Privacy International http://www.privacyinternational.org/ en GDPR - 2 years on http://www.privacyinternational.org/news-analysis/3842/gdpr-2-years <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div id="field-language-display"><div class="js-form-item form-item js-form-type-item form-type-item js-form-item- form-item-"> <label>Language</label> English </div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>GDPR was hard won. PI, together with other civil society actors, <a href="https://privacyinternational.org/impact/global-standard-data-protection-law">fought</a> from the beginning for a version of the law that offers the strongest rights and protections in the face of intense industry lobbying.</p> <h2 id="Holding-the-hidden-data-ecosystem-to-account">Holding the hidden data ecosystem to account</h2> <p>Two years ago, we committed to using GDPR to seek to hold to account the hidden data ecosystem - those companies that amass and exploit large amounts of our data for profit.</p> <p>Here’s some of the action we’ve taken:</p> <ul><li>In Nov 2018, after months of investigation we <a href="https://privacyinternational.org/legal-action/challenge-hidden-data-ecosystem">complained</a> to data protection regulators in the UK, Ireland and France about the practices of seven such companies - Acxiom, Criteo, Equifax, Experian, Oracle, Quantcast and Tapad. The regulators’ investigations are ongoing.</li> <li>In December 2018, following up in March 2019, we exposed how <a href="https://privacyinternational.org/taxonomy/term/552">1000’s of apps were sharing data with Facebook</a>, leading to many companies changing their practices. Although, challenges remain, including with the share of intimate data from <a href="https://privacyinternational.org/long-read/3196/no-bodys-business-mine-how-menstruations-apps-are-sharing-your-data">menstruation apps</a>.</li> <li>In September 2019, we revealed that <a href="https://privacyinternational.org/taxonomy/term/552">mental health websites</a> are sharing data with a range of third parties and we continue to push for improvements.</li> <li>Elections are increasingly data driven, with the often hidden industry complex facilitating the exploitation of data in <a href="https://privacyinternational.org/taxonomy/term/618">political campaigns</a>. Cambridge Analytica was the tip of the iceberg and we continue to use GDPR to demand change.</li> <li>Data intensive companies are increasingly becoming intwined with public services. We are using GDPR to help scrutinise data practices in the context of <a href="https://privacyinternational.org/taxonomy/term/675">welfare</a>, <a href="https://privacyinternational.org/protecting-migrants-borders-and-beyond">migration</a> and <a href="https://privacyinternational.org/campaigns/reproductive-rights-and-privacy-project">sexual and reproductive rights</a>.</li> </ul><h2 id="Enforcement-action-is-urgently-needed">Enforcement action is urgently needed</h2> <p>Two years on our main concern is the lack of implementation of GDPR and the enforcement gap. Our work shows numerous infringements of GDPR but controllers are not being sufficiently held to account. These infringements do not only further exacerbate the opacity surrounding the online data ecosystem but also constitute a major obstacle to the effective exercise of data subjects’ rights, effectively undermining the protection afforded by GDPR and people’s trust in the law to protect their fundamental rights.</p> <p>Urgent action by data protection authorities is needed to make GDPR a reality in practice.</p> <h2 id="Strenthening-not-undermining-the-GDPR">Strengthening not undermining the GDPR</h2> <p>We are deeply concerned that GDPR protections are being undermined by the way that Member States have implemented derogations (the parts of GDPR which could be changed at national level).</p> <p>Of particular concern are:</p> <ul><li> <p>Lawful basis, stretching the interpretation of the conditions set out in Article 6 and introducing broad conditions for processing special category personal data under Article 9 which are open to exploitation, including for example loopholes for political parties.</p> </li> <li> <p>Exemptions, introducing wide and over-arching exemptions under Article 23 removing the protections of GDPR from huge amounts of processing with consequences for people’s rights. For example, is the immigration exemption introduced in paragraph 4 of Schedule 2 to the UK’s Data Protection Act 2018.</p> </li> <li> <p>Collective redress, the majority of Member States decided not to implement the derogation in Article 80(2) of GDPR, with hugely damaging consequences for the protection of personal data. Many of the infringements we see are systemic, vast in scale and complex and thus impossible for an individual to challenge. Yet without Article 80.2 there is no effective redress in place.</p> </li> </ul><p>GDPR does not and cannot operate in a silo. Just as the right to data protection interacts with other rights, it is essential that other legal frameworks bolster the protections of GDPR. A key example of this is the draft ePrivacy Regulation. Civil society has <a href="https://privacyinternational.org/learn/eprivacy">consistently called</a> for delivery of a strong Regulation.</p> <h2 id="Going-forward">Going forward</h2> <p>Today, we join civil society across Europe, in <a href="https://edri.org/open-letter-edri-urges-enforcement-and-actions-for-the-2-year-anniversary-of-the-gdpr/">writing to the European Commission</a> to call for enforcement, the closing of loopholes and the bolstering of other legal frameworks to support GDPR.</p> <p>We’ve also <a href="https://staging.privacyinternational.org/sites/default/files/2020-05/Letter%20to%20ICO%20re%2025%20May%202020.pdf">written</a> to the UK regulator, the ICO to express our disappointment at the lack of enforcement action and encourage action on ad tech, data brokers, political data exploitation and the use of mobile phone extraction by law enforcement as well as close scrutiny of responses to Covid-19.</p> <p>In this time of crisis a strong data protection framework like GDPR should facilitate the trustworthy use of data where necessary and limit the exploitative responses of <a href="https://privacyinternational.org/campaigns/fighting-global-covid-19-power-grab">governments and companies to Covid-19</a>. Sadly, this is <a href="https://privacyinternational.org/news-analysis/3592/covid-19-response-corporate-exploitation">not always the case</a>. We see companies already <a href="https://privacyinternational.org/long-read/3751/sort-trust-verify-palantir-responds-questions-about-its-work-nhs">infamous for their data practices</a> taking advantage.</p> <p>It’s still just the beginning and we will continue to fight <a href="https://privacyinternational.org/where-we-work">with partners around the world</a> to make data protection a reality in practice.</p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/profiling" hreflang="en">Profiling</a></div> <div class="field__item"><a href="/learn/data-protection" hreflang="en">Data Protection</a></div> <div class="field__item"><a href="/learn/eprivacy" hreflang="en">ePrivacy</a></div> <div class="field__item"><a href="/learn/privacy" hreflang="en">Privacy</a></div> <div class="field__item"><a href="/learn/general-data-protection-regulation" hreflang="en">General Data Protection Regulation</a></div> <div class="field__item"><a href="/learn/what-companies-do" hreflang="en">What Companies Do</a></div> <div class="field__item"><a href="/learn/adtech" hreflang="en">AdTech</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-above"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/challenging-corporate-data-exploitation" hreflang="en">Challenging Corporate Data Exploitation</a></div> <div class="field__item"><a href="/strategic-areas/defending-democracy-and-dissent" hreflang="en">Defending Democracy and Dissent</a></div> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> </div> </div> <div class="field field--name-field-attachments field--type-file field--label-hidden field__items"> <div class="field__item"><table data-striping="1"> <thead> <tr> <th>Attachment</th> <th>Size</th> </tr> </thead> <tbody> <tr class="odd"> <td> <span class="file file--mime-application-pdf file--application-pdf"> <a href="http://www.privacyinternational.org/sites/default/files/2020-05/Letter%20to%20ICO%20re%2025%20May%202020.pdf" type="application/pdf; length=260764">Letter to ICO re 25 May 2020.pdf</a></span> </td> <td>254.65 KB</td> </tr> </tbody> </table> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/511" hreflang="en">Enhancing Data Protection Standards</a></div> </div> </div> <div class="field field--name-field-date field--type-datetime field--label-above"> <div class="field__label">Date</div> <div class="field__item"><time datetime="2020-05-25T12:00:00Z" class="datetime">Monday, May 25, 2020</time> </div> </div> </div> </div> Fri, 22 May 2020 15:25:20 +0000 staff 3842 at http://www.privacyinternational.org Covid Contact tracing apps are a complicated mess: what you need to know http://www.privacyinternational.org/long-read/3792/covid-contact-tracing-apps-are-complicated-mess-what-you-need-know <span class="field field--name-title field--type-string field--label-hidden">Covid Contact tracing apps are a complicated mess: what you need to know</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Tuesday, May 19, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Covid Apps are on their way to a phone near you. Is it another case of tech-solutionism or a key tool in our healthcare response to the pandemic? It’s fair to say that nobody quite knows just yet.</p> <p>We’ve been tracking these apps since <a href="https://privacyinternational.org/long-read/3675/theres-app-coronavirus-apps">the early days</a>. We’ve been monitoring Apple and Google closely, have been <a href="https://privacyinternational.org/long-read/3752/coronavirus-tracking-uk-what-we-know-so-far">involved in the UK’s app</a> process, our partners in <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=Chile+(61)&amp;sort_by=field_date_value&amp;sort_order=DESC">Chile</a> and <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=Peru+(366)&amp;sort_by=field_date_value&amp;sort_order=DESC">Peru</a> have been tracking their governments’ apps, <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19">and more</a>.</p> <p>Of course privacy concerns arise. But only a simplistic analysis would position this as a <em>privacy vs pandemic</em> response. Any attempt to say that rights are in the way of an effective response to covid is hopelessly naive. Like with all the trillions spent on tech to combat terrorism, the reality is that the tech response to covid is a royal mess.</p> <p>This is no suprise - it's symptomatic of governments’ poor understandings of technology, and their hopes for an easy fix. Better technological systems can emerge when there's careful scrutiny, but governments’ responses are being hamstrung by their pre-existing tendencies to secrecy, tech-enabled authoritarianism, and austerity. Covid was petrol added to those fires. And we've ended up with the tech we have.</p> <p>But not everything is a disaster. Some tech solutions are horrible, some are pointless; often the implementation and context are everything. And to be very clear: we don’t know what will work.</p> <p>This is a long read. Because the topic of apps deserves nuance rather than knee jerk reactions.</p> <h3>Here are the things we explore:</h3> <ul> <li> <a href="#traditional">Testing and tracing are the foundations of an effective response.</a> </li> <li> <a href="#contact">It’s unclear if any of the data generated by mobile phones are of use</a>; and they won’t be as reliable as manual contact tracing.</li> <li>Making apps <a href="#panic">mandatory will increase inequality.</a> </li> <li> <a href="#centraldecentral">Centralised Bluetooth</a> based systems may not work as well on Apple and Android devices, i.e. the entire relevant smartphone market.</li> <li>Apple and Google chose <a href="#centraldecentral">a decentralised architecture</a>, a decision that makes it difficult to turn their apps into quarantine enforcement tools.</li> </ul> <p class="extract">Our core warning is this: we must build crisis-era tech with the presumption that it will be used in a country with weak rights protections, and that it will ultimately be used against the people it’s designed to protect. </p> <p>Any tech that relies on promises of good intent will be, in the end, as broken as those promises if the crisis continues unabated.</p> <h2><a name="concerning"></a>Why contact tracing is concerning</h2> <p>What’s being attempted with these apps is the accumulation of data on every person you’ve interacted with and possibly every location you’ve been. This has never before been done on this kind of a mass basis: it’s never been recorded centrally by any government in history because it’s not been possible.</p> <p>And yes, data brokers and social networks and telco operators know much of your business. But it’s why organisations like PI exist to hold those actors to account and ensure they don’t exploit this data. It also helps that their data is often unreliable and laws seek to restrain their abilities to mine data for profit.