Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »

Subject reports

Privacy International has been producing world-class research reports for over a decade, in collaboration with academic institutions across the globe. We work on a huge range of topics, from counterterrorism policy, to financial privacy, to EU data protection rules.


New technologies may hold great benefits for the developing world, but without strong legal frameworks ensuring that rights are adequately protected, they pose serious threats to populations they are supposed to empower.

This is never more evident than with the rapid and widespread implementation of biometric technology. Whilst concerns and challenges are seen in both developed and developing countries when it comes to biometrics, for the latter they are more acute due the absence of laws or flawed legal frameworks, which are failing to uphold and ensure the protection of basic human rights.


Our special report shining a light on the secretive Five Eyes alliance, where we lay out how the laws around which the Five Eyes are constructed violate human rights law, and argue the Five Eyes States owe a general duty not to interfere with communications that pass through their territorial borders.


Privacy International is grateful to the students and staff of the Hebrew University of Jerusalem Faculty of Law Clinical Legal Education Centre, for providing research assistance to this paper.

The advent of new technologies and the Internet have provided new challenges to long-standing human rights norms. By facilitating increased State surveillance and intervention into individuals’ private lives, the spread of digital technologies has created a serious need for States to update their understandings and regulation of surveillance and modify their practices to ensure that individuals’ human rights are respected and protect.

Accordingly, in July 2013, Privacy International, in conjunction with the Electronic Fronteir Foundation, Access and a range of civil society organisations and academic experts, launched the International Principles on the Application of Human Rights to Communications Surveillance. The Principles articulate what international human rights law – which binds every country across the globe – requires of governments when conducting surveillance in the digital age.


This briefing provides an overview of privacy and surveillance laws, policies and practices in Bahrain. The regulations that permit access to personal data, the communications interception regime and relevant consitutional safeguards are highlighted and examined. This is not intended to be a full analysis, but rather contains all the necessary information to facilitate a basic understanding of surveillance practices inside Bahrain, especially with regards to to foreign companies supplying surveillance and monitoring technologies. 

We aim to keep our knowledge of the state of privacy across the world as up-to-date as possible - this is a huge undertaking and we are always keen to gather more local knowledge. If you have some information to share or you spot an error, please drop us a line at If you would like to support this crucial research project, please consider making a donation.


This report was submitted to the Joint Committee on Human Rights. Under the current version of the draft Communications Data Bill, records of every person or entity with whom any given individual has communicated electronically would be collected continuously and stored for one year. These records would include the time of the communication and the location from which it originated. 

The Communications Data Bill raises a number of concerns with regards to the right to privacy under Article 8 of the Human Rights Act. There are also concerns about the right to free expression under Article 10 and the right to freedom of assembly and association under Article 11 due to the potential chilling effect of the 'menace of surveillance' (Klass v Germany), but as these apply more generally to the broader domain of communications surveillance in the UK, we have restricted our comments to Article 8 issues for the purposes of this response.

Many thanks to Covington and Burling who assisted with the preparation of this submission. 


This is a memo prepared by Barry Steinhardt of Friends of Privacy USA for Members of the European Parliament regarding the proposed EU-US Agreement PNR.

The proposed agreement regarding Passenger Name Records (PNR) between the United States and the European Union is riddled with faulty assertions and assumptions about US law and the actual operations of the US government.

These faulty assertions and assumptions go to the heart of the agreement and undercut the claims of protections for European travelers.

As an American lawyer with substantial experience on the PNR and related issues, I want to set the record straight for the European officials who must act on the proposed agreement.

This memo highlights the most serious of those faulty claims and assumptions.


Last month the European Parliament adopted a resolution that amends the current dual-use export mechanism and inserted a licensing requirement for ICTs that are likely to become instrumental in human rights violations, if exported.

However, this is only a first step because there is no ex ante control and the export control mechanisms (and underlying benchmarks) are primarily the responsibility of the EU Member States.


