNIL's offices in March 2023, during which Criteo pleaded for a reduced fine in light of its 10 million euros profit in 2022. CNIL seems to have acknowledged this argument but maintained a significant fine. This sanction follows a Privacy International…
Content type: Long Read
The rise of the gig-economy, a way of working relying on short term contracts and temporary jobs rather than on an employed workforce, has enabled the growth of a number of companies over the last few years. But without the rights that comes with full employment, gig economy workers today don't have access to essential protections.
In 2021, PI worked with ACDU and Worker Info Exchange to shed a light on the power imbalance between workers and gig economy platforms, exposing how workers find…
Content type: Advocacy
Algorithmic management fundamentally relies on the availability of data to make decisions. The impact that these decisions can have on workers can be financially and emotionally devastating.
PI has previously exposed this issue through the Managed by Bots campaign - in which we called for the conditions under which data is collected and processed to be subjected to effective and robust scrutiny.
Content type: Long Read
Introduction
In response to the unprecedented social, economic, and public health threats posed by the Covid-19 pandemic, the World Bank financed at least 232 "Covid-19 Response" projects. The projects were implemented across countries the World Bank classifies as middle and low-income.
This article will focus on eight (8) Covid-19 Response projects which sought to deliver social assistance to individuals and families on a "non-contributory" basis (this means that the intended beneficiaries…
Content type: Advocacy
In our submission we outline our concerns with the industry as a result of extensive technical research and complaints taken to data protection authorities in Europe as a result.
Data brokers must specifically be included in "actors in scope."
We recommend that "data brokers" are specifically included in the list of "actors in scope". A data broker is a company that collects, buys and sells personal data and this is often how they earn their primary revenue. It is a term that is entering…
Content type: Advocacy
Despite repeated recommendations by the UN Human Rights Council and the UN General Assembly to review, amend or enact national laws to ensure respect and protection of the right to privacy, national laws are often inadequate and do not regulate, limit or prohibit surveillance powers of government agencies as well as data exploitative practices of companies.
Even when laws are in place, they are seldom enforced. In fact PI notes how it is often only following legal challenges in national or…
Content type: News & Analysis
What if we told you that every photo of you, your family, and your friends posted on your social media or even your blog could be copied and saved indefinitely in a database with billions of images of other people, by a company you've never heard of? And what if we told you that this mass surveillance database was pitched to law enforcement and private companies across the world?
This is more or less the business model and aspiration of Clearview AI, a company that only received worldwide…
Content type: News & Analysis
Photo by Emmanuel Olguín on Unsplash
After many denials and much distraction, the truth is out. According to Facebook’s own internal research, Instagram is toxic to teen girls’ mental health.
This week, the Wall Street Journal reported on a collection of internal Facebook documents which it says demonstrate how the platform is acutely aware of the harmful effects Instagram has on the mental health of teens. The Journal reported that Facebook’s own research showed that use of the image…
Content type: Advocacy
Dear TECNO,
We, the undersigned, don’t believe that privacy should be a luxury. And yet, when TECNO manufacture and sell phones with an outdated operating system, that’s the world TECNO are helping to create.
Our recent investigation into the TECNO Y2 showed that at least one TECNO phone is currently on sale with an operating system that hasn’t received updates since 2013. We are concerned because this is leaving users vulnerable to hundreds of well-known and serious exploits.
The Y2 was…
Content type: Case Study
Behind their tecchie names, AddThis and ShareThis are simple services: they allow web-developers and less tech-savvy users to integrate social networking "share" buttons on their site. While they might also offer some additional services such as analytics, these tools gained traction mostly by providing an easy and free way to integrate Facebook, Twitter and other social networks share buttons. Anyone can use any of these service and in a few clicks be provided with a plugin for their site or a…
Content type: Long Read
Now more than ever with a global pandemic happening, our lives are being shaped by our interaction with the digital world. Work meetings on Zoom followed by Skype with family before a quick run with your favourite running app and a Google search for your next meal: technologies and services offer us a lot and greatly improve our daily lives. But what's the real cost of these tools we rely on so much?
A lot of these companies, especially those offering free services, collect data about you. It…
Content type: Examples
Article extract- translated from the original French.
"A political big data company with close ties to the federal liberals and which worked on Emmanuel Macron's campaign in France is setting up its head office in Old Montreal to continue its growth and take advantage of Montreal's digital vitality.
Data Sciences inc. (DS) was born from the victory of the Liberal Party of Canada (PLC) in the last election. Tom Pitfield, a close friend of Justin Trudeau, was leading digital operations during…
Content type: Long Read
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: News & Analysis
An excerpt of this piece was first published in June 2020 in Adbusters, an international not-for-profit magazine produced by a global collective of artists and activists who want to 'shake up complacent consumer culture'.
Big oil. Big tobacco. Big pharma. How did we let ‘big tech’ happen? You would have thought humanity would learn its lesson. That nothing good comes of the mass accumulation and concentration of power into the hands of so few.
The internet was meant to be different. No…
Content type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content type: News & Analysis
Abortion without privacy guarantees is not safe abortion.
Safe access to abortion is far from guaranteed throughout the world. And in many countries, there are groups working hard to make sure that safe access to this vital component of reproductive healthcare remains out of reach.
Online platforms are the new arena of anti-reproductive advocacy, and those opposed to reproductive rights are increasingly deploying digital, data-exploitative strategies. By using and developing digital…
Content type: Long Read
An edited version of this article was originally published on the EDRi website in September 2020.
Introduction
Monopolies, mergers and acquisitions, anti-trust laws. These may seem like tangential or irrelevant issues for privacy and digital rights organisations. But having run our first public petition opposing a big tech merger, we wanted to set out why we think this is an important frontier for people's rights across Europe and indeed across the world.
In June, Google notified the…
Content type: News & Analysis
A new report by the UN Working Group on mercenaries analyses the impact of the use of private military and security services in immigration and border management on the rights of migrants, and highlights the responsibilities of private actors in human rights abuses as well as lack of oversight and, ultimately, of accountability of the system.
Governments worldwide have prioritised an approach to immigration that criminalises the act of migration and focuses on security.
Today, borders are not…
Content type: Examples
The Australian government reported soon after releasing its CovidSafe contact tracing app that the app doesn’t work properly on iPhones because it doesn’t use Apple’s Exposure Notification framework and the Bluetooth functions deteriorate if the app isn’t kept running in the foreground. The government will update the app to use Apple’s framework. The app will store data on Amazon Web Services servers within Australia, although critics have expressed concern that the data could be handed over to…
Content type: Examples
After governments in many parts of the world began mandating wearing masks when out in public, researchers in China and the US published datasets of images of masked faces scraped from social media sites to use as training data for AI facial recognition models. Researchers from the startup Workaround, who published the COVID19 Mask image Dataset to Github in April 2020 claimed the images were not private because they were posted on Instagram and therefore permission from the posters was not…
Content type: News & Analysis
Back in January, Privacy International and over 50 other organisations wrote to Google asking the company to take action over pre-installed apps that cannot be deleted (often known as “bloatware”), which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent. Thousands of people from over 50 countries signed our petition supporting this ask. We welcome the constructive conversations we had with Google following this campaign and for the…
Content type: News & Analysis
No doubt this is turning out to be a summer full of news about internet companies' digital dominance.
In June, Google notified the European Commission of its plan to acquire Fitbit - a plan that we immediately identified would raise grave concerns for our well-being as consumers.
Today the European Commission has made its decision. And it's good news.
The European regulator has decided to undertake a detailed 'Phase 2' investigation, rather than just green light Google's plans, voicing also the…