</p> <p>No government has ever known as much about you as they may be about to.</p> <h2><a name="traditional"></a>Traditional contact is necessary, hard, and human</h2> <p>When there’s an outbreak, manual contact tracing is invaluable at some stages of response. It’s necessarily invasive, and labour intensive. Trained professionals would try to understand and address your concerns and do some analysis of your locations and your interactions over the period of contagiousness.</p> <p>It’s a tried and true methodology. This captured data is about identifiable people. But it would be limited to what you know and generally to what you’re willing to share. And its purpose is limited to responding to a specific health emergency.</p> <p>Not every country is resorting to an app to complement manual tracing. At the moment New Zealand, for instance, is emphasising manual contact tracing as it emerges from lockdown. We've also seen some analyses of China indicate that the traditional response of local action was integral to their response.</p> <p>Finally, easy access to virus-testing appears to be a key and necessary component to a coherent response. Otherwise false positives, where people believe they have the virus but do not, could generate a lot of unnecessary contact-tracing, and in turn, people going into lockdown unnecessarily.</p> <h2><a name="contact"></a>So now there’s an app for that: contact tracing apps</h2> <p>Could contract-tracing apps replace traditional manual contact tracing? No. Absolutely not, say nearly every public health expert.</p> <p>In fact, we must start all discussions about apps with this foundation point: we don’t know if these apps will work or if they’re worth the effort. Any attempt to argue that they're necessary invasions of privacy are far too premature. The results could be too noisy to be a useful surveillance tool or part of a reasonable health response.</p> <p>But they may provide useful insight. Contact tracing is limited to what who you know and remember and are willing to share. These apps could potentially log every person, or their device... but only if their device meets a specific set of criteria; as yours must too. And if you chose to download the app, or were forced to. But wait, we’re getting ahead of ourselves.</p> <h2><a name="tryeverything"></a>Early solutions: try everything</h2> <p>Contact tracing apps come in many shapes and sizes. Early versions came in the form of apps that enforced quarantine.</p> <p>China was an early mover on <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=China+(119)&amp;sort_by=field_date_value&amp;sort_order=DESC">tech solutions</a>. The various tools included an app that monitored locations; but also there was a lot of analysis of mobile telecoms data, with varying <a href="https://www.ft.com/content/760142e6-740e-11ea-95fe-fcd274e920ca">levels of success</a>. Some apps also used an algorithm that would give you a score, that you couldn’t question, and which reported location data <a href="https://privacyinternational.org/examples/3417/china-alipay-health-code-app-controls-movement-china">to the police</a>.</p> <p>South Korea also stretched the boundaries with claims that they are <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=South+Korea+(361)&amp;sort_by=field_date_value&amp;sort_order=DESC">matching CCTV with other data sources</a> to identify people for tracing. We look forward to seeing more analysis on how this was done across the board as this would be an extraordinarily complex exercise synchronising vast data sets.</p> <p>Ultimately, however, both countries have advanced testing capabilities.</p> <h2><a name="grab"></a>Planned authoritarianism: grab everything</h2> <p>When you’re a government that lacks imagination for inventive solutions, the first resort is to grab as much data as you can, just like you've dreamed of doing for years.</p> <p>The governments of Israel, Kenya, and Turkey, <a href="https://privacyinternational.org/examples/telecommunications-data-and-covid-19">among others</a>, have grabbed telco data to look at people’s interactions, without limiting collection to people who are unwell. These are governments who covet surveillance, so of course they’d use a crisis as an opportunity to expand their powers.</p> <p><a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=Israel+(259)&amp;sort_by=field_date_value&amp;sort_order=DESC">Israel’s government</a> handed all this data to its security services to do the analysis. Israel’s courts and parliament <a href="https://privacyinternational.org/long-read/3747/israels-coronavirus-surveillance-example-others-what-not-do">have responded</a> and made it absolutely clear this is an unconstitutional power grab - but they shouldn't have had to.</p> <h2><a name="panic"></a>Panicked authoritarianism: mandatory</h2> <p>Beyond the bulk data grabs that are hidden from the sight of individuals, there are apps. These require individuals to take action, and for some governments this was also an opportunity for authority and enforcement - raising serious concerns about inequality.</p> <p>India is <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?field_location_region_locale_target_id=India+(121)&amp;sort_by=field_date_value&amp;sort_order=DESC">a key example</a>. The Indian government made its app mandatory for all people returning to work; some reports claim that it’s also necessary for people to take public transport.</p> <p>India’s response is surprising. The aspiration for a mandatory smartphone app in a country with immense inequality is startling. How can you make something mandatory if not everyone has a smartphone or can afford to use it in accordance with government requirements?</p> <p>The bluntness of this mandatory approach only makes it more perplexing considering the diversity of phones in India. Does the app work in the background or burn a hole into your battery power? Does it even record interactions or just make people think it works? It’s unclear how you enforce this mandatory requirement, unless we endorse searching people’s phones.</p> <p>Like China’s, India’s app uses location data through GPS; it also uses Bluetooth. But this raises the question of accuracy: what is the data source you trust to automatically report on people’s interactions? <a href="https://privacyinternational.org/explainer/3753/gps-tracking-and-covid-19-tech-primer">GPS</a> or <a href="https://privacyinternational.org/explainer/3679/telco-data-and-covid-19-primer">telephone network data</a> may actually not be as useful as you imagine. So finally we are at the apps in question today: Bluetooth low energy proximity tracking.</p> <h2><a name="centraldecentral"></a>Centralised vs Decentralised voluntary Bluetooth systems</h2> <p>If your government has chosen to only use <a href="https://privacyinternational.org/explainer/3536/bluetooth-tracking-and-covid-19-tech-primer">Bluetooth Low Energy</a> proximity tracing then things are starting from a relatively less problematic place. While we still don’t know it’s going to work, the surveillance authoritarian dystopia is relatively harder to build upon this technology; but we must still be on close watch.</p> <p>These apps still give rise to larger societal issues for which we’re unprepared. For instance, will your employer allow you to quarantine because an app on your phone says so?</p> <p>So much focus has gone instead into whether these apps are part of a centralised or decentralised system.</p> <p>Good people disagree about whether centralised systems or decentralised systems are better.</p> <ul> <li> <strong>Centralised systems</strong> generally keep proximity data locally on the mobile phone until the person indicates that they are unwell and then the data is uploaded centrally; and they often are built on the assumption that testing isn't done with ease, so then intelligence is used to discern whether and who to notify, which allows for more adaptations and learning. But, they could become data mines for exploitation.</li> <li> <strong>Decentralised systems</strong> could also feed data centrally if you’re required to enter data manually into the app, and presume that access to tests isn’t a problem so contact notifications are only sent out with a positive test result; and generally keep proximity data on devices both before and after diagnosis and receiving notifications.</li> </ul> <p>There are significant efficacy and equity differences that may arise depending on which system in chosen.</p> <p>Bluetooth LE is promiscuous - it can find and connect to many other Bluetooth devices. Generally phone operating systems limit its usage, because it creates risks for users - including being tracked by other people. In normal times no-one wants their local supermarket tracking their phone around the shop.</p> <p>Unfortunately for governments building these apps, tracking is precisely what they want to use Bluetooth for, so they spent March and April trying to hack away at those protections. When they failed it required their app to run in the foreground: your phone had to be unlocked for their apps to work.</p> <p>The cuddlier side of the U.K.’s intelligence/global spy agency thinks it's found a <a href="https://reincubate.com/blog/staying-alive-covid-19-background-tracing/">slight hack</a> into Apple’s iOS’ way of doing Bluetooth connections, so its app appears to work slightly better than many others but it’s still quite alarmingly unclear. For instance, our own tests couldn’t replicate what others had found.</p> <p>Then it’s unclear what effect these have on battery life and whether they work on older phones. It’s a version of the India problem and it truly rears its ugly head if the app becomes necessary for access to testing, government services, or work.</p> <p>In April, Apple and Google entered the fray, saying they would fix this problem in their operating systems by including a new interface for these apps to use to access Bluetooth LE more efficiently (an ‘API’). But in an unprecedented move, they said they would only do this for decentralised infrastructure: data would remain on the app, both for proximity tracing and when you are tested positive and need to notify others. The central government authority doesn’t get the automatically generated data of your interactions with others.</p> <p>Recognising the value of having more effective apps, Germany switched over to a decentralised solution. There are rumours that Australia will too.</p> <p>In the case of the UK app, designed while the government was flailing and failing badly at testing, the U.K. app stores connection data on the device unless you’re unwell - it then uploads information to a central repository to make a decision about whether to notify the devices you’ve interacted with.</p> <p>The core decision is about whether or not to notify others. Centralised apps use some automated decision making to determine whether you’re truly at risk and then decide whether to notify the people, or phones, you've interacted with. The decentralised apps require an actual test result before sending those notifications.</p> <p>Put backwards: decentralised apps presume a country is doing widespread testing for covid; centralised apps presume there’s still testing chaos.</p> <p>Another core decision was how to treat identifiers. These apps all have some way of identifying people's phones - essentially giving them names, so that each phone they connect with has a log of who they met.</p> <p>The Apple/Google system requires apps modify these identifiers every fifteen minutes. This limits function creep - making it harder to repurpose the data to track you for other reasons. For example, an app that didn't modify it's identifiers frequently could help notify authorities if you've interacted with other devices at all.</p> <p>The U.K. app changes these identifiers on a daily basis; whereas the Indian app doesn’t use dynamic identifiers yet. This matters — apart from trying to link an identifier back to a device, it allows the app to have multiple purposes. The U.K. app could identify that you’ve interacted with fifteen people in a given day, for example, and thus inform you that you’re not sufficiently locked down or quarantining; whereas under Apple/Google it could gather over 80 identifiers from a single other device in just one day, rendering this type of tracking pointless.</p> <p>Though they don’t say this, there are good reasons for Apple and Google's decisions around decentralisation, privacy and identifiers:</p> <ul> <li>First, their solutions have to work in many contexts and countries.</li> <li>Second, false positives would degrade people's willingness to use the apps.</li> <li>Third, it’s an unprecedented capability and to just hand this to any government would allow a new scale of horrific and authoritarian implementations.</li> </ul> <p>But what about friendly democratic governments? Can’t the US, France and the UK get special access for their apps? We’ve heard these claims from many a policy-maker.</p> <p>The answer must be no. This is the crypto wars all over again: a special key for some governments will be sought and used by others. Also France and the U.K. are special markets but not as important, lucrative, and influential as India, Turkey and China.... and many other countries with less than admirable surveillance regimes.