Advanced Search
Content Type: News & Analysis
In a significant and forceful decision, on 1 March 2024 the UK's Data Protection Authority found that the UK Government's GPS tagging of migrants arriving to the UK by small boats and other "irregular" routes was unlawful.
The decision comes as a result of Privacy International's complaint filed in August 2022 against the GPS tagging policy, which alleged widespread and significant breaches of privacy and data protection law. Our complaint relied extensively on anonymous testimonies of…
Content Type: News & Analysis
We have been fighting for transparency and stronger regulation of the use of IMSI catchers by law enforcement in the UK since 2016. The UK police forces have been very secretive about the use of IMSI catchers – maintaining a strict “neither confirm nor deny” (NCND) policy. In our efforts to seek greater clarity we wrote to the UK body which monitors the use of covert investigatory powers, the Investigatory Powers Commissioner’s Office (IPCO), asking the Commissioner to revisit this…
Content Type: News & Analysis
In a judgment of 14 October 2022, the UK High Court ordered the UK Home Office to provide remedy to the thousands of migrants affected by its unlawful policy and practice of seizing mobile phones from people arriving by small boats to UK shores.
The availability and spread of new technologies, and the exponential amounts of data they generate, are regularly being abused by governments to surveil and control people - but these new forms of surveillance are only starting to make their way through…
Content Type: News & Analysis
Privacy International (PI) has today filed complaints with the Information Commissioner (ICO) and Forensic Science Regulator (FSR) against the UK Home Office's use of GPS ankle tags to monitor migrants released on immigration bail. This policy and practice represents a seismic change in the surveillance of migrants in the UK. PI was first alerted to this scheme by organisations such as Bail for Immigration Detainees, an independent charity that exists to challenge immigration detention in the…
Content Type: News & Analysis
The UK government has acknowledged that section 8(4) of the Regulation of Investigatory Powers Act (“RIPA”) (which has since been repealed) violated Articles 8 and 10 of the European Convention on Human Rights (ECHR). In relation to Article 10, it specifically acknowledged that the way in which security agencies handled confidential journalistic material violated fundamental rights protected by Article 10.
As part of a friendly settlement with two applicants, the UK government acknowledged…
Content Type: Explainer
Following sustained reporting by researchers, journalists and activists around the world, including recent disclosures exposed by the PegasusProject, the surveillance industry is facing scrutiny like never before.
In the latest move, eighteen U.S. lawmakers have today demanded that the U.S. government imposes sanctions on four non-US surveillance companies for, as they mention in their letter, facilitating “disappearance, torture and murder of human rights activists and journalists”.
The move…
Content Type: News & Analysis
What if we told you that every photo of you, your family, and your friends posted on your social media or even your blog could be copied and saved indefinitely in a database with billions of images of other people, by a company you've never heard of? And what if we told you that this mass surveillance database was pitched to law enforcement and private companies across the world?
This is more or less the business model and aspiration of Clearview AI, a company that only received worldwide…
Content Type: News & Analysis
Today Apple announced a set of measures aimed at improving child safety in the USA. While well-intentioned, their plans risk opening the door to mass surveillance around the world while arguably doing little to improve child safety.
Among the measures, Apple has announced that it is to introduce “on-device machine learning” which would analyse attachments for sexually explicit material, send a warning, and begin scanning every photo stored on its customers’ iCloud in order to detect child…
Content Type: News & Analysis
What happened
On 22 July 2021, the Investigatory Powers Tribunal (IPT) issued a declaration on our challenge to the UK bulk communications regime finding that section 94 of the Telecommunications Act 1984 (since repealed by the Investigatory Powers Act 2016) was incompatible with EU law human rights standards. The result of the judgment is that a decade’s worth of secret data capture has been held to be unlawful. The unlawfulness would have remained a secret but for PI’s work.
You…
Content Type: News & Analysis
It is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer ... when connected to the internet, computers serve as portals to an almost infinite amount of information that is shared between different users and is stored almost anywhere in the world.
R v Vu 2013 SCC 60, [2013] 3 SCR 657 at [40] and [41].
The controversial Police Crime Sentencing and Courts Bill includes provision for extracting data from electronic devices.
The Bill…
Content Type: Long Read
On 25 May 2021, the European Court of Human Rights issued its judgment in Big Brother Watch & Others v. the UK. Below, we answer some of the main questions relating to the case.
After our initial reaction, below we answer some of the main questions relating to the case.
NOTE: This post reflects our initial reaction to the judgment and may be updated.
What’s the ruling all about?
In a nutshell, one of the world’s most important courts, the Grand Chamber of the European Court of Human…
Content Type: Press release
The Grand Chamber of the European Court of Human Rights has today ruled that UK mass surveillance laws violate the rights to privacy and freedom of expression.
It found that:
The UK’s historical bulk interception regime violated the right to privacy protected by Article 8 of the European Convention on Human Rights and freedom of expression, protected by Article 10. Particularly it found that:
the absence of independent authorisation,
the failure to include the categories of selectors…
Content Type: Press release
Privacy International (PI), together with Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb - the European Center for Digital Rights, has today filed a series of legal complaints against Clearview AI, Inc. The facial recognition company claims to have “the largest known database of 3+ billion facial images”. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.
