Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Issue

Data Protection and Privacy Laws

Effective legislation helps minimize monitoring by governments, regulate surveillance by companies and ensure that personal information is properly protected.

Laws for the protection of privacy have been adopted worldwide. Their objectives vary: some have attempted to remedy past injustices under authoritarian regimes, others seek to promote electronic commerce, and many ensure compliance with pan-European laws and to enable global trade. Regardless of the objective, data protection laws tend to converge around the principle that individuals should have control over their personal information.

Interest in the right to privacy increased in the 1960s and 1970s with the advent of information technology. The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information. The genesis of modern legislation in this area can be traced to the first data protection law in the world, enacted in the Land of Hesse in Germany in 1970. This was followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978).

Two crucial international instruments evolved from these laws: the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, and the Organization for Economic Cooperation and Development’s 1980 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. These rules describe personal information as data that are afforded protection at every step, from collection to storage and dissemination.

Although the expression of data protection requirements varies across jurisdictions, all require that personal information must be:

• obtained fairly and lawfully
• used only for the original specified purpose
• adequate, relevant and not excessive to purpose
• accurate and up to date
• accessible to the subject
• kept secure
• destroyed after its purpose is completed

We work with regulators and other institutions to advance the implementation and practices of data protection and privacy laws and to analyse how new policies and technologies may affect them. We also aim to hold companies and governments to account by filing briefings and complaints on how their practices can - or cannot - be reconciled with legal frameworks.

Data Protection and Privacy Laws

Blog
Anna Crowe's picture

The government of Pakistan is proposing a new law that significantly threatens privacy rights, in a blatant attempt to establish a legal regime containing broad powers when it comes to obtaining, retaining, and sharing data obtained through criminal investigations, including communications data.

The Prevention of Electronic Crimes Act, 2014, contains worrying aspects that threaten the right to privacy, including a provision that would permit unregulated information sharing with foreign governments. Pakistani rights groups are echoing Privacy International’s concerns and demanding that the draft law be rewritten. Pakistan has a poor human rights record and passing the law in its current form would represent a further step backwards in the protection of fundamental rights, such as the right to privacy.

In the media
Publisher: 
The News on Sunday
Publication date: 
13-Apr-2014
Author(s): 
Shahzada Irfan Ahmed
Original story link: 

Privacy International, a registered UK charity founded in 1990 which was the first to campaign at an international level on privacy issues, identifies certain loopholes in Pakistan’s draft law on cyber crime.

In a statement shared with TNS, it states: “In particular, we reiterate that the lack of procedural safeguards against surveillance activities carried out by intelligence agencies poses a serious threat to human rights, especially the right to privacy. We also emphasise the importance of establishing a competent independent oversight mechanism that has the ability to access all potentially relevant information about state actions.”

Countries: 
Blog
Carly Nyst's picture

As privacy and free expression advocates hail the demise of the Data Retention Directive at the hands of the European Court of Justice, one large question is looming in the midst of celebration.

Now what? 

More specifically, what will be its impact of the national laws of the European Union countries? What steps should EU governments be taking to ensure the Court’s decision is given effect? What are the implications for communications service providers who have been collecting and storing data in accordance with the Directive for many years? How can we ensure that this harmful practice is ceased immediately?

Press release

The ruling today from the European Court of Justice, invalidating the European Union’s 2006 Data Retention Directive policy, was strong and unequivocal: the right to privacy provides a fundamental barrier between the individual and powerful institutions, and laws allowing for indiscriminate, blanket retention on this scale are completely unacceptable.

As the Court states, it is not, and never was, proportionate to spy on the entire population of Europe. The types of data retained under this hastily-enacted Directive are incredibly revealing about our lives, including our daily activities and whom we have relationships with. It is right and overdue that this terrible directive was struck down.

Report
14-Dec-2013

New technologies may hold great benefits for the developing world, but without strong legal frameworks ensuring that rights are adequately protected, they pose serious threats to populations they are supposed to empower.

This is never more evident than with the rapid and widespread implementation of biometric technology. Whilst concerns and challenges are seen in both developed and developing countries when it comes to biometrics, for the latter they are more acute due the absence of laws or flawed legal frameworks, which are failing to uphold and ensure the protection of basic human rights.

In the media
Publisher: 
PC Pro
Publication date: 
27-Mar-2014
Author(s): 
Stewart Mitchell
Original story link: 

"The reason tagging services like this are problematic is that by default companies switch on these functions for their users when it should be the other way around," Mike Rispoli, communications manager at Privacy International told PC Pro.

"Anyone who's using Twitter, you shouldn't be automatically opted in, you should be able to choose to participate in it, not the other way around."
 

In the media
Publisher: 
The Guardian
Publication date: 
18-Feb-2014
Original story link: 

Big data helps us to understand the true impact of business on the environment and could change our behaviour. But at what cost? Anna Crowe of Privacy International told the Guardian podcast, "There is a more general issue around data being equated with truth, that data is ging to tell us the truth about a situation when it can be deeply flawed."

In the media
Publisher: 
Bloomberg
Publication date: 
10-Mar-2014
Author(s): 
Vernon Silver
Original story link: 

Gus Hosein, executive director of Privacy International in London, says the incident shows how the push for enhanced passport data hasn’t paid off. “It’s not just that the trade-off wasn’t worth it—the proponents of this policy were short-sighted and wanted to play with new technologies while building national biometric databases,” says Hosein, whose group advocates against government intrusions into private life, including the broadening use of biometrics such as iris scans and other measurements of peoples’ features.

Countries: 
Blog
Emily Linnea Mahoney's picture

In the late eighteenth century in Germany, ‘anthropologist’ Johann Blumenbach published a degenerative hypothesis that linked cranium and facial profiles to supposed character traits and accordingly divided human beings into five different races: the Caucasian, Mongolian, Malayan, Ethiopian, and American.1

In the 1870s, Alphonse Bertillon, a police officer in France, started a trend to identify criminals based on facial characteristics, alongside subsequent use of the camera to photograph and identify repeat offenders.

In the 1930s in Nazi Germany, IBM computer scientists devised an identification system in aid of the Third Reich’s attempt to systematically decimate entire populations.2

In the media
Publisher: 
Vice Motherboard
Publication date: 
27-Feb-2014
Author(s): 
Joseph Cox
Original story link: 

When it comes to new technologies such as facial recognition, there really are no meaningful protections in place. Carly Nyst from Privacy International agrees: “Without clear and strict regulation of the use of facial recognition and fingerprint technology, it is very difficult to ensure that individuals' privacy will be protected,” she told me.

Nyst was also worried about “mission creep,” where we could see “the use of such technologies away from serious crime detection, and instead towards basic policing (using it to track down traffic rules violators, for example); use by local authorities (for parking tickets and other fines); and even use by taxation authorities to identify evaders.”

Pages

Subscribe to Data Protection and Privacy Laws