2022 Key highlights of our results

In 2022, Privacy International continued to produce real change by challenging governments and corporations that use data and technology to exploit us. And, we produced substantial impact that directly affects each of us.

Here are a handful of our biggest achievements in 2022.

WE CHALLENGED COMPANIES TO CHANGE THEIR BUSINESS MODELS AND PRACTICES

Regulators in UK, France, Greece, and Italy fined and restricted Clearview AI’s activity
Clearview AI built a massive database of our biometrics, by extracting personal data from social media, blogs, and professional websites, then using AI to a develop a facial recognition tool it shares with the police or even private companies. In partnership with organisations from Austria, Greece, and Italy, we filed complaints against Clearview with national data protection regulators. After provisional decisions announced in 2021, in 2022 regulators from Italy, Greece, France and the UK imposed significant fines (20m euro) on the company and ordered the company to delete and stop collecting and processing people’s data. As a result, Clearview AI is now on the agenda of governments. For example, the UK’s House of Lords debated the enforcement of the UK regulator’s decision on Clearview AI and its activity beyond the UK, and called for new regulations to stop the police using facial recognition technology from such companies.

Google gives power to people to opt-out of weight-related apps
Google added “weight loss” as a sensitive advertisement category that users can opt-out of. The settings will apply on all Google services in Google’s Display network which includes more than 2 million websites, videos, and apps. This was one of the main demands PI advocated for following our Diet Ads research, and allows users to avoid being targeted with these types of advertisements.

Regulators forced Meta to sell Giphy
The UK Competition and Markets Authority’s (CMA) confirmed its decision to order Meta to sell Giphy, citing concerns over users’ data. This resulted from the Competition Appeal Tribunal (CAT)'s judgment conforming that the completed merger between Meta and Giphy will give rise to a substantial lessening of competition. PI intervened in both the initial CMA investigation and the appeal before the CAT. Both decisions reflected the position we advocated. The CMA final decision sends an important signal to Big Tech that they can’t continue entrenching their data dominance over the web by buying companies.

WE PUSHED GOVERNMENTS TO ADOPT NEW PRIVACY STANDARDS

The High Court ruled that seizing mobile phones from asylum seekers arriving by small boats in the UK was unlawful
Early in 2022, PI intervened in a case against mobile phone seizures and data extraction applied to asylum seekers arriving by small boats in the UK. On 25 March 2022, the High Court ruled that the Home Office blanket policy of seizing mobile phones from asylum seekers was unlawful. On 14 October 2022, the UK High Court also ruled on a breach of the duty of candour due to an intial denial of the existence of a blanket policy to seize migrant’s mobile phones. The court ordered the UK Home Office to provide a remedy to the thousands of migrants affected by its unlawful policy and practice of seizing mobile phones from people arriving by small boats to UK. These decisions represent an important step towards better protection of migrants’ rights in the UK.

The European Court of Human Rights confirmed that bulk interception violates fundamental rights
On 10 March 2022, the European Court of Human Rights (ECtHR) issued a decision, in relation to HRW and Ball case. The case was originated in our campaign and relied on extensive involvement of PI. The decision confirmed the UK government’s admission that its mass interception regime was not compliant with Article 8 (right to Privacy) and Article 10 (Freedom of Expression) of the European Convention on Human Rights, with regard to the treatment of confidential journalistic material. The UK government acknowledged that parts of its historic mass investigatory powers regime violated these human rights. The government also agreed to pay compensation to the applicants.

Digital Markets Act (DMA) - a landmark for fairer online business
The final text of the EU Digital Markets Act approved by the Council of Europe in July 2022, included amendments proposed by PI, particularly in relation to interoperability, data protection and role of Civil Society Organisations (CSOs) in the implementation of the act. The DMA is a regulation that sets a framework for investigating and sanctioning non-compliant behaviours of large companies in the digital space.