Privacy International se complace en presentar una nueva guía sobre privacidad y protección de datos para hispanohablantes.  Este documento es una traducción del inglés al español de una selección de las partes mas relevantes y más al día de 2 informes: la ultima edición de Privacy & Human Rights 2006 (Privacidad y Derechos Humanos 2006) y European Privacy and Human Rights 2010 (Privacidad y Derechos Humanos Europa 2010).

Privacy & Human Rights es un informe anual publicado por el Electronic Privacy Information Center (EPIC) y Privacy International que proporciona una vista general de temas claves de privacidad y protección de datos y revisa el estado de la privacidad en más de 75 países alrededor del mundo. El informe resume las protecciones legales, nuevos desafíos, los asuntos y los acontecimientos importantes que relacionan a la protección de la intimidad y datos. Publicada anualmente desde 1998, esta investigación ha llegado a ser el análisis  más completo sobre  la intimidad global jamás antes publicado.


Privacy International has frequently criticised the UK Information Commissioner's Office (ICO) for shortcomings ranging from timidity to technical ignorance. However, material received from a Freedom of Information request to the Office in September 2011 revealed that the regulator had crossed a line from incompetence to possible malpractice.

The ICO has responsibility for the operation of both the Data Protection Act and the Freedom of Information Act in the UK. This dual responsibility is not unusual in the regulatory world, though the combination can lead to a conflict of interest when it comes to FOI requests about the Commissioner's Office itself.


PI was recently invited by Mr Subash Chandra Nembang, Honourable Chairman of the Constituent Assembly of Nepal to recommend language for a modern constitutional privacy provision. This report is the result of our research. 


When we think of privacy in the political system we tend to recall historic events like Watergate, secret files held by governments in war-time, and blacklists. Modern political surveillance is more advanced and sophisticated. In this report we identify some of the modern political surveillance initiatives by governments around the world. We must recognise that all political systems require privacy to function, and devise our policies and build our technologies accordingly.

A version of this piece was published by Index on Censorship, Vol. 39, No. 1, 58-68 (2010).


This report is the result of research conducted by researchers at Privacy International, coordinated by the London School of Economics and Political Science. The report was commissioned by the International Development Research Centre.

New technologies such as mobile phones and electronic medical record (EMR) systems promise to transform the provision and management of medicine all over the world. In the U.S. alone, billions are being spent on information technologies for healthcare.


Privacy International, the Electronic Privacy Information Center (EPIC) and the Center for Media and Communications Studies (CMCS), are pleased to present the study "European Privacy and Human Rights (EPHR) 2010", funded by the European Commission's Special Programme "Fundamental Rights and Citizenship," 2007-2013.

EPHR investigates the European landscape of national privacy/data protection laws and regulations as well as any other laws or recent factual developments with and impact on privacy. The study consists of 33 targeted reports, an overview presenting a comparative legal and policy analysis of main privacy topics and a privacy ranking for all the countries surveyed.

Privacy International has conducted an analysis of the country reports. Our research team has taken additional information from other sources to provide the summary information below for each country, noting the key developments and identifying the state of affairs.


Following on from their 2009 discussion paper, in 2010 the European Commission published a Communication on changes to the 1995 European Union Directive on data protection.  The European Union's 1995 Directive on data protection is a leading regional instrument for privacy and is often the model for other countries across the globe.  The Directive has been integral to pushing back against key surveillance and tracking initiaitives by governments and industry.

In this report we respond to that Communication with our thoughts regarding the Communication, and our concerns regarding the initiative to change the 1995 Directive.  


The UN Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism published his report on privacy and anti-terrorism powers. PI staff members advised the Special Rapporteur on this project.

The report identifies the policy trends around the world, the extraneous powers sought by some governments, the use and banning of technologies to enhance surveillance, and the abuses that have arisen.

This report is only available as a PDF, and is also available on the UNOHCHR website:  announcement and report.

The Special Rapporteur makes the following recommendations.