</p> <p>And let’s not pretend that France, the US and the U.K. are somehow good actors in the surveillance business. Their agencies have been prone to abuses in collection and exploitation, and PI is currently involved in <a href="https://privacyinternational.org/legal-action">litigation</a> involving all their over-reaches. If only they could be trusted in this key health emergency but they’ve misbehaved in recent years in profoundly undemocratic and unlawful ways. With no reconciliation or learning.</p> <h2><a name="trust"></a>It’s about trust: building crisis tech within crises</a></h2> <p>In late April to the surprise of many, Germany shifted from a centralised to a decentralised system.</p> <p>For Germany the shift may be for efficacy; but last week computer scientists and epidemiologists alike <a href="https://www.lsc-digital-public-health.de/en/news/item/download/2_01538c830707bd3f952584f6f1cc3ca3.html">issued a statement</a> saying that these apps are a huge exercise in trust. And to engender trust safeguards are required. Decentralisation is one such safeguard but by no means the only one.</p> <p>Decentralisation isn’t a sufficient protection against data exploitation. After all it’s possible to build a decentralised app that still requires people to upload a lot of intimate data for exploitation. And testing and manual tracing will still occur, hopefully, and involve a huge amount of data. Protecting against exploitation of that data is just as important, even while we accept it needs processing.</p> <p>Generally our take is that we must approach these app initiatives with great care and deploy new exceptional rules.</p> <p>These would include:</p> <ul> <li>Limit by law and by design the number of purposes and uses for an app, eg an app we need to trust shouldn’t be used for quarantine enforcement.</li> <li>Ask users to upload data sparingly and make it clear to them why each piece is important.</li> <li>Delete the data once this pandemic is over.</li> <li>Go further and delete the capability too: apps and APIs alike should be removed when this is done rather than try to find another purpose for them exist.</li> </ul> <p class="extract">Otherwise function and mission creep will follow, as naturally as the night follows the day. Quarantining apps today will enforce house arrest tomorrow. Monitoring interactions and proximity today will be used on protestors and social movements tomorrow. Bluetooth data will be used for advertising and social graphs. </p> <p>Let’s rewrite the book on emergency power enshrined in tech. ‘New rules for new times’, we are often told as governments seek their new powers and capabilities. We are saying it right back at them. Have the courage to make this the one time you live up to your promise to use extraordinary powers with restraint, and to destroy those powers when the emergency is over.</p> <p>These tools mustn’t become part of our general response to challenges. We must commit to never using these tools or the data until another global emergency arises. Yes, these are extraordinary measure for extraordinary times. We need to make a commitment that it’s not the new normal.</p> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/poverty" hreflang="en">Poverty</a></div> <div class="field__item"><a href="/learn/metadata" hreflang="en">Metadata</a></div> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/health-data" hreflang="en">Health Data</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/835" hreflang="en">Companies protect privacy by design, not exploit people and their data.</a></div> <div class="field__item"><a href="/taxonomy/term/836" hreflang="en">Technologies, laws, and policies contain modern safeguards to protect people from exploitation.</a></div> <div class="field__item"><a href="/taxonomy/term/838" hreflang="en">People and communities can protect their data and rights, resist and object to exploitation by governments and industry.</a></div> <div class="field__item"><a href="/taxonomy/term/485" hreflang="en">Limit data analysis by design</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/advocacy" hreflang="en">We demand change and litigate</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> <div class="field__item"><a href="/taxonomy/term/730" hreflang="en">Educational</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/235" hreflang="en">t-h-chia-tVZMk-cidEc-unsplash.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>As Governments, Apple and Google compete in proximity tracing, here’s our take on building tech in times of crisis. </p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Contact tracing is an important emergency healthcare initiative, and is necessarily invasive.</li> <li>Coronavirus Apps do much more and much less than manual contact tracing. </li> <li>There are dangerous tracing initiatives that regularly report on your activities. </li> <li>There are interesting initiatives that may or may not work. These are somewhat privacy-aware, and can be either centralised or decentralised. </li> <li>Apple and Google support decentralised proximity tracing, in privacy- and security-aware ways. </li> <li>Those who build these systems need to quickly build and engender trust. They’ve been flailing in secrecy. </li> </ul></div> </div> Mon, 18 May 2020 23:10:01 +0000 tech-admin 3792 at http://www.privacyinternational.org A documentation of data exploitation in sexual and reproductive rights http://www.privacyinternational.org/long-read/3669/documentation-data-exploitation-sexual-and-reproductive-rights <span class="field field--name-title field--type-string field--label-hidden">A documentation of data exploitation in sexual and reproductive rights</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">tech-admin</span></span> <span class="field field--name-created field--type-created field--label-hidden">Tuesday, April 21, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><span><span><span><span>The organised opposition to sexual and reproductive rights has gone digital. Data exploitative tech is being developed that is capable of obtaining vast amounts of intimate information about people’s reproductive health, and delaying or curtailing access to reproductive healthcare.</span></span></span></span></p> <p><span><span><span><span>Technology provides incredible opportunities to democratise access to reproductive health information, services, and care. It can play a vital role in protecting the lives of those needing sexual and reproductive health information and care, especially in places where access is otherwise impossible. </span></span></span></span></p> <p><span><span><span><span>Simultaneously, those standing in opposition to reproductive rights are developing and promoting digital tools and tactics that attempt to curtail the ability of people to exercise their reproductive rights.</span></span></span></span></p> <p><span><span><span><span>The exploitation of data by the opposition movement is just beginning. As this report shows, the utility of data to rapidly and precisely target content online, to uncover a person’s location, to understand people’s mindsets and lifestyles, is not unknown to those fighting against reproductive rights. Privacy experts and reproductive rights organisations globally must work together to expose and advocate against such data exploitation.</span></span></span></span></p> <p> </p> <h2><span><span><span><span>PI has documented 10 data exploitative tactics that the opposition is using to delay or curtail access to reproductive healthcare. </span></span></span></span></h2> <p><span><span><span><span>These tactics include:</span></span></span></span></p> <ul><li>Developing digital dossiers about those seeking pregnancy options: the<span><span><span><span> <a href="https://privacyinternational.org/long-read/3096/how-anti-abortion-activism-exploiting-data">system</a> appears to be able to collect information such as name, address, email address, ethnicity, marital status, living arrangement, education, income source, alcohol, cigarette, and drug intake, medications and medical history, sexual transmitted disease history, name of the referring person/organisation, pregnancy symptoms, pregnancy history, medical testing information, and eventually even ultrasound photos.</span></span></span></span></li> <li><span><span><span><span>Deploying geo-fencing technology that can </span></span><a href="https://rewire.news/article/2016/05/25/anti-choice-groups-deploy-smartphone-surveillance-target-abortion-minded-women-clinic-visits/"><span><span>reportedly</span></span></a><span><span> tag and target anti-abortion ads to the phones of people inside reproductive health clinics</span></span></span></span></li> <li><span><span><span><span>Deploying online chat services, including one that appears to share intimate information about people seeking pregnancy support with a major anti-contraception, anti-abortion organisation based in the US [page 18]</span></span></span></span></li> <li><span><span><span><span>Developing smartphone apps that request vast amounts of information about people’s menstrual cycles and reproductive health while </span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span><span>reportedly</span></span></a><span><span> “sow[ing] doubt over the safety of birth control” and covertly being funded by “anti-abortion, anti-gay Catholic campaigners”</span></span></span></span></li> <li><span><span><span><span>Creating fake websites that give “</span></span><a href="https://www.irishtimes.com/news/crime-and-law/courts/high-court/hse-secures-injunction-against-allegedly-misleading-pregnancy-website-1.3795141"><span><span>the impression</span></span></a><span><span>” of offering objective counselling and information about pregnancy options</span></span></span></span></li> <li><span><span><span><span>Integrating with government operations, including providing “</span></span><a href="https://www.documentcloud.org/documents/4106150-20170304-ORR-Emails-Re-Abortion-Policies.html#document/p13/a385779"><span><span>options counselling</span></span></a><span><span>” to young pregnant migrants in the US</span></span></span></span></li> <li><span><span><span><span>Developing websites for crisis pregnancy centres that </span></span><a href="https://privacyinternational.org/long-read/3096/how-anti-abortion-activism-exploiting-data"><span><span>require</span></span></a><span><span> the centres to use guarded anti-abortion language on “5 medical pages” including about abortion and pregnancy</span></span></span></span></li> <li><span><span><span><span>Developing honey pot websites that have the potential to mislead people seeking pregnancy information, options, and services [page 40]</span></span></span></span></li> <li><span><span><span><span>Coordinating international campaigns and trainings promoting an anti-reproductive rights agenda [page 50]</span></span></span></span></li> <li><span><span><span><span>Deploying targeted ads on social media that promote scientifically dubious health information [page 58]</span></span></span></span></li> </ul><p> </p> <h3>Selected highlights from the report are available below and the full report is available <a href="https://privacyinternational.org/sites/default/files/2020-04/PI-Sexual-Repruductive-Rights-report.pdf">here</a>.</h3> <p> </p> <h2><strong>Reactions to the research</strong></h2> <h4><span><span>Spokesperson at </span>The British Pregnancy Advisory Service said:</span></h4> <blockquote> <p><span><span>“During the current pandemic, we have seen how technology can be used to expand women’s access to essential reproductive healthcare, for example through the provision of telemedical abortion services. </span></span></p> <p><span><span>However, this report shows that at the same time that we are making strides forwards, anti-choice organisations are developing new digital tactics to block women’s access to healthcare. We know that more women will be seeking information and support online because of the closure of GP surgeries and clinics, and this gives anti-choice organisations more opportunities to intercept and redirect women seeking abortion care. These groups are very adept at hiding their true aims, and they can cause real distress to women by providing misinformation and delaying their access to treatment. </span></span></p> <p><span><span>Anti-choice groups in the UK copy the tactics and tools of their counterparts overseas, particularly those in USA. Pro-choice advocates must work together on a global level to expose and advocate against this new threat to reproductive rights.”</span></span></p> </blockquote> <p> </p> <h4><span><span><span>Programme Advisor at the </span>International <strong>Planned Parenthood</strong> Federation's <span>Safe Abortion Action Fund said: </span></span></span></h4> <blockquote> <p><span><span><span>"It’s appalling, but unfortunately not surprising, to see anti-choice groups using digital technologies to spread misinformation and fear about abortion.