Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Issue

Data Protection and Privacy Laws

Effective legislation helps minimize monitoring by governments, regulate surveillance by companies and ensure that personal information is properly protected.

Laws for the protection of privacy have been adopted worldwide. Their objectives vary: some have attempted to remedy past injustices under authoritarian regimes, others seek to promote electronic commerce, and many ensure compliance with pan-European laws and to enable global trade. Regardless of the objective, data protection laws tend to converge around the principle that individuals should have control over their personal information.

Interest in the right to privacy increased in the 1960s and 1970s with the advent of information technology. The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information. The genesis of modern legislation in this area can be traced to the first data protection law in the world, enacted in the Land of Hesse in Germany in 1970. This was followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978).

Two crucial international instruments evolved from these laws: the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, and the Organization for Economic Cooperation and Development’s 1980 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. These rules describe personal information as data that are afforded protection at every step, from collection to storage and dissemination.

Although the expression of data protection requirements varies across jurisdictions, all require that personal information must be:

• obtained fairly and lawfully
• used only for the original specified purpose
• adequate, relevant and not excessive to purpose
• accurate and up to date
• accessible to the subject
• kept secure
• destroyed after its purpose is completed

We work with regulators and other institutions to advance the implementation and practices of data protection and privacy laws and to analyse how new policies and technologies may affect them. We also aim to hold companies and governments to account by filing briefings and complaints on how their practices can - or cannot - be reconciled with legal frameworks.

Data Protection and Privacy Laws

Blog
Caroline Wilson Palow's picture

Privacy International's partner organisation, Bytes for All, has filed a complaint against the Government, decrying the human rights violations inherent in such extensive surveillance and demonstrating how the UK's mass surveillance operations and its policies have a disproportionate impact on those who live outside the country.

Bytes for All, a Pakistan-based human rights organization, filed its complaint in the UK Investigatory Powers Tribunal (IPT), the same venue in which Privacy International lodged a similar complaint last July.

Blog
Anna Crowe's picture

The following piece originally appeared on Linda Raftree's "Wait...What" blog, a site focusing on bridging community development and technology.

New technologies hold great potential for the developing world, and countless development scholars and practitioners have sung the praises of technology in accelerating development, reducing poverty, spurring innovation and improving accountability and transparency.

Worryingly, however, privacy is presented as a luxury that creates barriers to development, rather than a key aspect to sustainable development. This perspective needs to change.

Blog
Edin Omanovic's picture

Privacy International is currently engaged in a joint project on export controls with the Open Technology Institute and Digitale Gesellschaft. The blog post below was co-written by Edin Omanovic and Tim Maurer and is also available on the OTI blog.

Export controls have something of a bad reputation in technology circles, and not without good reason.

Blog
Alexandrine Pirlot's picture

New technologies may hold great benefits for the developing world, but without strong legal frameworks ensuring that rights are adequately protected, they pose serious threats to populations they are supposed to empower.

This is never more evident than with the rapid and widespread implementation of biometric technology. Whilst concerns and challenges are seen in both developed and developing countries when it comes to biometrics, for the latter they are more acute due the absence of laws or flawed legal frameworks, which are failing to uphold and ensure the protection of basic human rights.

Blog
Carly Nyst's picture

Australia’s intelligence agencies have been conducting mass surveillance for more than half a century, routinely sharing the fruits of such labours with their Five Eyes allies in the US, UK, Canada and New Zealand. Australian spying facilities are staffed by the NSA and the UK’s GCHQ, and Australian intelligence officers are routinely tasked with work by their Five Eyes counterparts.  Australia and its allies have infiltrated every aspect of the modern global communications system. And they have done it all in secret.

In the media
Publisher: 
The Canberra Times
Publication date: 
06-Dec-2013
Author(s): 
Philip Dorling
Original story link: 

Research by Privacy International, an independent watchdog group focused on the proliferation of surveillance technology, has found more than 338 companies offering a total of 97 different technologies worldwide.

Selling such equipment is perfectly legal and these companies say the new technologies are part of the fabric of modern IT systems and help governments defeat terrorism and crime.

But human rights and privacy campaigners are concerned that oppressive regimes can use such technology to clamp down on critics and democracy advocates.

In the media
Publisher: 
Computer World
Publication date: 
04-Dec-2013
Author(s): 
Hamish Barwick
Original story link: 

According to Privacy International, ASD acted in a manner that violates the laws of the Commonwealth and is contrary to guidelines given to the agency.

The group pointed out that the intelligence agency’s Rules to Protect the Privacy of Australians were released on 2 October 2012 and include the following guidelines:

Countries: 
In the media
Publisher: 
Delimiter
Publication date: 
04-Dec-2013
Author(s): 
Renai LeMay
Original story link: 

Global privacy organisation Privacy International has filed a formal complaint with Australia’s Inspector-General of Intelligence and Security over a report that the Australian Signals Directorate had offered to hand over data on Australian citizens to foreign intelligence agencies.

Countries: 
Blog
Anna Crowe's picture

News that the United Nations is using drones (unmanned aerial vehicles) to collect information in the troubled east of the Democratic Republic of Congo (DRC) illustrates the growing use – and acceptance - of surveillance technologies in humanitarian operations.

The deployment of two drones by the UN Stabilisation Mission (MONUSCO) in the DRC last week, to assist the Mission in fulfilling its mandate to protect civilians, had been long foreshadowed, with requests for their use in the eastern DRC dating back to 2008; the UN Security Council effectively authorised MONUSCO to use drones in January 2013 following a 2012 letter from UN Secretary-General Ban Ki-moon commenting on the ability of drones “to enhance situational awareness and permit timely decision-making” in the eastern DRC.

Blog
Alexandrine Pirlot's picture

Just a few weeks ago, thousands of Argentinians had their privacy rights violated when the country’s electoral registration roll, which had been made available online, experienced a major leak of personal data following the presidential election.

Despite some early warnings on the weaknesses of the system, the government did nothing to fix the situation, allowing serious technical flaws in an online system to persist and refusing to respond to the crisis, further jeopardising public trust in the system.

Pages

Subscribe to Data Protection and Privacy Laws