Following the case of the so-called 'underwear bomber', policy-makers again sought to implement some form of 'profiling' at airports to prevent future attacks on travel. The European Voice asked us to write a response to these emerging plans. We comment on the feasibility and desirability of such a scheme.


PI has responded to the European Commission's consultation on the future of the legal framework for the protection of personal data in Europe.

The Commission asked the following questions:

1. Please give us your views on the new challenges for personal data protection, in particular in the light of new technologies and globalisation.

2. In your views, does the current legal framework meets these challenges?

3. What future action would be needed to address the identified challenges?


In early 2008 we began an 18-month project to study the privacy dynamics in a number of developing countries in Asia. This project was funded by the International Development Research Centre.

Over that period we researched the policy landscape in a number of countries in the region. Through extensive research, networking, and outreach campaigns, we identified six countries for more detailed analysis: Bangladesh, India, Malaysia, Pakistan, the Philippines, and Thailand. We visited those countries to meet with key stakeholders in government, industry, academia, the media and civil society. When possible and appropriate we also presented at workshops (e.g. India), hosted meetings for civil society (e.g. Malaysia and Thailand) and public forums (e.g. Bangladesh, Pakistan and the Philippines).


This brief is ©Creative Commons Non-Commercial Use 2009. It can be used as the basis for legal submissions in courts with attribution and notification to Privacy International.

It was produced under a grant from the Network Media Program of the Open Society Foundation in London, UK. For a detailed international survey on the subject, see SILENCING SOURCES: An International Survey of Protections and Threats to Journalists' Sources (Privacy International 2007).


Since 1997, the US-based Electronic Privacy Information Center and the UK-based Privacy International have undertaken what has now become the most comprehensive survey of global privacy ever published. The Privacy & Human Rights Report surveys developments in 70 countries, assessing the state of surveillance and privacy protection.


Extracted from Gus Hosein's "International Co-operation as a Promise and a Threat", in Cybercrime and Jurisdiction: A Global Survey, Bert-Japp Koops and Susan W. Brenner, TMC Asser Press, The Hague, 2006.

3.3.2. Case: Maher Arar and the International Co-operation in Intelligence

Increased calls for international co-operation may seem uncontroversial. In reality international co-operation can raise highly controversial situations, often creating more problems than it solves. What is more interesting is to note the differences, the strains, when co-operation goes awry, or when it goes all too well.


This report has been prepared by Privacy International following a six-month investigation into the privacy practices of key Internet based companies. The ranking lists the best and the worst performers both in Web 1.0 and Web 2.0 across the full spectrum of search, email, e-commerce and social networking sites.

The analysis employs a methodology comprising around twenty core parameters. We rank the major Internet players but we also discuss examples of best and worst privacy practice among smaller companies.


Far too many efforts to combat terrorism have focused on the use of sensitive personal information and mass surveillance - techniques that have been demonstrated to deliver limited benefits and that create substantial negative outcomes.  Much of the responsibility for this approach to anti-terror policy belongs to the US Government. The EU however is not exempt from this type of policy, however. For a number of years the European Union and its Member States have been implementing expansive data surveillance policies that in many ways mimic US policies and in some particular ways go well beyond what is considered acceptable in the US.


In this briefing for members of the European Parliament, we identify the key problems with the policy of communications data retention. The proposals being proposed by the European Commission and the Council require the collection and logging of every telecommunication transaction of every individual within modern European society. Almost all human conduct in an information society generates traffic data. Therefore traffic data can be used to piece together a detailed picture of human conduct. Under the various proposals, this data will be kept for between six months and four years.

There are clear challenges for these proposals with respect to the European Convention on Human Rights, the European Charter on Fundamental Rights and national constitutions. The case still has not been made that retention is necessary in a democratic society. The claimed need for harmonisation is premature at best and challenges democratic process.

As such, we argue that the proposed policy is invasive, illegal, illusory and illegitimate.


