Advanced Search
Content Type: Advocacy
Now is the time to strengthen not weaken data protection to keep us all safe. Here we outline some edited areas of our consultation response that highlight the impact of the proposed loss or weakening of many important protections:
The proposal to broadening consent and further processing for research purposes:
PI urges caution with regard to provisions that seek to potentially undermine the strict conditions around obtaining consent. The GDPR placed stronger conditions on obtaining consent…
Content Type: Advocacy
As part of the first public consultation with the WHO Intergovernmental Negotiating Body to draft and negotiate a WHO convention, agreement or other international instrument on pandemic prevention, preparedness and response, Privacy International delivered the following statement:
In line with WHO's commitment to a human rights-based approach to health, Privacy International believes the following elements procedural and substantive elements must be included:
Open, inclusive and multi-…
Content Type: News & Analysis
In a ruling handed down on 14 October 2021 by the High Court of Kenya in relation to an application filed by Katiba Institute calling for a halt to the rollout of the Huduma card in the absence of a data impact assessment, the Kenyan High Court found that the Data Protection Act applied retrospectively.
In this article we provide background on the initial challenge of the Huduma Namba and subsequent developments which led to this important ruling of the High Court of Kenya as we reflect on its…
Content Type: Advocacy
On 6 August 2021, the World Health Organisation (WHO) published its technical specifications and implementation guidance for “Digital Documentation of COVID-19 Certificates: Vaccination Status” (DDCC:VS) following months of consultations. As governments around the world are deploying their own Covid-19 certificates, guidance from the global health agency was expected to set a global approach, and one that prioritises public health. As such, we would expect the WHO to identify what these…
Content Type: News & Analysis
Today Apple announced a set of measures aimed at improving child safety in the USA. While well-intentioned, their plans risk opening the door to mass surveillance around the world while arguably doing little to improve child safety.
Among the measures, Apple has announced that it is to introduce “on-device machine learning” which would analyse attachments for sexually explicit material, send a warning, and begin scanning every photo stored on its customers’ iCloud in order to detect child…
Content Type: News & Analysis
It is difficult to imagine a more intrusive invasion of privacy than the search of a personal or home computer ... when connected to the internet, computers serve as portals to an almost infinite amount of information that is shared between different users and is stored almost anywhere in the world.
R v Vu 2013 SCC 60, [2013] 3 SCR 657 at [40] and [41].
The controversial Police Crime Sentencing and Courts Bill includes provision for extracting data from electronic devices.
The Bill…
Content Type: Long Read
Photographing or filming incidents involving police and protestors is an important way of holding the police to account for their actions. Members of the public and the media do not need a permit to film or photograph in public places and police have no power to stop them filming or photographing incidents or police personnel.[1]
Can the police stop and search me for filming or taking photographs?
The police have the discretion to ask you to move back if they think you are interfering with…
Content Type: Explainer
What is social media monitoring?
Social media monitoring refers to the monitoring, gathering and analysis of information shared on social media platforms, such as Facebook, Twitter, Instagram and Reddit.
It may include snooping on content posted to public or private groups or pages. It may also involve “scraping” – grabbing all the data from a social media platform, including content you post and data about your behaviour (such as what you like and share).
Through scraping and other tools…
Content Type: Explainer
What are my 'unique identifiers' and where are they stored?
Your phone and your SIM card contain unique identifiers about you, which can be accessed by the police to identify you.
The IMSI (International Mobile Subscriber Identity) is a unique number associated with your SIM card. It doesn't change, even if you put the SIM card into a different phone.
If you have a mobile phone subscription, the IMSI will be associated with personal information such as your name and address.
The IMEI (…
Content Type: Explainer
Where are my communications stored?
Text messages/phone calls: Traditional cellphone communications happen over the cellular network. You usually access those with the text message and phone call apps that are provided as standard on your phone. While phone calls aren’t stored anywhere, text messages are stored locally on your and the recipient’s devices. They might also be temporarily stored by the network provider.
Messaging apps: Messaging platforms enable fairly secure communication…
Content Type: Explainer
Where is my phone's location data stored?
Your phone can be located in two main ways, using GPS or mobile network location:
1. GPS
GPS (that stands for Global Positioning System) uses satellite navigation to locate your phone fairly precisely (within a few metres), and relies on a GPS chip inside your handset.