</span></span></span></p> <p><span><span><span>Abortion is a very safe, and very common medical procedure – a quarter of all pregnancies around the world end in abortion. However, people seeking safe abortion care are regularly met with a barrage of obstacles, fuelled in part by the pervasive stigma and distortion of facts transmitted by anti-abortion groups, which has real life consequences. This false information and propaganda, whether it be from a ‘counsellor’ in a ‘crisis pregnancy centre’ in Uganda, or an advert shared on a phone in the U.S, is a deliberate attempt to target women in a vulnerable moment. These kind of interventions do not make the need for abortion services go away, they simply drive them underground, causing delays and emotional turmoil, and often driving women to unsafe providers where their health is compromised. Everybody who needs abortion care deserves to be able to do so safely, and with privacy and dignity."</span></span></span></p> </blockquote> <p> </p> <p><span><span><strong>Executive Director at Fundación Datos Protegidos, Chile said:</strong></span></span></p> <blockquote> <p><span><span>"This report makes us think to what extent patriarchal logic, dynamics, and discourses are transgressing our digital integrity and how the scarce regulation has not been able to stop this situation that seems to be happening more frequently and with a broader scope. </span></span></p> <p><span><span>It turns out to be a new and urgent challenge to tackle how digital data is used to control women's sexuality, once again. Moreover, it opens the question of whether how we have understood data treatment and its use are inclusive about problems that are not associated with data traffic itself, but instead with the discursive and political dispute about bodies through the data of people.</span></span></p> <p><span><span>Moreover, the lack of an adequate institutional framework to effectively guarantee the protection of personal data and the privacy of people in Chile makes the local panorama even more complicated within the context of international human rights obligations."</span></span></p> </blockquote> <p><span><span> </span></span></p> <p><strong><span><span><span><span><span>Senior Policy Manager at the Guttmacher Institute said:</span></span></span></span></span></strong></p> <blockquote> <p><span><span><span><span><span>“Restricting comprehensive counselling and referrals for all pregnancy options seriously jeopardises pregnant people’s health and well-being.</span></span></span> <span><span><span>This danger is exacerbated further in the case of immigrant youth in [US] government custody, as these youth are essentially forced into the course of care that the government makes available to them. That the Office of Refugee Resettlement, the agency in charge of caring for these youth, would not only restrict their reproductive decisions by funnelling them to fake women’s health centres, but also breach patient confidentiality protections, is untenable.”</span></span></span></span></span></p> </blockquote> <p> </p> <h4><span><span>Spokesperson from the Abortion Support Network said:</span></span></h4> <blockquote> <p><span><span>“The level of organisation and determination of these anti-abortion groups is terrifying. The way they are able to replicate their websites, processes, language and imagery, seeking  to intimidate, scare and delay abortion-seekers, is worrying. Unfortunately, it’s another example of the way in which anti-abortion groups are so well-funded and well-organised. We need to make sure that their misleading, misinforming and inaccurate websites are shown up for what they are.” </span></span></p> </blockquote> <p> </p> <h4><span><span><span><span>Senior Policy Advisor for Ipas said:</span></span></span></span></h4> <blockquote> <p><span><span><span><span>“Access to information and privacy are keystones to supporting the human right to health. The biased and inaccurate information circulated by FEMM, coupled with the privacy risks inherent in their app, raise major red flags for the reproductive rights community.”</span></span></span></span></p> </blockquote> <p> </p> <p><strong>Founder, Transparent Referendum Initiative in Ireland said:</strong></p> <blockquote> <p>"This paper provides a much needed call to action for privacy and reproductive rights activists to work together to address one of the most violating misuses of technology to emerge over the past decade. The report paints a picture of privacy eroding tactics deployed in order to deceive, exploit, undermine and politicise women in crisis. The use of these tactics in the battle for reproductive rights is, in my opinion, the worst case scenario for those of us concerned about the ad tech driven internet and its implication for human rights."</p> </blockquote></div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h2>A documentation of data exploitation in sexual and reproductive rights</h2> <h2><span><span><strong><span><span>Part 1:</span></span></strong></span></span><span><span><span><span> Methods of data exploitation by the opposition</span></span></span></span></h2> <blockquote> <p><span><span><em><span><span>“We believe we’re better together, and so is our data. Knowing the real-time trends of the larger life-affirming community is a crucial, yet untapped gateway to breakthrough success on the local level—until now, that is.</span></span></em></span></span></p> <p><span><span><em><span><span>Crafted by a team of professional healthcare software developers, Next Level CMS also closes a key informational gap within local centers by streamlining intake and data collection to unleash the power of woman-centered service.”</span></span></em></span></span><span><span><strong><span><span> Heartbeat International website</span></span></strong></span></span></p> </blockquote> <blockquote> <p><em><span><span><span><span><span>“[F]or the first time in human history, we have the capacity to collect and store enormous amounts of detailed personal data for our interpretation and application. Fertility charting is exactly that! And it is on the rise among women of all ages”.</span></span></span></span></span></em><span><span><strong><span><span><span> The Western Regional </span></span></span></strong><a href="https://medium.com/femtech-collective/interview-with-suzanne-spence-western-regional-director-at-teen-star-c257c2c84953"><strong><span><span>Director</span></span></strong></a><strong><span><span><span> at TeenSTAR, which works globally </span></span></span></strong><a href="https://teenstar.org/program/"><strong><span><span>to</span></span></strong></a><strong><span><span><span> “teach chastity to adolescents”.</span></span></span></strong></span></span></p> </blockquote> <p> </p> <p><span><span><span><span>Data exploitation has increased in most areas of day-to-day life – companies </span></span><a href="https://privacyinternational.org/strategic-areas/challenging-corporate-data-exploitation"><span><span>covertly</span></span></a><span><span> collect vast amounts of intimate information about people, political parties </span></span><a href="https://privacyinternational.org/taxonomy/term/618"><span><span>buy access</span></span></a><span><span> to huge data sets and micro target ads at voters, smartphone apps </span></span><a href="https://privacyinternational.org/taxonomy/term/552"><span><span>send data</span></span></a><span><span> to third parties without people being aware, and the list goes on. As this report shows, groups in opposition to reproductive rights, such as access to contraception, safe abortion care, medically accurate sexual health information, and more, are also exploiting people’s data to delay and curtail access to vital healthcare.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Tools to streamline data collection and centralisation</span></span></strong></span></span></h3> <p><span><span><span><span>Next Level Center Management Solution</span></span></span></span></p> <p><span><span><span><span>Next Level Center Management Solution is a system developed by Heartbeat International, a US-based </span></span><a href="https://www.heartbeatinternational.org/about/our-commitment"><span><span>anti-contraceptive, anti-abortion organisation</span></span></a><span><span> that runs a global affiliate network of crisis pregnancy centres.</span></span></span></span></p> <p><span><span><span><span>In 2017, Heartbeat International </span></span><a href="https://pregnancyhelpnews.com/next-level"><span><span>unveiled</span></span></a><span><span> the Next Level Center Management Solution (CMS) and began promoting it to their 700+ pregnancy centre affiliates. Heartbeat International </span></span><a href="https://www.heartbeatinternational.org/next-level-supporter"><span><span>markets</span></span></a><span><span> the software as a system that “[m]akes seamless data collection possible for pregnancy centres”. They say that it “allows information to move from the receptionist to the client, from the client to the coach or mentor, and from the mentor to the nurse’s office”, and visualise the system as data streams flowing from individual pregnancy centres to a centralised cloud.</span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%201_3.png?itok=zCpwlsij 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%201_3.png?itok=hG6WA9Xp 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%201_3.png?itok=hG6WA9Xp" alt="Source: Next Level website" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span>Source: Next Level </span></span></em><a href="https://www.nextlevelcms.com/better-together"><em><span><span>website</span></span></em></a></span></span></p> <p> </p> <p><span><span><span><span>The system appears to unify what questions people are asked when seeking a centre’s help, and to centralise the information that visitors to anti-abortion centres are asked to provide during their visit. The types of information that is collected, which is visible in a promotional video on Next Level’s website, </span></span><a href="https://www.nextlevelcms.com/"><span><span>includes</span></span></a><span><span> name, address, email address, ethnicity, marital status, living arrangement, education, income source, alcohol, cigarette, and drug intake, medications and medical history, sexual transmitted disease history, name of the referring person/organisation, pregnancy symptoms, pregnancy history, medical testing information, and eventually even ultrasound photos.</span></span></span></span></p> <p><span><span><span><span>Next Level’s privacy policy </span></span><a href="https://www.nextlevelcms.com/privacy-policy.pdf"><span><span>states</span></span></a><span><span> that the company “may share such information with Next Level affiliates, partners, vendors, or contract organizations, or as legally necessary”, and provides no further information about how people’s personal information is shared or analysed within Heartbeat’s network of 2,700 affiliate organisations and partners, or outside of this network.</span></span></span></span></p> <p><span><span><span><span>In an email to PI, Heartbeat President Jor-El Godsey said that<em> </em>“<span>All data of a personal identifying nature captured by Heartbeat International and its subsidiary programs is protected and kept confidential as a matter of our continuing </span></span></span><a href="https://www.heartbeatservices.org/about-us/commitment-of-care"><span><span><span>commitment</span></span></span></a><strong> </strong><span><span>to confidentiality in accordance with applicable laws of the U.S. and relevant nations. To improve our services and understand the changing needs of those we seek to serve Heartbeat uses only aggregated and de-identified information to formulate and analyze trends.”</span></span></span></span></p> <p><span><span><span><span>In 2018 Heartbeat </span></span><a href="https://www.heartbeatinternational.org/images/AR18.pdf"><span><span>reported</span></span></a><span><span> that its affiliates had served 1.5 million clients. Heartbeat does not appear to provide information about how and who “de-identifies” information, and at what point such de-identification occurs. To the extent that the de-identification process remains unclear, Next Level, as a part of Heartbeat International, may have access to vast amounts of identifiable information and therefore understanding how such de-identification occurs in crucial.