This report compares the emerging surveillance policies from Europe and the United States.

We find that in each case the EU is implementing surveillance powers well beyond those in U.S., and with far less openness and debate over these measures. The only area in which the U.S. matched the EU for closed discussion and lack of public debate is on matters that affect non-U.S. citizens and non-U.S. companies. This is particularly the case over the use of technology at borders. In the U.S. there was little debate about the installation of the US-VISIT system; and in Europe, as with most other surveillance policies, there are few discussions on the direction of these policies and little debate.

This report concludes that the two policy blocs can learn more from each other than how to expand powers,. They may also share in some lessons learned from the mistakes in each others' processes and policies. Perhaps this could lead to renewed attention to safeguards and protections from abuse.

A shorter version of this report was published by the Organisation for Security Cooperation in Europe's Representative on Freedom of the Media.


With the rise of attention towards anti-terrorism policies, there are mounting concerns that the tensions within race relations will only rise further. As a consequence, anti-terror laws are increasingly drafted to be non-discriminatory in response to fears voiced by ethnic and minority communities.

This report looks at surveillance policies to identify the emerging hazards of idealising a non-discriminatory approach. First, we fail to acknowledge that the principle of 'freedom from discrimination' is upheld for the most part in law but the political reality is that discrimination emerges nonetheless. Second, this conflict between principle and practice is only made worse by attempts to make generalised policies that are colour-blind and without regard to faiths. Attempts to develop non-discriminatory and indiscriminate policy are fraught with peril, and the chosen paths of reconciliation threaten European society as a whole.


In 2005 we were asked to deliver a speech to the International Conference of Data Privacy Commissioners on the privacy implications of anti-terrorism policies on an international level.  This report was developed for that speech.


This report investigates the probable effect of the proposed UK national identity card system on people who are marginalised, who suffer social disadvantage or exclusion, and those who are disabled. The work focuses on the biometrics element of the government’s proposals (specifically facial recognition, fingerprinting and iris scanning).

The Report provides a specific assessment of the recently published biometrics trial conducted by the UK Passport Service (UKPS), and compares these findings with other research.



[This report was written for the Organisation for Security Cooperation in Europe's Representative on Freedom of the Media and was included in the 2004 book 'Future Challenges of the Information Society', pp242-263.]


Among the many laws passed in the U.S. in the months after the terrorist attacks of September 11 2001, some have significant effects on other countries. This report outlines the case of passenger data records transfers; from the databases of EU carriers into the databases of the U.S. Department of Homeland Security.

These transfers create problems for the privacy protection of all affected people who are not U.S. persons. U.S. privacy law protects U.S. persons; EU privacy law protects personal data in the EU. Once this information is transferred to the U.S., U.S. law applies. The common practice of the European Commission is to establish an agreement on this transfer that includes, among other rights, clear constraints on the use, retention, and further transfer of this data.

The EU negotiated with the U.S. over these data records transfers for most of 2003, and in December 2003 the European Commission announced what it felt was an adequate agreement. In this report we show how the established agreement fails to meet the interests of privacy protection. 


This report reviews the legal landscape across Latin America with regards to emerging anti-terrorism laws since September 2001. Terrorism is not new to Latin America and many countries had existing legal frameworks. But the influence of international resolutions and conventions, and the temptation of granting greater powers to the law enforcement agencies led to significant new laws. 

Latin American states have endeavoured to adapt existing law enforcement mechanisms, and develop new mechanisms, to investigate, suppress and punish terrorism, on a domestic level and internationally.

This report is only available in PDF.


The Privacy Commissioner for British Columbia made a call for submissions on whether the USA PATRIOT Act could allow the U.S. authorities to gain access to Canadians' personal information, enabled through the outsourcing of Canadian public services to the United States. The Commission also called for comments on the implications for compliance with Canadian provincial privacy laws, and to see if anything could be done to eliminate or mitigate the risks.