Depending on the phone you use, your GPS location data might be stored locally and/or on a cloud service like Google Cloud or iCloud. It might also be collected by any app that you…
Content Type: Explainer
What is predictive policing?
Predictive policing programs are used by the police to estimate where and when crimes are likely to be committed – or who is likely to commit them. These programs work by feeding historic policing data through computer algorithms.
For example, a program might evaluate data about past crimes to predict where future crimes will happen – identifying ‘hot spots’ or ‘boxes’ on a map. But the data these programs use can be incomplete or biased, leading to a ‘feedback…
Content Type: Explainer
What is LEDS?
LEDS is a new mega-database currently being developed by the UK Home Office.
LEDS will replace and combine the existing Police National Database (PND) and the Police National Computer (PNC). The aim is to provide police and others with a super-database, with on-demand, at the point of need access, containing up-to-date and linked information about individuals’ lives.
Once your details are in LEDS, numerous agencies will have access to that information (e.g. HMRC and DVLA),…
Content Type: Explainer
What are police drones?
Drones are remotely controlled Unmanned Aerial Vehicles (UAVs) of varying sizes.
They usually come equipped with cameras and might be enabled with Facial Recognition Technology.
Drones can be equipped with speakers, surveillance equipment, radar and communications interception tools, such as ‘IMSI catchers’.
How might drones be used during protests?
Camera-enabled drones may be used to remotely monitor and track people’s movements in public spaces, including at…
Content Type: Explainer
What do Body Worn Video cameras do?
Body worn video (BWV) cameras can be attached to a police officer’s clothing – often at chest, shoulder or head level – and record video, including sound, from the officer’s perspective.
BWV cameras will probably be visible to you, and when it’s recording, a flashing light should appear on the device.
How might body worn video cameras be used at a protest?
BWV cameras may be used at protests to monitor actions of protestors.
They do not usually…
Content Type: Explainer
What is gait recognition technology?
Gait recognition technology (GRT) can analyse the shape of an individual’s body and the unique way in which that body moves when walking or running, which can then be used to identify them.
GRT works in a similar way to facial recognition technology. But the two main differences are:
GRT may be used at a fairly long range (at the time of writing, about 165 feet / 50 metres), unlike FRT which generally requires more close up, detailed facial images…
Content Type: Explainer
What is Facial Recognition Technology?Facial recognition technology (FRT) collects and processes data about people’s faces, and can be used to identify people. FRT matches captured images with images stored in existing databases or ‘watchlists’.How might it be used in relation to a protest?FRT may be used to monitor, track and identify people’s faces in public spaces, including at protests. This may be done openly or surreptitiously, without people knowing or consenting.FRT-enabled cameras can…
Content Type: Explainer
What are ‘cloud extraction tools’ and what do they do?
Cloud extraction technology enables the police to access data stored in your ‘Cloud’ via your mobile phone or other devices.
The use of cloud extraction tools means the police can access data that you store online. Examples of apps that store data in the Cloud include Slack, Instagram, Telegram, Twitter, Facebook and Uber.
How might cloud extraction tools be used at a protest?
In order to extract your cloud data, the police would…
Content Type: Long Read
Among the many challenges of 2020, the impact on elections around the world kept us all on the edge of our seats. 75 countries postponed national and local elections due to Covid 19. Of the elections that went ahead, we saw Covid safe measures at polling stations (South Korea led the way forward in April) an increase in postal voting (who can forget the USA, but also Poland) and political parties in Uganda conducting "virtual" campaigns as mass rallies and in person campaign meetings were…
Content Type: Long Read
Political parties depend on data to drive their campaigns, from deciding where to hold rallies, which campaign messages to focus on in which area, and how to target supporters, undecided voters and non-supporters, including with ads on social media. Political parties increasingly hire private companies to do the bulk of this work, and our primary concern is how these companies use personal data to “profile” people and drive election campaigning.
As part of PI’s programme of work on Defending…
Content Type: Long Read
As we see Covid-19 vaccination programmes beginning around the world, for the first time since the start of the pandemic there seems to be a light at the end of the tunnel as the fruition of truly unrivalled global scientific efforts has given us hope of saving lives, reopening our societies, and going back to “normal”.