</span></span></span></span></p> <p> </p> <p><span><span><span><span>Geo-fencing technology</span></span></span></span></p> <p><span><span><span><span>In brief, geo-fencing is the creation of a virtual boundary around an area that allows software to trigger a response or alert when a mobile phone enters or leaves an area. When a person enters a geo-fenced area or building, geo-fencing tech can allow a person’s phone to be tagged and then for targeted ads to be sent directly to a person’s phone. </span></span></span></span></p> <p><span><span><span><span>In 2016 an </span></span><a href="https://rewire.news/article/2016/05/25/anti-choice-groups-deploy-smartphone-surveillance-target-abortion-minded-women-clinic-visits/"><span><span>investigation</span></span></a><span><span> in ReWire News showed that a US marketing company was promoting technology that could send ads directly to the phones of people inside sexual and reproductive health clinics. It was </span></span><a href="https://rewire.news/article/2016/05/25/anti-choice-groups-deploy-smartphone-surveillance-target-abortion-minded-women-clinic-visits/"><span><span>reported</span></span></a><span><span> that the technology also “has the capability to hand the names and addresses of women seeking abortion care, and those who provide it, over to anti-choice groups”. </span></span></span></span></p> <p><span><span><span><span>According to </span></span><a href="https://rewire.news/article/2016/05/25/anti-choice-groups-deploy-smartphone-surveillance-target-abortion-minded-women-clinic-visits/"><span><span>Rewire News</span></span></a><span><span>, the marketing company included in a PowerPoint presentation that was sent to prospective clients a slide that said their system could reach “abortion clinics, hospitals, doctors’ offices, colleges, and high schools in the US and Canada, and then “[d]rill down to age and sex””. It went on to say, “We can gather a tremendous amount of information from the [smartphone] ID” and that “some of the break outs include: Gender, age, race, pet owners, Honda owners, online purchases, and much more”. </span></span></span></span></p> <p><span><span><span><span>In the same presentation Rewire News reported that the company said it had “already attempted to ping cell phones for RealOptions and Bethany nearly three million times, and had been able to steer thousands of women to their websites” and that the marketing company had deployed the system around reproductive health centres and methadone clinics in the US states New York, Pennsylvania, Virginia, Ohio, and Missouri. This means that those who visited those centres may have been targeted with crisis pregnancy centre or other anti-abortion ads. </span></span></span></span></p> <p><span><span><span><span>Clients of the marketing company </span></span><a href="https://rewire.news/article/2016/05/25/anti-choice-groups-deploy-smartphone-surveillance-target-abortion-minded-women-clinic-visits/"><span><span>reportedly</span></span></a><span><span> included RealOptions, a network of crisis pregnancy centres in California which has since merged with The Obria Group and Bethany Christian Services, presumably showing the opposition’s interest in and willingness to spend money to deploy such technology.</span></span></span></span></p> <p><span><span><span><span>In 2017 the Massachusetts Attorney General’s Office </span></span><a href="https://www.huntonprivacyblog.com/2017/04/13/massachusetts-ag-settles-geofencing-case/"><span><span>alleged</span></span></a><span><span> that the geo-fencing system violated the Massachusetts Consumer Protection Act, due to how it covertly tracked people and disclosed sensitive information to third-party advertisers. The company has since agreed to not use the technology at or near healthcare facilities in the US state of Massachusetts.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Website chat services</span></span></strong></span></span></h3> <p><span><span><span><span>Option Line</span></span></span></span></p> <p><span><span><span><span>Option Line is a </span></span><a href="https://optionline.org/"><span><span>website</span></span></a><span><span>, chat service, and phone number that was co-developed by the US organisations Heartbeat International and Care Net and deployed on crisis pregnancy centre websites. A 2018 Heartbeat International </span></span><a href="https://www.heartbeatinternational.org/images/AR18.pdf"><span><span>report</span></span></a><span><span> said that over 400,000 people have been served on Option Line. Option Line’s chat service appears on many Heartbeat International affiliated crisis pregnancy centre websites (for example </span></span><a href="https://www.carenetpcc.org/be-informed/abortion-information"><span><span>here</span></span></a><span><span>, </span></span><a href="https://www.apcbrevard.com/"><span><span>here</span></span></a><span><span>, </span></span><a href="https://www.aaapregnancyoptions.org/about-us/who-we-are"><span><span>here</span></span></a><span><span>).</span></span></span></span></p> <p><span><span><span><span>Prior to beginning a chat, the Option Line chat interface requires visitors to enter their name, demographic information, location information, as well as if someone is considering an abortion. Only after submitting this personal information does the chat begin. </span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%202_0.png?itok=1fM-9YOA 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%202_0.png?itok=A0NQLyb_ 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%202_0.png?itok=A0NQLyb_" alt="Example of crisis pregnancy centre website developed by Heartbeat International’s Extend Web Services, and with the Option Line chat open." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span>Example of crisis pregnancy centre website developed by Heartbeat International’s Extend Web Services, and with the Option Line chat open.</span></span></em></span></span></p> <p> </p> <p><span><span><span><span>Privacy International has seen technical documentation, which has since been removed from Extend Web Service’s website, [</span></span><a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=2&amp;ved=2ahUKEwjLtr_CvernAhWdSBUIHZNlB2QQFjABegQIChAE&amp;url=https%3A%2F%2Fextendwebservices.com%2Fcustomer%2Fdl.php%3Ftype%3Dd%26id%3D8&amp;usg=AOvVaw2KC28B-2VSFUSdOlgdp_IZ"><span><span>available here</span></span></a><span><span> – accessed February 2020] stating that Heartbeat International’s Next Level Center Management Solution provides for an “Option Line User Interface”. From the documentation, the interface seems to provide an option to create a Next Level profile when a person interacts with Option Line. </span></span></span></span></p> <p><span><span><span><span>PI wanted to understand if and how Heartbeat International obtains information about those using its services, including Option Line. The intimate nature of what could be discussed in Option Line chats and the personal information that is required to be provided prior to being able to use an Option Line chat, such as name and location information, and information about a person’s mindset, clearly shows how important it is to understand if and how the chat information is shared, including whether that is back to Heartbeat International. </span></span></span></span></p> <p><span><span><span><span>In March 2020 a Privacy International staff member began an Option Line chat on a Heartbeat International-affiliated crisis pregnancy centre operating within the EU. To seek to understand if and how the data is shared, the PI staff member subsequently sent a subject access request under the EU's data protection law - the General Data Protection Regulation (GDPR) - to the crisis pregnancy centre, as well as Extend Web Services, Heartbeat International, Option Line, and Next Level Center Management Solution - all of which are Heartbeat International business units. Subject access requests under the GDPR allow a person to ask a company or organisation for a copy of their personal data plus information about it - such as how it’s used, the source of the information and with whom it has been shared. </span></span></span></span></p> <p><span><span><span><span>Extend Web Services, Heartbeat International, and Option Line all told PI by email that they held personal data about the requesting staff member (namely their name, zip code and IP address). Although they were at pains to point out that this was recorded by a third-party system, Live Chat, Inc.</span></span></span></span></p> <p><span><span><span><span>Both the crisis pregnancy centre and Next Level Center Management Solution said that they did not hold personal data about the requestor.</span></span></span></span></p> <p><span><span><span><span>These responses seem to indicate that people using Option Line, no matter where they are physically located, are inadvertently having the information that they are required to provide prior to using the chat, sent to Heartbeat International and Extend Web Services, not to mention the third party </span></span><a href="https://www.livechat.com/"><span><span>Live Chat Inc</span></span></a><span><span>, a commercial chat bot provider used by large brands such as Ikea. </span></span></span></span></p> <p><span><span><span><span>This seems to illustrate that Heartbeat International could have vast amounts of intimate information about people seeking pregnancy support, including their names, location, and more.</span></span></span></span></p> <p> </p> <p><span><span><span><span>Other crisis pregnancy chat services</span></span></span></span></p> <p><span><span><span><span>PI’s International Network partners who worked with PI on this report documented other crisis pregnancy networks and websites that used similar chat services. The information required prior to beginning a chat varies, and at the time of writing, some of the websites provide no privacy policies.</span></span></span></span></p> <p> </p> <p><span><span><em><span><span>Embarazo Inesperado [dot] com</span></span></em></span></span></p> <p><span><span><span><span>Similar to Option Line, prior to being able to use the chat service on Embarazo Inesperado [dot] com, people are required to first provide their name, email address, phone number, and message (or sign in using your Facebook account). At the time of writing, the website does not appear to provide another way for people to make contact other than through the chat service. </span></span></span></span></p> <p><span><span><span><span>From the website, it is unclear to whom the information provided before and during a chat is sent or how it is used; the chat service uses the third-party software Zen Desk. Furthermore, according to PI’s Peruvian partner Hiperderecho, Embarazo Inesperado [dot] com does not appear to have a privacy policy available on the website at the time of writing, even when the website states “Your information is safe. Read our Privacy Notice on the website”.</span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%203_0.png?itok=nW7SxTOf 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%203_0.png?itok=5T9Hk8qO 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%203_0.png?itok=5T9Hk8qO" alt="Example 1: Screenshot from Embarazo Inesperado [dot] com using Zen Desk." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span>Screenshot from Embarazo Inesperado [dot] com using Zen Desk.</span></span></em></span></span></p> <p> </p> <h3>Data exploitation by smar phone apps</h3> <p><span><span><span><span>FEMM</span></span></span></span></p> <p><span><span><span><span>The Fertility Education and Medical Management Foundation or FEMM </span></span><a href="https://femmhealth.org/about-us/what-is-femm/"><span><span>describes</span></span></a><span><span> itself as a women’s health program that in part “teaches women to understand their bodies” and “provides accurate medical testing and treatment based on new research and medical protocols”. As a part of the system, the FEMM Foundation developed the FEMM app which requests intimate information about people’s menstrual cycles and reproductive health. The FEMM Foundation </span></span><a href="https://femmhealth.org/birth-control-can-make-feel-terrible-life-study-finds/"><span><span>advocates</span></span></a> <a href="https://femmhealth.org/birth-control-can-make-feel-terrible-life-study-finds/"><span><span>against</span></span></a><span><span><span><span> contraception and </span></span></span></span><a href="https://femmhealth.org/about-us/white-paper/"><span><span>promotes</span></span></a><span><span><span><span> the app as “</span></span></span></span><span><span>just as effective but more attractive because it does not risk unpleasant side effects [of contraception] and also empowers women to monitor their health”.</span></span></span></span></p> <p><span><span><span><span>In 2019 it was </span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span><span>revealed</span></span></a><span><span> by the Guardian that the FEMM app “is funded and led by anti-abortion, anti-gay Catholic campaigners” and “sows doubt over the safety of birth control”. According to the Guardian, FEMM is backed financially by the Chiaroscuro Foundation, which is primarily funded by Sean Fieler. Sean Fieler is a </span></span><a href="https://rewire.news/article/2014/09/23/sean-fieler-little-known-atm-fundamentalist-christian-anti-choice-movement/"><span><span>prominent</span></span></a><span><span> donor to Conservative organisations in the US.</span></span></span></span></p> <p><span><span><span><span>The Guardian reported that the FEMM app has been downloaded more than 400,000 times since its launch in 2015. The app is available in English, French, Hungarian, Portuguese, and Spanish.</span></span></span></span></p> <p><span><span><span><span>Located at the same New York City address, is the Reproductive Health Research Institute. According to a </span></span><a href="https://www.wya.net/wp-content/uploads/2019/08/WYA-Annual-Report-2018.pdf"><span><span>2018 annual report</span></span></a><span><span>, “FEMM collaborates with the Reproductive Health Research Institute in the development of medical research, protocols, and medical training”. According to the </span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span><span>Guardian</span></span></a><span><span>, medical advisors working with the Reproductive Health Research Institute are not licensed to practice medicine in the US and are tied to a Catholic university in Chile. In addition to the New York City address, the Institute lists an address in Santiago, Chile on its website.