Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Issue

Data Protection and Privacy Laws

Effective legislation helps minimize monitoring by governments, regulate surveillance by companies and ensure that personal information is properly protected.

Laws for the protection of privacy have been adopted worldwide. Their objectives vary: some have attempted to remedy past injustices under authoritarian regimes, others seek to promote electronic commerce, and many ensure compliance with pan-European laws and to enable global trade. Regardless of the objective, data protection laws tend to converge around the principle that individuals should have control over their personal information.

Interest in the right to privacy increased in the 1960s and 1970s with the advent of information technology. The surveillance potential of powerful computer systems prompted demands for specific rules governing the collection and handling of personal information. The genesis of modern legislation in this area can be traced to the first data protection law in the world, enacted in the Land of Hesse in Germany in 1970. This was followed by national laws in Sweden (1973), the United States (1974), Germany (1977) and France (1978).

Two crucial international instruments evolved from these laws: the Council of Europe's 1981 Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data, and the Organization for Economic Cooperation and Development’s 1980 Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data. These rules describe personal information as data that are afforded protection at every step, from collection to storage and dissemination.

Although the expression of data protection requirements varies across jurisdictions, all require that personal information must be:

• obtained fairly and lawfully
• used only for the original specified purpose
• adequate, relevant and not excessive to purpose
• accurate and up to date
• accessible to the subject
• kept secure
• destroyed after its purpose is completed

We work with regulators and other institutions to advance the implementation and practices of data protection and privacy laws and to analyse how new policies and technologies may affect them. We also aim to hold companies and governments to account by filing briefings and complaints on how their practices can - or cannot - be reconciled with legal frameworks.

Data Protection and Privacy Laws

Blog
Anna Fielder's picture

We, and other privacy advocates, have criticised the poor provisions of the so-called Safe Harbour agreement, which allows free transfers of personal information from European countries to companies in the United States that have signed up and promise to abide by its Principles. Now the European Commission, prompted by the recent mass surveillance scandals, has published an investigation into this agreement which provides overwhelming evidence that it is not fit for purpose. It urges the US authorities, with a number of concrete recommendations, to get their act together by next summer.

We welcome the recommendations but believe they just stick a plaster on an open wound. The only longterm solution is for US companies to respect EU privacy laws when handling EU citizen data or, better still, for the US to implement strong data protection laws for the benefit of all.

Blog
Carly Nyst's picture

Privacy International is proud to announce our new project, Eyes Wide Open, which aims to pry open the Five Eyes arrangement and bring it under the rule of law. Read our Special Report "Eyes Wide Open" and learn more about the project below.

For almost 70 years, a secret post-war alliance of five English-speaking countries has been building a global surveillance infrastructure to “master the internet” and spy on the worlds communications. This arrangement binds together the US, UK, Canada, Australia, and New Zealand to create what’s collectively known as the Five Eyes.

Blog
Carly Nyst's picture

With the launch of the "Eyes Wide Open" project, Privacy International has put together a fact sheet about the secretive Five Eyes alliance. Consider this a guide to the secret surveillance alliance that has infiltrated every aspect of the modern global communications system.

• Beginning in 1946, an alliance of five English-speaking countries (the US, the UK, Australia, Canada and New Zealand) developed a series of bilateral agreements over more than a decade that became known as the UKUSA agreement, establishing the Five Eyes alliance for the purpose of sharing intelligence, primarily signals intelligence (SIGINT).

• While almost 70 years old, the arrangement is so secretive that the Australian prime minister reportedly wasn’t informed of its existence until 1973 and no government officially acknowledged the arrangement by name until 1999.

In the media
Publisher: 
The Guardian
Publication date: 
22-Nov-2013
Author(s): 
Nick Hopkins and Matthew Taylor
Original story link: 

Privacy International said it had long suspected that members of Five Eyes have been playing "a game of jurisdictional arbitrage to sidestep domestic laws governing interception and collection of data".

"Secret agreements such as these must be placed under the microscope to ensure they are adequately protecting the rights of British citizens," said Eric King, the group's head of research.

