Key highlights of our results from 2023

Here is a selection of our biggest achievements in 2023.

Long Read
White stairs photo

Photo by Stephane Mingot on Unsplash

In 2023, Privacy International continued to produce real change in the world. We kept challenging governments and corporations that use data and technology to exploit us; pushed for new legislative standards; educated and campaigned with others.
And, we produced HUGE impact that directly affects each of us.
Here's a selection of our biggest achievements from last year.

French Data Protection regulator (CNIL) fined Doctissimo and Criteo
Following PI’s complaint, in May 2023, CNIL fined French health website doctissimo.fr (Doctissimo) €380,000 euro. The regulator found that Doctissimo failed to comply with obligations under the GDPR. In June 2023, the regulator fined French AdTech company, Criteo, €40 million for failing to ensure that people (data subjects) had provided their consent to processing of their data, failing to sufficiently inform them and to enable them to exercise their rights. The decision was submitted and approved by all the other 29 European supervisory authorities interested in the case. After the CNIL's decision to fine Criteo, on 18 October 2023 the Amsterdam District Court adopted an it's decision mentioning that Criteo did not obtain a ‘valid consent for the placement of cookies’, which made their placement illegal. These decisions are instrumental for addressing problematic data collection practices by various companies.
Amazon and iRobot forced to terminate their merger
On 29 January 2024 Amazon and iRobot announced that they have entered into a mutual agreement to terminate their previously announced acquisition agreement. The decision came after European Commission’s initiated Phase II in-depth investigation and published its Statement of Objections pointing to potential harms of the merger onto competitors and consumers. PI contributed to this result by making submissions the UK CMA and the European Commission that were investigating the merger. PI was invited to obtain a third person interest status in the review of the merger by the EC. This invitation was the only time a non-consumer rights group was granted third person status in merger review proceedings by the Commission.

European Court of Human Rights held the United Kingdom accountable for its digital spying outside its borders
On 12 September 2023, the European Court of Human Rights ruled on the case Guarnieri and Wielder v UK, that UK’s security and intelligence agencies breached the right to privacy of two individuals living outside the UK, through the UK's mass surveillance practices. The judgment from the European Court underscores that security and intelligence agencies must be held responsible for the effects of their actions in the UK no matter where their consequences are felt. The case was a result of PI's 2015 campaign asking people to make applications to the UK's Investigatory Powers Tribunal to investigate whether they had been subjected to unlawful surveillance measures by the UK’s intelligence agencies.
UK government to amend communications surveillance law
On 13 June 2023, the UK Parliament's Joint Committee on Human Rights issued its proposal on the UK Government's "Proposal for a Draft Investigatory Powers Act 2016 (Remedial) Order 2023. The Investigatory Powers Act (IPA) 2016 regulates surveillance practices (particularly interception of communications) of the British intelligence agencies and police. The proposed changes are a direct result of the European Court of Human Rights judgment, to which Privacy International was a lead applicant. The proposal aims to ensure the IPA's compliance with the judgment. Our advocacy around the government's proposed amendments to the IPA resulted in at least one amendment being put forward by peers scrutinising the Bill.
Strengthened tools against consumer profiling
The European Commission adopted most of PI’s recommendations in relation to the template regulating the consumer profiling techniques under the Digital Markets Act. PI made a series of recommendations to strengthen the draft template during the consultation period opened by the EC. In the current version, the template provides clear, precise and detailed instructions on the information gatekeepers need to include in audited description of consumer profiling, to allow for the effective monitoring and assessment of gatekeepers’ practices and their compliance with the obligations under the DMA.

European Commission asks companies to provide longer support of their products
On 31 August 2023, the European Commission published its Regulation for eco-design for smartphones and tablets laying down specific requirements to the relevant mobile devices. The regulation requires manufacturers, importers or authorised representatives to provide for at least 5 years of operating system updates from the date of end of placement of the product on the market. This means that end-users will benefit from longer protections and functionality of their devices. This change in the regulation was our specific demand and intensively promoted by PI through our Best Before Date advocacy and extensive engagement with the Commission.
New EU regulation empowers consumers in relation tech products
On 17 January 2024, the European Parliament adopted the Directive on empowering consumers for the green transition. The final text of the directive reflected PI’s language and demands. In its current version, the Directive contains a strong transparency and other obligations for device manufacturers to ensure that users are empowered and that their devices remain secure in the digital age.
The European Ombudsman demands more scrutiny in providing surveillance capabilities to non-EU countries
Following [our complaints] the EU Ombudsman handed down its decisions against the European Border and Coast Guard Agency (Frontex) and the European External Action Service (EEAS). The Ombudsman highlighted existing shortcomings of approach to human rights due diligence and articulated that transfer of surveillance capabilities needs to be subject of standalone human rights impact assessments. As a result, we expect relevant EU institutions to adopt higher human rights considerations in relation to transfer of surveillance practices.
PI actively advocated and has been involved in other legislative developments including: EU Cyber Resilience Act, WHO’s Pandemic Treaty, UN Cybercrime treaty, implementation of the Digital Markets Act, EU AI Act.

Joint, beneficiary-led campaign against company (CAPITA) involved in migrants’ surveillance
Together with two migrants rights organisations, Bail for Immigration Detainees and Migrants Organise, we campaigned against Capita's involvement in the UK's GPS tagging of migrants. The first phase of the campaign was designed around Capita's Annual General Meeting (AGM) gathering of its core shareholders. We pressured Capita’s shareholders to consider the human rights implications of the GPS tagging contract with the UK Government. Our demands have been supported by over 200 people who sent a letter to Capita following our public action. The campaign also generated attention and support from the many other CSOs from the migration sector, and generated media attention to the issue.
Inviting people to raise awareness together on facial recognition
In the context of dramatic rise of facial recognition technology (FRT) in public spaces we launched the The End of Privacy in Public campaign. The campaign asks members of the public to ask their MP if facial recognition cameras are being deployed in their local areas. At the moment of writing, dozens of people joined our campaign and messaged their MPs.
Partnerships for impact with organisations across the world
With deep collaboration with partner organisations we achieved campaign results on the right to health, surveillance reform, and election safeguards. Through PI’s support the concerns voiced by our partners from Colombia, Mexico, Brazil were heeded by international human rights institutions. We supported partners work aimed to protect affected populations from technology-driven risks and abuses in Kenya, India, Pakistan. Through their hard work our partners were able to influence public agenda and influence governments' discourse and decisions. For instance, as a result of coalition advocacy led by our partner Haki na Sheria, the Kenyan government acknowledged issues related to implementation of their digital identity system. Our partners from Kenya, Pakistan, Nigeria have been directly approached by high-level officials for consultations and expertise which resulted in various legislative commitments.
PI's educational materials are helpful to others
In 2023, reputable legal and environmental organisations expressed interest in using PI's materials for educational purposes and building their internal capacity. Among the requested materials were: How to avoid social media monitoring: A Guide for Climate Activists, What Is Privacy?, Big Data, Data Protection Explained, What is Data Exploitation?. More educational materials could be found on our Learn page and our YouTube channel.
In 2024 we will continue our fights for the protection of our rights and dignity and expect more wins to come.
To help us producing meaningful change and protect all of us from abusive use of technology, please consider making a donation or joining our mail list.