</span></span></span></span></p> <p><span><span><span><span>Also located at the same New York City address of both FEMM and the Reproductive Health Research Institute, is the World Youth Alliance. The founder of the World Youth Alliance is also listed the CEO of the FEMM Foundation. The World Youth Alliance works at the United Nations, European Union, and Organization of American States to in part advocate </span></span><a href="https://www.wya.net/wp-content/uploads/2014/04/WYA_Reproductive_Health_White_Paper.pdf"><span><span>against abortion</span></span></a><span><span> and </span></span><a href="https://www.wya.net/wp-content/uploads/2019/08/WYA-Annual-Report-2018.pdf"><span><span>promote</span></span></a><span><span> the FEMM app around the world.</span></span></span></span></p> <p><span><span><span><span>The apparently close relationship between FEMM, the Reproductive Health Research Institute, and the World Youth Alliance is concerning. The FEMM App </span></span><a href="https://femmhealth.org/privacy-policy/"><span><span>Privacy Policy</span></span></a><span><span> does little to assuage these concerns, as it states that the FEMM Health System may disclose, in a non-identifiable way, personal health information provided by users to FEMM researchers and third-party researchers. The data is said to “help FEMM researchers understand how FEMM can teach clients more effectively” and to be “used to study the effectiveness of the FEMM Health System”. Questions should be asked about how is the data collected from those using the app globally is analysed and potentially used by the Reproductive Health Research Institute, as well as how any research findings are then used by the World Youth Alliance in their international advocacy against reproductive rights.</span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>According to the </span></span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Guardian</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>, even while the app collects personal information about mood and health from users, the app does not currently aim to monetise such data or share such data with third parties. In the FEMM </span></span></span><a href="https://femmhealth.org/fact-sheet/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>privacy fact sheet</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>, the organisation declares that "FEMM never shares or sells data with third parties. FEMM is not funded by drug or big pharma companies, ensuring that we are free from commercial bias in our science and information, as well as from pressures to monetize data and information provided to us by our users".</span></span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>However, this seems to stand in contradiction to their own </span></span></span><a href="https://femmhealth.org/privacy-policy/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Privacy Policy</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span> [accessed March 2020], which states that FEMM assigns a random number to the app installed in a mobile device: "We use this random number in a manner similar to our use of Cookies as described in this Privacy Policy". In other words, they "may use Cookie information to target certain advertisements to your browser or to determine the popularity of certain content or advertisements". Moreover, they say that the random number cannot be used to identify a person "unless you choose to become a registered user of the App". However, one does not appear to be able to use the app without registering – and registering requires users to provide information including name, email, and date of birth.</span></span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%207.png?itok=ZO0SXSz7 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%207.png?itok=OgznlcCV 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%207.png?itok=OgznlcCV" alt="FEMM Terms of Use for the app downloaded in Chile – provided to PI by Paz Peña." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>FEMM Terms of Use for the app downloaded in Chile – provided to PI by </span></span></span></em><em><span><span>Paz Peña.</span></span></em></span></span></p> <p> </p> <p> </p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%208.png?itok=0DicrC0_ 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%208.png?itok=mzGubADw 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%208.png?itok=mzGubADw" alt="Some examples of data collected by the FEMM app: sexual activity, emotional status, temperature, and more – provided to PI by Paz Peña." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>Some examples of data collected by the FEMM app: sexual activity, emotional status, temperature, and more – provided to PI by </span></span></span></em><em><span><span>Paz Peña.</span></span></em></span></span></p> <p> </p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>Questions should also be raised around the ability for researchers to potentially carry out research with fertility data provided by those using an app and without being necessarily aware of how they data could be used. This becomes even more relevant if this data is used to justify an agenda against reproductive rights.</span></span></span></span></span></p> <p><span><span><span><span>In response to this research, the Senior Policy Advisor for Ipas, an international women's reproductive health and rights organisation said, “Access to information and privacy are keystones to supporting the human right to health. The biased and inaccurate information circulated by FEMM, coupled with the privacy risks inherent in their app, raise major red flags for the reproductive rights community.”</span></span></span></span></p> <p> </p> <p><span><span><span><span>uCampaign</span></span></span></span></p> <p><span><span><span><span>Data collection and data sharing by political parties and political actors has come under </span></span><a href="https://privacyinternational.org/node/3244"><span><span>intense criticism</span></span></a><span><span> and scrutiny over the past years. Social media platforms such as Facebook and Twitter have come under </span></span><a href="https://privacyinternational.org/node/3244"><span><span>particular</span></span></a><span><span> fire for allowing political campaigns to send targeted messages to voters with no meaningful transparency and accountability. </span></span></span></span></p> <p><span><span><span><span>In addition to buying ads on social media, political parties, political actors, and campaign groups are also </span></span><a href="https://www.businessinsider.com/trump-campaign-launching-smartphone-app-mobilize-army-trump-election-2019-9?r=US&amp;IR=T"><span><span>developing</span></span></a><span><span> campaign apps to rally supporters and grassroots activists.</span></span></span></span></p> <p><span><span><span><span>In 2018, Ireland held a referendum to decide whether to repeal the eighth amendment of the Irish Constitution, which made abortion care illegal. Two major campaigns against repealing were the Save the 8th campaign and the LoveBoth Project. Both groups used smart phone apps to mobilise supporters. It has been </span></span><a href="https://www.buzzfeed.com/laurasilver/ireland-anti-abortion-campaigns-apps-privacy-nra"><span><span>reported</span></span></a><span><span> that the apps for both campaigns were developed by the US-based, internationally working company uCampaign. It was further </span></span><a href="https://www.buzzfeed.com/laurasilver/ireland-anti-abortion-campaigns-apps-privacy-nra"><span><span>reported</span></span></a><span><span> that, according to its privacy policy, uCampaign reserved the right to share data “with other organizations, groups, causes, campaigns, political organizations, and [their] clients that [they] believe have similar viewpoints, principles or objectives as [them]”. Other clients of uCampaign </span></span><a href="https://ucampaignapp.com/"><span><span>include</span></span></a><span><span> the Trump 2016 presidential campaign, the US Republican National Committee, the major US anti-abortion group Susan B. Anthony List, and the UK Vote Leave campaign. Sean Fieler, who the Guardian </span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span><span>reported</span></span></a><span><span> as financially supporting FEMM, also </span></span><a href="https://www.nytimes.com/2018/10/20/technology/politics-apps-conservative-republican.html?auth=login-email&amp;login=email"><span><span>reported</span></span></a><span><span><span><span>ly</span></span></span></span><span><span> provided seed funding for uCampaign. </span></span></span></span></p> <p><span><span><span><span>That uCampaign’s privacy policy enables it to share personal information with groups with similar viewpoints, principles, or objectives may result in people’s personal information, such as their names, email, addresses, phone numbers, location information, images, and more, being shared and swapped with an untold number of people. Users wouldn’t necessarily be aware that such sharing was happening, and therefore be unable to prevent it. </span></span></span></span></p> <p><span><span><span><span>This demonstrates how users can be left in the dark about how apps, set up ostensibly for one purpose, can be in reality set up to maximise how much data is collected about those using the apps, and exploiting that information in ways people could never imagine.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Fake websites</span></span></strong></span></span></h3> <p><span><span><span><span><span>Fake Irish Health Services website</span></span></span></span></span></p> <p><span><span><span><span>Following the enactment of the Health (Termination of Pregnancy) Act, the Irish Health Services Executive (HSE) announced it was launching a website to provide people with the full range of unintended</span></span> <span><span><span>pregnancy options and information, including about abortion. Shortly after the website was announced, a </span></span></span><a href="https://www.irishtimes.com/news/crime-and-law/courts/high-court/hse-secures-injunction-against-allegedly-misleading-pregnancy-website-1.3795141"><span><span>website</span></span></a><span><span><span> with very similar URL went online, which attempted to misdirect people that were seeking advice and care away from the real HSE website. </span></span></span></span></span></p> <p><span><span><span><span><span>It was </span></span></span><a href="https://www.irishtimes.com/news/crime-and-law/courts/high-court/hse-secures-injunction-against-allegedly-misleading-pregnancy-website-1.3795141"><span><span>reported</span></span></a><span><span><span> that the fake website gave “</span></span></span><span><span>the impression… [of] offering services in connection with the HSE [Irish Health Services], or that objective counselling and information services are being provided”.<span> The fake website reportedly listed a phone number to call and promised a free ultrasound. </span></span></span></span></span></p> <p><span><span><span><span>The Irish Family Planning Association told PI by email that "the HSE claimed (correctly) in court that the fake website was “<span><span>inappropriately offering pregnancy scans, is trying to convince women not to go ahead with abortions, or berating those who have chosen to undergo a termination"; this kind of harassment of people as they tried to access healthcare was distressing, unethical and may well have delayed some pregnant women or girls and forced them to leave the state to access abortion care, with all the distress and financial burden that entailed."</span></span></span></span></span></span></p> <p><span><span><span><span>The HSE </span></span><a href="https://www.irishtimes.com/news/crime-and-law/courts/high-court/hse-secures-injunction-against-allegedly-misleading-pregnancy-website-1.3795141"><span><span>issued</span></span></a><span><span> court proceedings against the man behind the fake website and a temporary injunction was issued against him in February 2019. This was made permanent in May 2019.</span></span></span></span></p> <p><span><span><span><span><span>However, it remains unknown how many people needing help called the phone number on the fake website, which was reportedly the phone number of the man that set up the fake site. It’s also unclear how many people provided information about themselves to the man or obtained an ultrasound from him, or the effect of realising that the man was not from the Irish Health Services Executive had on those who sought help from the website. It is further unclear how many people were forced to travel to the UK after being delayed from accessing abortion care in Ireland due to the actions of the person behind the fake website.</span></span></span></span></span></p> <p> </p> <h2><span><span><span><span>Part 2: Methods of data sharing by the opposition</span></span></span></span></h2> <blockquote> <p><span><span><em><span><span><span>“At the most extreme end - we know that anti-abortion organisations in Malta shared abortion-seekers’ data with each other and with anti-abortion organisations in Ireland who then contacted the client pretending to be the British Pregnancy Resource Centre in the UK.”