"The British government has repeatedly insisted that appropriate warrants were in place in all instances of international intelligence collaboration. We now know this isn't the whole truth. Trust must be restored, and our intelligence agencies must be brought under the rule of law. Transparency around an accountability for these secret agreements is a crucial first step."

Blog
Carly Nyst's picture

The following is an excerpt from a blog post that originally was published by EJIL: Talk!, and is written by Carly Nyst, Head of International Advocacy at Privacy International:

The recent revelations of global surveillance practices have prompted a fundamental re-examination of the role and responsibility of States with respect to cross-border surveillance. The patchwork of secret spying programmes and intelligence-sharing agreements implemented by parties to the Five Eyes arrangement (the US, UK, Canada, Australia and New Zealand) constitutes an integrated global surveillance arrangement that covers the majority of the world’s communications.

In the media
Publisher: 
Il Mattino
Publication date: 
19-Nov-2013
Original story link: 

 L'elenco delle compagnie, pubblicato da Privacy International dopo 4 anni di lavoro, include anche un azienda italiana, la Hacking Team, fondata nel 2003 e basata - si legge nel rapporto - a Milano. Il rapporto sottolinea che «la normativa italiana per l'esportazione non regola nello specifico queste tecnologie, quindi possono finire facilmente nelle mani sbagliate». La ditta italiana sarebbe in grado di fornire sistemi di intercettazione per i cellulari come iPhone, Blackberrie e quelli basati su Windows o Symbian.

Countries: 
In the media
Publisher: 
Motherboard
Publication date: 
19-Nov-2013
Author(s): 
Derek Mead
Original story link: 

The document trove, called the Surveillance Industry Index (SII) and released by Privacy International, and contains 1,203 documents from 338 companies in 36 countries, all of which detail surveillance technologies. Some advertised capabilities are astounding: A firm named Glimmerglass, which produces monitoring and repair equipment for undersea cables, touts in a brochure that its equipment enables "dynamic selection and distribution of signals for analysis and storage."

In the media
Publisher: 
The Guardian
Publication date: 
18-Nov-2013
Author(s): 
Nick Hopkins and Matthew Taylor
Original story link: 

The documents are included in an online database compiled by the research watchdog Privacy International, which has spent four years gathering 1,203 brochures and sales pitches used at conventions in Dubai, Prague, Brasilia, Washington, Kuala Lumpur, Paris and London. Analysts posed as potential buyers to gain access to the private fairs.

The database, called the Surveillance Industry Index, shows how firms from the UK, Israel, Germany, France and the US offer governments a range of systems that allow them to secretly hack into internet cables carrying email and phone traffic.

Blog
Anna Crowe's picture

Humanitarian agencies are collecting personal information for Syrians caught in the crossfire of a drawn-out and bloody civil war. Indeed, refugees fleeing persecution and conflict, need to access services and protection offered by the world’s humanitarian community. But in the rush to provide necessary aid to those afflicted by the crisis in Syria, humanitarian organisations are overlooking a human right that also needs protecting: the right to privacy.

Humanitarian and aid agencies are creating surveillance systems that collect and retain personal data with no standards or data protection principles in place. There are very real risks involved, including the creation of databases filled with the personal data of a vulnerable population. Good intentions aside, failing to protect information of Syrians could have the opposite effect: these communities will be more, not less, at risk.

Blog
Matthew Rice's picture

Privacy International is pleased to announce the Surveillance Industry Index, the most comprehensive publicly available database on the private surveillance sector.

Over the last four years, Privacy International has been gathering information from various sources that details how the sector sells its technologies, what the technologies are capable of and in some cases, which governments a technology has been sold to. Through our collection of materials and brochures at surveillance trade shows around the world, and by incorporating certain information provided by Wikileaks and Omega Research Foundation, this collection of documents represents the largest single index on the private surveillance sector ever assembled. All told, there are 1,203 documents detailing 97 surveillance technologies contained within the database. The Index features 338 companies that develop these technologies in 36 countries around the world.

Pages

Subscribe to Data Protection and Privacy Laws