Investigatory Powers Tribunal condemned long-term rule breaking
Privacy International and Liberty won a landmark case against MI5’s unlawful handling of millions of people’s data. UK’ Investigatory Powers Tribunal (IPT) found that UK’s Security Service (MI5) unlawfully held large amount of data because of the lack of the necessary retention, review and deletion safeguards, imposed by the law. This conduct, the Tribunal concluded, was tolerated by the Home Secretary who issued warrants unlawfully despite knowing about signs of MI5’s breaches. The ruling could positively impact the independent review of the Investigatory Powers Act 2016 initiated recently by the UK government.

Better regulation of Mobile Phone Extraction in the UK
The UK government’s code of practice on Extraction of Information from electronic devices includes recommendations from our response to the consultation on the Code, launched in early 2022. The new Code of Practice makes clear that regardless of the purpose, there must be no presumption that information will be extracted from a device. Further, the code states that other less intrusive means of obtaining information must be considered. It includes a set of additional documents to be provided in the written notice to the person who is the subject of extraction for increased transparency.

European Ombudsman finds European Commission failed to protect human rights while providing surveillance aid to African countries
Following our complaint, the European Ombudsman concluded that the European Commission failed to take necessary measures to ensure the protection of human rights in the transfers of technology with potential surveillance capacity supported by its multi-billion Emergency Trust Fund for Africa (EUTF).The Ombudsman recommended that “EUTF projects, both in Africa and elsewhere, should require an assessment of the potential human rights impact of projects” with “corresponding mitigation measures”. This decision sets up new human rights standards for EU programmes that might undermine people’s rights and freedoms. The Ombudsman further opened investigations in relation to the activities of Frontex (the European Border and Coast Guard Agency) and EEAS (the European External Action Service).

Better standards for cybercrime regulations set up internationally
The UN started negotiations of the international Cybercrime Treaty – a comprehensive international convention on countering the use of information and communications technologies for criminal purposes. As many of cybercrime laws, policies and practices currently can undermine human rights, we’ve been actively advocating for appropriate human rights safeguards in the cybercrime regulations to secure our digital lives against abuse. As a result of our extensive advocacy, the consolidated text of UN cybercrime treaty as well the positions of the UK and of the EU incorporate clear human rights provisions.

WE EDUCATED, CAMPAIGNED AND WORKED WITH OTHERS

Innovative advocacy action against migrants’ surveillance
Privacy International, Migrants Organise and Bail For Immigration Detainees shone a light on 10 years of the ‘hostile environment’ with a vast light projection on Home Office building. The projection generated support and attention from organisations working in the migration and human rights domains.

Privacy International supported partner organisations around the world to produce impact
In 2022 we supported our network of partner organisations across the world to create change in their countries. For example, following KELIN’s work on access of HIV positive people to health services, policy makers in Kenia committed to include some of the recommendations in the revised HIV & AIDS Prevention and Control Act, 2006. Following ADC’s contribution to the consultation, the new data protection law draft adopted recommendations proposed by our partner (including on the “principle of pre-eminence”, "legitimate interest” and “due diligence” and some recommendations in relation to on protection of children and adolescents).

We helped people to better understand the risks and take concrete steps to protect themselves
The use of technology in everyday life poses substantial risks, which could be dramatically reduced by taking simple steps.
In 2022, we updated and added more to our range of educational materials, including a series of guides on how to protect from online tracking providing concrete steps to increase protection on social media, messengers and browsers, as well as our ‘Free to Protest guides’ revealing a wide range of surveillance tools used to identify and track protesters. Our guides have been adapted and used by partner organisations, were actively used by activists and general public.

We were supported by the public
In 2022, we had more people than ever join our movement to protect privacy: financially, on social media or receiving our newsletter, PI Insider. We were also honoured to be nominated by privacy advocates around the world to be beneficiaries of Proton’s lifetime account fundraiser raffle. We are Proton users ourselves, so it was a match made in heaven. We were in good company, alongside many of our friends and allies: Fight for the Future, EPIC, Access Now, Women Who Code, Ranking Digital Rights, and the Tor Project. The proceeds from the raffle will support our work in the coming years.