</span></span></span></em></span></span><span><span><strong><span><span><span> Abortion Support Network, in an interview with Privacy International</span></span></span></strong></span></span></p> </blockquote> <p><span><span><span><span>In addition to the above methods of data collection, covert data sharing is equally problematic. People seeking reproductive health information and services have the </span></span><a href="https://www.who.int/genomics/public/patientrights/en/"><span><span>right</span></span></a><span><span> to have their information kept confidential and private. However, as outlined below, there are numerous examples of both formal and informal data sharing, some of which have resulted in either delaying or denying care, effectively interfering with people’s reproductive rights.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Government collaboration with the opposition</span></span></strong></span></span></h3> <p><span><span><span><span>The role of national governments in the provision of reproductive healthcare varies greatly between countries. Below are some examples that demonstrate the apparent closeness of some governments to opposition groups.</span></span></span></span></p> <p> </p> <p><span><span><span><span>Data exploitative initiatives</span></span></span></span></p> <p><span><span><em><span><span>National Ministry of Health and Social Development Hotline – Argentina</span></span></em></span></span></p> <p><span><span><span><span>According to the Argentine paper </span></span><a href="https://www.pagina12.com.ar/179065-el-cuento-de-la-criada-es-oficial"><span><span>Pagina12</span></span></a><span><span>, in early 2019, the National Ministry of Health and Social Development in Argentina and the National Network of support for women with vulnerable pregnancies - a national network of opposition organisations - signed an agreement to create a 0-800 hotline to “facilitate the promotion” of the Network throughout the country. </span></span></span></span></p> <p><span><span><span><span>The agreement, which has since been taken offline, was </span></span><a href="https://www.pagina12.com.ar/179065-el-cuento-de-la-criada-es-oficial"><span><span>reportedly</span></span></a><span><span> going to create a 0-800 number to communicate with more than 100 centres for “the referral of cases that require accompaniment of pregnant women in vulnerable conditions”. This centre was to be led by members of different churches throughout the country “that will take on this challenge of providing mothers with the necessary elements for care of their babies, in addition to providing accompaniment and support”. </span></span></span></span></p> <p><span><span><span><span>The Ministry eventually decided not to move forward with the hotline due to the project being out of step with the Plan ENIA (National Plan against unintentional pregnancy in adolescence) which says that these types of hotlines must inform pregnant people about the right to abortion.</span></span> </span></span></p> <p> </p> <p><span><span><em><span><span>Large-scale identity programmes – India</span></span></em></span></span></p> <p><span><span><span><span>According to PI International Network partner Center for Internet and Society (CIS) in India, who worked on this report with PI, hospitals in India are asking those seeking reproductive healthcare to present their Aadhaar cards (centralised biometric identification) in order to receive such care. Further, according to CIS, any person hoping to take part in maternal health welfare programmes must present their Aadhaar cards at public hospitals. CIS told PI that without any official government notices, many public hospitals are demanding Aadhaar cards before allowing women to access of reproductive health procedures. In a </span></span><a href="https://in.boell.org/sites/default/files/digital_india_through_a_gender_lens.pdf"><span><span>notable case in 2017</span></span></a><span><span>, a Chandigarh hospital reportedly refused to provide services to a patient who did not have an Aadhaar card.</span></span></span></span></p> <p><span><span><span><span>This has led to the denial of essential services and fundamental rights to those who have not been able to enrol themselves in the Aadhaar database, and in the case of benefits, opened a bank account and seeded it with the Aadhaar. </span></span></span></span></p> <p><span><span><span><span>According to CIS, not only does this actively restrict some people from accessing services, but it collects data on those seeking reproductive health care services which is then centralised and shared among associated parties. Associated parties include anyone who has access to an individual’s Aadhaar number and can request information through the Unique Identification Authority of India (UIDAI). According to CIS, this </span></span><a href="https://qz.com/india/1570568/is-indias-aadhaar-data-only-for-telcos-banks-or-also-fintechs/"><span><span>includes</span></span></a><span><span> most government bodies and since 2019, banks, telecoms, and more. </span></span></span></span></p> <p><span><span><span><span>Data leaks are also common in this digital system. For example, in April 2019, a government agency </span></span><a href="https://qz.com/india/1586748/data-leaks-and-cybersecurity-should-be-an-election-issue-in-india/"><span><span>data breach</span></span></a><span><span> made the health records of 12.5 million pregnant women available online. CIS told PI that the surveillance brought on by the Aadhaar is unprecedented as it collects data from birth to death, documenting every interaction citizens have with the state in a centralised database that is also linked to the biometrics of citizens. </span></span></span></span></p> <p><span><span><span><span>Furthermore, according to CIS, the Indian Health Management Information System and the national Mother and Child Tracking System both collect data on maternal health in the ante-natal and postnatal periods. CIS told PI that in 2016 the minister for Women and Child Development </span></span><a href="https://www.epw.in/engage/article/data-infrastructures-inequities-why-does-reproductive-health-surveillance-india-need-urgent-attention"><span><span>proposed</span></span></a><span><span> mandatorily linking such reproductive services with the Aadhaar card for further data linking and centralisation, and for the provision of benefits schemes. Compounding data collection in this way, while having </span></span><a href="https://privacyinternational.org/advocacy/2324/privacy-internationals-comments-india-personal-data-protection-bill-2018"><span><span>meagre</span></span></a><span><span> data protection infrastructure in place, puts the confidentiality and privacy of those seeking reproductive healthcare in jeopardy. This is especially dangerous for those who already face barriers to access (i.e. young, unmarried, from rural regions, migrants etc). </span></span></span></span></p> <p><br /><span><span><span><span>Data sharing between crisis pregnancy centres and immigration authorities</span></span></span></span></p> <p><span><span><span><span>In 2017 it was </span></span><a href="https://www.documentcloud.org/documents/4106150-20170304-ORR-Emails-Re-Abortion-Policies.html#document/p13/a385779"><span><span>revealed</span></span></a><span><span> that the US Office of Refugee Resettlement, which is responsible for the care of unaccompanied migrant children in the US, was sending pregnant migrants seeking abortion care to “options” counselling sessions at crisis pregnancy centres. It was further </span></span><a href="https://www.revealnews.org/article/federal-agency-refers-girls-to-counselors-picked-by-anti-abortion-group/"><span><span>reported</span></span></a><span><span> that the Office of Refugee Resettlement had an internal list of approved crisis pregnancy centres to which the pregnant people could be sent for the counselling sessions, and that the list was developed by Heartbeat International. It was </span></span><a href="https://www.revealnews.org/article/federal-agency-refers-girls-to-counselors-picked-by-anti-abortion-group/"><span><span>reported</span></span></a><span><span> that all 60 approved centres appear in Heartbeat International’s database of like-minded pregnancy centres and all but eight are “affiliates” of the organisation. Heartbeat International and its affiliates do not refer for or provide abortion care and they do not promote the use of contraceptives.</span></span></span></span></p> <p><span><span><span><span>It remains unclear what, if any, data sharing agreements are in place to ensure that pregnant migrant’s privacy is upheld and their information kept confidential. However, from published internal Office of Refugee Resettlement </span></span><a href="https://www.documentcloud.org/documents/4106150-20170304-ORR-Emails-Re-Abortion-Policies.html#document/p13/a385779"><span><span>emails</span></span></a><span><span>, it appears that information is potentially being shared between crisis pregnancy centres and the Office of Refugee Resettlement. The emails show that the former head of the Office directed staff to send one pregnant migrant who was seeking an abortion to a crisis pregnancy centre for an ultrasound and “options counselling”. He said that once the Office knew the gestational age, “that will be material, as it may already be too late to legally obtain an abortion”, appearing to demonstrate that information obtained by crisis pregnancy centres working with the Office Refugee Resettlement is shared back with the Office. This could potentially include intimate information disclosed during the “options” counselling sessions.</span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%209.png?itok=VeXH2rkM 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%209.png?itok=u15FDBU5 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%209.png?itok=u15FDBU5" alt="Screenshot of an internal email from the former Director of the Office of Refugee Resettlement directing staff to send a pregnant migrant to the crisis pregnancy centre CPC Phoenix (now Choices)." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span>Screenshot of an internal </span></span></em><a href="https://www.documentcloud.org/documents/4106150-20170304-ORR-Emails-Re-Abortion-Policies.html#document/p13/a385779"><em><span><span>email</span></span></em></a><em><span><span> from the former Director of the Office of Refugee Resettlement directing staff to send a pregnant migrant to the crisis pregnancy centre CPC Phoenix (now Choices).</span></span></em></span></span></p> <p> </p> <p><span><span><span><span><span>When asked by PI about this, the Guttmacher Institute’s Senior Policy Manager said “Restricting comprehensive counselling and referrals for all pregnancy options seriously jeopardises pregnant people’s health and well-being.</span></span></span> <span><span><span>This danger is exacerbated further in the case of immigrant youth in [US] government custody, as these youth are essentially forced into the course of care that the government makes available to them. That the Office of Refugee Resettlement, the agency in charge of caring for these youth, would not only restrict their reproductive decisions by funnelling them to fake women’s health centres, but also breach patient confidentiality protections, is untenable.”</span></span></span></span></span></p> <p> </p> <p><span><span><span><span>Period tracking by governments and state institutions</span></span></span></span></p> <p><span><span><span><span>In the US, the Director of the Missouri Department of Health and Senior Services was </span></span><a href="https://www.kansascity.com/news/politics-government/article236773058.html"><span><span>found</span></span></a><span><span> to have created a spreadsheet tracking the menstrual cycles of patients to the state’s only abortion clinic. The spreadsheet was reportedly made at the male Director’s request to “help identify patients who had undergone failed abortions”. The spreadsheet was </span></span><a href="https://www.kansascity.com/news/politics-government/article236773058.html"><span><span>reportedly</span></span></a><span><span> based on medical records that were available during the state’s annual inspection of the abortion clinic, and included medical identification numbers, dates of medical procedures, and the gestational ages of fetuses – the health department then </span></span><a href="https://www.kansascity.com/news/politics-government/article236773058.html"><span><span>reportedly</span></span></a><span><span> calculated the date of the last menstrual period of each patients and included that within the spreadsheet. It was </span></span><a href="https://www.kansascity.com/news/politics-government/article236773058.html"><span><span>reported</span></span></a><span><span> that the spreadsheet was emailed between health department employees “with the title “Director’s Request”” and “the subject line.. was “Duplicate ITOPs with last normal menses date”.