As our complaints detail, Clearview AI…
Content Type: News & Analysis
The report on disinformation by the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression follows a growing trend by international bodies (including the Organization of American States and the European Commission) to assess and regulate the global phenomenon that is disinformation.
The report strongly links the spread of disinformation with the gratuitous data collection and profiling techniques utilised by the online…
Content Type: News & Analysis
The Aspen Card - the debit payment card given to asylum seekers that PI has previously exposed as a de facto surveillance tool - will be outsourced to a new company. The contract with Sodexo has come to an end and the company Prepaid Financial Services will be taking over.
Our campaign for transparency in relation to the Aspen Card and how it monitors asylum seekers continues. Not only do we demand clarity from the Home Office [read more here], we believe the new provider, Prepaid Financial…
Content Type: News & Analysis
Uganda's Presidential election in January 2021 resulted in the incumbent President Museveni winning his sixth term in office, having held power for 35 years. The election took place amidst a global pandemic and the run up to election day was fraught. Violence left dozens dead and hundreds more arrested, including the opposition candidate Bobi Wine. Mass rallies and in person campaign meetings were banned due to Covid restrictions and political parties in Uganda were encouraged to conduct “…
Content Type: News & Analysis
Unwanted Witness’ research into Safeboda highlighted the company’s failure to comply with some of the law's core data protection principles, with a number of implications for the exercise of data subject rights. The enforcement action against Safeboda by National Information Technology Authority, Uganda (NITA-U) requires the company to make fundamental changes to how they handle people's personal data in order to comply with the Data Protection and Privacy Act, 2019.
This first landmark…
Content Type: News & Analysis
Earlier this week, the UK Government announced that no immigration status checks will be carried out for migrants trying to register with their GP and get vaccinated. But temporary offers of safety are not enough to undo the decades of harm caused by policies that have embedded immigration controls into public services.
Years of charging migrants for healthcare and sharing patient data with the Home Office has eroded trust between migrant communities and the NHS. As a result, they might not…
Content Type: Long Read
As we see Covid-19 vaccination programmes beginning around the world, for the first time since the start of the pandemic there seems to be a light at the end of the tunnel as the fruition of truly unrivalled global scientific efforts has given us hope of saving lives, reopening our societies, and going back to “normal”.
This great moment of hope must not be seen opportunistically as yet another data grab. The deployment of vaccines, and in particular any “immunity passport” or certificate…
Content Type: News & Analysis
Le « Fonds fiduciaire d’urgence de l’Union européenne en faveur de la stabilité et de la lutte contre les causes profondes de la migration irrégulière et du phénomène des personnes déplacées en Afrique » (le « fonds fiduciaire pour l’Afrique ») ne fait pas les grands titres (et il est plutôt difficile à retenir), mais son influence est vaste et aura des conséquences pendant plusieurs décennies sur la vie de millions de personnes sur le continent africain.
Mis en place suite à la « crise…
Content Type: News & Analysis
The “EU Trust Fund for Stability and Addressing Root Causes of Irregular Migration and Displaced Persons in Africa” (EUTF for Africa) isn’t exactly headline news (and nor does it exactly roll off the tongue), but its influence is vast and will be felt for decades to come for millions of people across Africa.
Set up in the wake of the 2015 ‘migration crisis’ in Europe and largely made up of money earmarked for development aid (80% of its budget comes from development and humanitarian aid funds…
Content Type: Long Read
Tucked away in a discrete side street in Hungary’s capital, the European Union Agency for Law Enforcement Training (CEPOL) has since 2006 operated as an official EU agency responsible for developing, implementing, and coordinating training for law enforcement officials from across EU and non-EU countries.
Providing training to some 29,000 officials in 2018 alone, it has seen its budget rocket from €5 million in 2006 to over €9.3 million in 2019, and offers courses in everything from…
Content Type: News & Analysis
PI is collaborating with The Carter Center election observation mission in the run up to and after Myanmar's national election on November 8th. The Carter Center is a US based NGO that has been invited to observe 111 elections in 39 countries since 1989. It has maintained a presence in Myanmar since 2013 when it's office was established in Yangon, and carried out long term observation for the 2015 election as well as 2020. The international election observer mission (IEOM) assesses the…
Content Type: Frequently Asked Questions
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content Type: News & Analysis
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.…
Content Type: Long Read
Q&A: EU's top court rules that UK, French and Belgian mass surveillance regimes must respect privacy
Content Type: News & Analysis
The Law Enforcement Data Service (LEDS) is a unified, common interface to a new mega-database currently being developed by the Home Office National Law Enforcement Data Programme (NLEDP). We believe that the development of the programme poses a threat to privacy and other rights and must be subjected to strong oversight, safeguards, and transparency measures.
As we explained in our analysis, the data in LEDS is vast, ever-increasing, worryingly mixes both evidential and intelligence material –…
Content Type: News & Analysis
In the last few weeks, the UK government has announced various new measures to ensure that crossings across the Channel were “inviable” including by appointing a new role of “clandestine Channel threat commander" and further plans to deploy the navy to stop migrants from crossing to the UK from France across the Channel. Premature plans it seems, as not only would such measures be contrary to the UK’s international obligations to allow individuals to seek asylum in the UK, but also since such…
Content Type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…