In this submission to the BC Commissioner, we contend that the USA-PATRIOT Act does allow access by U.S. authorities, as do many other laws within the U.S. and other agreements between the U.S. and Canada. Moreover, Canadian laws and practices are as equally invasive as the USA-PATRIOT Act, and also provide access to this personal information by other foreign entities.


This Memorandum was commissioned to provide an indication of the legality of measures being undertaken throughout the EU to require the retention of communications data. The advice relates to the retention of data in a mandatory regime. The document is intended as a framework for the development of analyses more specific to national legal environments.

The indiscriminate collection of traffic data offends a core principle of the rule of law: that citizens should have notice of the circumstances in which the State may conduct surveillance, so that they can regulate their behavior to avoid unwanted intrusions. Moreover, the data retention requirement would be so extensive as to be out of all proportion to the law enforcement objectives served. Under the case law of the European Court of Human Rights, such a disproportionate interference in the private lives of individuals cannot be said to be necessary in a democratic society.



The European Committee on Crime Problems (CDPC) of the COE approved the Cybercrime Convention in June 2001 and by the Council of Ministers in November 2001. It was opened for signature in November 2001 and has been signed by over 30 countries

Final version of Convention on Cyber-crime, June 22, 2001.

Explanatory Memorandum, June 22, 2001.

The European Committee on Crime Problems (CDPC) announcement on approval of Convention, June 22, 2001.

Draft 27 of Convention on Cyber-crime and Explantory Memorandum, May 25, 2001.

Letter from PI, ACLU and EPIC expressing concerns over final version of treaty, June 7, 2001.

David Banisar, Privacy International, Endgame for Cybercrime Treaty, in Security, June 4, 2001.


Data processing companies around the world have been buying up up vast chunks of government data and are taking over the responsibility for running traditional public sector activities such as social welfare and taxation. The boom in outsourcing of government services is taking hold in most industrialised countries, but the activity is often outside public scrutiny. The outsourcing process has been described as the quietest privatisation in history.

The implications of the outsourcing boom are far reaching and serious. Privacy, security, sovereignty and accountability are substantially affected. In this article, Privacy International's director, Simon Davies, investigates the British operations of the world's largest outsourcer, Electronic Data Systems (EDS), and explains how the industry is changing the world. An early form of this report was originallly published in Wired (UK) magazine in October 1996.


The evolution of information technology is likely to result in intimate interdependence between humans and technology. This fusion has been characterized in popular science fiction as chip implantation. It is, however, more likely to take the form of biometric identification using such technologies as fingerprints, hand geometry and retina scanning.

Some applications of biometric identification technology are now cost-effective, reliable, and highly accurate. As a result, biometric systems are being developed in many countries for such purposes as social security entitlement, payments, immigration control and election management. Whether or not biometry delivers on its promise of high-quality identification, it will imperil individual autonomy. Widespread application of the technologies would conflict with contemporary values, and result in a class of outcasts.

Proposals for identity (ID) cards have provoked public outrage and political division in several countries. In this paper Simon Davies analyses the key elements of public opposition to ID Card schemes, and profiles the massive 1987 Australian campaign against a national ID card.


This report presents a detailed analysis of the international trade in surveillance technology. Its primary concern is the flow of sophisticated computer-based technology from developed countries to developing countries - and particularly to non-democratic regimes. It is in this environment where surveillance technologies become technologies of political control.



The explosion of telecommunications services has improved the ability for human rights groups to disseminate information worldwide. New telephone, facsimile and computer communications have created opportunities for human rights groups to improve organizing and to promote human rights faster and at a lower cost than ever before. However, these new technologies can be monitored by governments and other groups seeking to monitor the activities of human rights advocates. For this reason, human rights advocates should be aware of the dangers and measures that can be taken to limit surveillance.

The scope of this paper is limited to the interception of oral and electronic communications commonly referred to as wiretapping and other issues related to telephone communications. It will also discuss methods to avoid surveillance.1