This great moment of hope must not be seen opportunistically as yet another data grab. The deployment of vaccines, and in particular any “immunity passport” or certificate…
Content Type: News & Analysis
Le « Fonds fiduciaire d’urgence de l’Union européenne en faveur de la stabilité et de la lutte contre les causes profondes de la migration irrégulière et du phénomène des personnes déplacées en Afrique » (le « fonds fiduciaire pour l’Afrique ») ne fait pas les grands titres (et il est plutôt difficile à retenir), mais son influence est vaste et aura des conséquences pendant plusieurs décennies sur la vie de millions de personnes sur le continent africain.
Mis en place suite à la « crise…
Content Type: News & Analysis
The “EU Trust Fund for Stability and Addressing Root Causes of Irregular Migration and Displaced Persons in Africa” (EUTF for Africa) isn’t exactly headline news (and nor does it exactly roll off the tongue), but its influence is vast and will be felt for decades to come for millions of people across Africa.
Set up in the wake of the 2015 ‘migration crisis’ in Europe and largely made up of money earmarked for development aid (80% of its budget comes from development and humanitarian aid funds…
Content Type: News & Analysis
Banning TikTok? It's time to fix the out-of-control data exploitation industry - not a symptom of it
Chinese apps and tech companies have been at the forefront of the news recently. Following India's ban of 59 chinese apps in July, President Trump announced his desire to ban TikTok, shortly followed by his backing of Microsoft's intention to buy the US branch of its parent company ByteDance. Other than others lip syncing his public declaration, what does President Trump fear from this app, run by a firm, based in China?
It's all about that data
One clear answer emerges: the exploitation of…
Content Type: News & Analysis
The UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, Professor Fionnuala Ní Aoláin together with Dr. Krisztina Huszti-Orbán, released today a key report on the “Use of Biometric Data to Identify Terrorists: Best Practice or Risky Business?”.
The report explores the human rights risks involved in the deployment of biometrics emphasising that
in the absence of robust rights protections which are institutionally embedded…
Content Type: Long Read
What Do We Know?
In late March, the NHS quietly announced that it would give technology businesses access to unprecedented quantities of patient data for processing and analysis in response to COVID-19. One of those businesses is CIA-backed Palantir Technologies. Palantir’s software is allegedly “mission critical” to US Immigration and Customs Enforcement’s (ICE) mass raids, detentions, and deportations. Despite trusting Palantir with patient data, the NHS has been tight-lipped about the scope…
Content Type: Call to Action
Google wants to know everything about you.
It already holds a massive trove of data about you, but by announcing its plans to acquire the health and fitness tracker company Fitbit, it now clearly wants to get its hands on your health too. We don’t think any company should be allowed to accumulate this much intimate information about you. This is why we’re trying to stop its merger with Fitbit.
Google and Fitbit need the European Commission’s approval before they can merge. The merger would…
Content Type: Press release
Today, the ICO has issued a long-awaited and critical report on Police practices regarding extraction of data from people's phones, including phones belonging to the victims of crime.
The report highlights numerous risks and failures by the police in terms of data protection and privacy rights. The report comes as a result of PI’s complaint, dating back to 2018, where we outlined our concerns about this intrusive practice, which involves extraction of data from devices of victims, witnesses…
Content Type: Press release
On 15 June 2020, Google formally notified the European Commission of its proposed acquisition of Fitbit, enabling them to capture a massive trove of sensitive health data that will expand and entrench its digital dominance. Privacy International is calling on EU regulators to block the merger.
In November 2019, Google announced its plan to acquire Fitbit, a company that produces and sells health tracking technologies and wearables - including smartwatches, health trackers and smart scales -…
Content Type: Advocacy
Last week, Privacy International joined more than 30 UK charities in a letter addressed to the British Prime Minister Boris Johnson, following his recent declaration, asking him to lift No Recourse to Public Funds (NRPF) restrictions.
Since 2012, a ‘NRPF condition’ has been imposed on all migrants granted the legal right to live and work in the UK. They are required to pay taxes, but they are not permitted to access the public safety net funded by those taxes.
This is not a topic we are known…