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Informal data sharing among the opposition</span></span></strong></span></span></h3> <p><span><span><span><span><span>Informal data sharing between like-minded groups is also happening. For example in 2019, the Abortion Support Network, the British Pregnancy Advisory Service, and Voice for Choice Malta issued a </span></span></span><a href="https://www.asn.org.uk/news-and-events/press-release-charities-warn-that-anti-choice-groups-in-malta-are-targeting-women-with-lies-and-misinformation-to-prevent-them-accessing-legal-abortion-care-overseas/"><span><span>press release</span></span></a><span><span><span> that warned that opposition groups in Malta, where abortion is illegal, had shared the contact details of people seeking abortion care with an opposition group in Ireland. The Abortion Support Network told PI that this led to people seeking abortion care to be contacted by an Irish person pretending to be from a legitimate abortion provider in the UK and being sent abusive text messages and being visited at their home addresses. </span></span></span></span></span></p> <p> </p> <h2>Part 3: <span><span><span><span>Methods of spreading misleading health</span></span><span><span> information online</span></span></span></span></h2> <blockquote> <p><span><span><em><span><span>“Of 64 reviewed websites…58% of sites did not provide notice that Pregnancy Resource Centers do not provide or refer for abortion, and 53% included false or misleading statements regarding the need to make a decision about abortion or links between abortion and mental health problems or breast cancer…Most sites (89%) did not provide notice that Pregnancy Resource Centers do not provide or refer for contraceptives. Two sites (3%) advertised unproven “abortion reversal” services.”</span></span></em></span></span><strong><span><span><a href="https://www.whijournal.com/article/S1049-3867(17)30331-6/fulltext"><span><span> </span></span><span><span>Sexual and Reproductive Health Services and Related Health Information on Pregnancy Resource Center Websites: A Statewide Content Analysis</span></span></a></span></span></strong></p> </blockquote> <blockquote> <p><span><span><em><span><span><span>“Tactics are often presumed to be attempts to convince women that abortion is bad and harmful, and that they should change their minds e.g. telling them abortion causes depression, infertility or breast cancer, that they will regret their decision, and showing misleading photos and videos, offering support when the child is born and presenting adoption as a viable alternative. Obviously, this does happen, but much of the time the primary tactics used are to delay women from accessing care by misleading them.” </span></span></span></em></span></span><strong><span><span><span><span>Abortion Support Network, in an interview with Privacy International</span></span></span></span></strong></p> </blockquote> <blockquote> <p><span><span><em><span><span>“We are experts at making sure your website is attracting the abortion-minded client and representing your center in a way that will make your clients feel comfortable with the service they will receive.”</span></span></em><span><span> <em>The company says it develops websites that attract “</em></span></span><a href="https://extendwebservices.com/about"><em><span><span>abortion-minded</span></span></em></a><em><span><span>” people, make them “</span></span></em><a href="https://extendwebservices.com/about"><em><span><span>feel comfortable</span></span></em></a><em><span><span>”, and “</span></span></em><a href="https://extendwebservices.com/services/websites"><em><span><span>effectively reach women in crisis online</span></span></em></a><em><span><span>”. </span></span></em></span></span><strong><span><span><span><span>From the about us </span></span><a href="https://extendwebservices.com/about"><span><span>page</span></span></a><span><span> on Extend Web Service’s website – Heartbeat International’s website design company</span></span></span></span></strong></p> </blockquote> <p> </p> <p><span><span><span><span>A well-known tactic of opposition groups is to spread and promote misleading health information. A relatively new component of how such information is spread, is through social media ad targeting systems, through which opposition groups can target misleading health information even more precisely and rapidly. There are now companies that assist opposition groups to quickly develop a web presence, and help them reach and effectively communicate to those seeking information and services, without making the limitations of their services immediately apparent.</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Coordinated use of misleading health information online</span></span></strong></span></span></h3> <p><span><span><span><span><span>Extend Web Services</span></span></span></span></span></p> <p><span><span><span><span><span>Extend Web Services is a web design company set up and run by Heartbeat International to develop websites for crisis pregnancy centres and other related organisations. </span></span></span></span></span></p> <p><span><span><span><span>Heartbeat International </span></span><a href="https://privacyinternational.org/long-read/3096/how-anti-abortion-activism-exploiting-data"><span><span>requires</span></span></a><span><span> clients of Extend Web Services to use Heartbeat-provided language on “5 medical pages”. An Extend representative </span></span><a href="https://privacyinternational.org/long-read/3096/how-anti-abortion-activism-exploiting-data"><span><span>told</span></span></a><span><span> PI that Heartbeat International restricts the ability for their clients to change the language used on “<span>5 medical pages</span>” which are “provided and managed by Extend Web Services/Heartbeat International”. These pages, the representative told PI, include: “<span>Abortion Information/Education”, “Abortion Recovery”, “Sexual Health”, “Pregnancy”, and “Emergency Contraception</span>”. The representative further told PI “<span>All other pages of the website are able to be fully customized by the client in terms of content, imagery, etc. They are able to request one of the 5 pages listed above to be completely removed from the site if they don't like the content. They can provide their own content to fully replace one of those pages as well - they just aren't allowed to edit the content on those pages that we provided.”</span></span></span></span></span></p> <p><span><span><span><span>The content on the “5 medical pages” is guardedly anti-abortion and misleading. For example, the “Abortion Information/Education” page says “Even though pregnancy tests are generally accurate, it can also be a good idea to get an ultrasound. This can tell you if your pregnancy is viable”. This language reflects the opposition’s </span></span><a href="https://www.theguardian.com/us-news/2019/dec/09/supreme-court-kentucky-abortion-law-doctors-ultrasound"><span><span>desire</span></span></a><span><span> to require those seeking an abortion to first obtain an ultrasound. It also misleadingly conflates confirming pregnancy viability with obtaining an ultrasound, while the person conducting the ultrasound </span></span><a href="https://www.thedailybeast.com/the-fake-abortion-clinics-outadvertising-the-real-ones"><span><span>may not be trained</span></span></a><span><span> to read an ultrasound.</span></span></span></span></p> <p><span><span><span><span>In response to this research, the Abortion Support Network told PI “We know that our clients regularly seek information online before they find us, or actual, reputable providers of care. We know that they find websites, like those provided by Extend Web Services and Heartbeat International, because we hear about the inaccurate, dangerous misinformation they’ve found online. Reading websites like these can make women and pregnant people nervous about seeking the care they want, and we hear from clients who ask us “Am I going to hell because I’m having an abortion?” – it’s those clients who are impacted by websites like these.”</span></span></span></span></p> <p><span><span><span><span>In response to the research, Dr. Andrea Swartzendruber, who is principal investigator for multiple studies investigating crisis pregnancy centres in the US state of Georgia, and is an assistant professor in the Department of Epidemiology and Biostatistics at the University of Georgia College of Public Health said, “This information is new to me but helps explain why some of the exact same information is found on many CPC websites. My research shows that much of the health information included on CPC websites is uncited and many of the citations that are provided are broken links or do not reference scientific evidence or organizations. In the United States, we found that CPCs commonly misstate that ultrasound technology can predict miscarriage. Advocacy groups have reported instances that suggest that CPC staff conducting ultrasounds are untrained and CPCs are typically staffed by volunteers and lay people. However, to my knowledge, the qualifications and clinical licensures of CPC staff has not been systematically studied or reported.”</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Honey pot websites</span></span></strong></span></span></h3> <p><span><span><span><span>A well-known tactic of the opposition and is to set up friendly-looking websites, such as the Extend Web Services templates, to intercept people seeking reproductive health information and services. We’ve included a handful of examples below.</span></span></span></span></p> <p> </p> <p><span><span><span><span><span>Help Centres for Women (“CAMs”) in Latin America</span></span></span></span></span></p> <p><span><span><span><span>A recent </span></span><a href="https://www.opendemocracy.net/en/5050/revealed-us-linked-anti-abortion-centres-lie-and-scare-women-across-latin-america/"><span><span>report</span></span></a><span><span> from Open Democracy documented the experiences of people seeking pregnancy support, options, and services from Heartbeat International-affiliated crisis pregnancy centres. In one instance, an Open Democracy researcher visited two CAM pages promoting services in Mexico: a freestanding website, and a Facebook page associated to a CAM. The researcher then contacted these two organisations to arrange a meeting. Open Democracy </span></span><a href="https://www.opendemocracy.net/en/5050/revealed-us-linked-anti-abortion-centres-lie-and-scare-women-across-latin-america/"><span><span>reported</span></span></a><span><span> that representatives from the organisations asked the person about her pregnancy, about her reasons for wanting to obtain an abortion, about the “father”, and gave her false information on bleeding. </span></span></span></span></p> <p><span><span><span><span><span>For example, working with Privacy International, the Argentina-based organisation Equipo Latinoamericano de Justicia y Género (ELA), researched CAMs work in the country.</span></span></span></span></span></p> <p> </p> <p><span><span><em><span><span><span>CAMs Latinoamerica </span></span></span></em></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2010.png?itok=ssSSsLvX 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2010.png?itok=3Cw2J7M4 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2010.png?itok=3Cw2J7M4" alt="10" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><span>This above screenshot is of the homepage of the website of CAMs Latinoamerica. According to ELA, they describe themselves as “The Latin American network of Aid Centres for Women is a non-profit network, committed to defending human life from the moment of conception until natural death, in accordance with the Magisterium of the Roman and Apostolic Catholic Church.” </span></span></span></span></p> <p><span><span><span><span>As the above screenshot shows, the website (the turquoise square at the far left) says that “The Help Centre for Women (CAM), seeks to help pregnant women who have decided to abort, to freely choose to accept their motherhood, in order to protect and preserve their dignity, achieving impact on their family and their familiar surroundings.”- The second square says: “We work in unity with the Aid Centres for Women, in order to save lives from abortion throughout Latin America; all through the exchange of experiences and information, to consolidate the growth of the Culture of Life.”<br /><br /> Even though the website mentions that they have offices in 19 countries, the only direct contact information they offer is from Mexico. ELA told PI that the site appears to provide contact information for the centres outside of Mexico when a person contacts them via the chat service. </span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2011.png?itok=VeR5ACkX 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2011.png?itok=F0jROuoo 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2011.png?itok=F0jROuoo" alt="11" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><span>According to ELA, the website also has a “</span></span><a href="http://camslatinoamerica.com/estadisticas.html"><span><span>statistics</span></span></a><span><span>” section which contains stats about how the centres are being used in different Latin American countries. According to ELA, the information is from 2018 and shows what sort of information about people seeking care is being collected by the centre.</span></span> <span><span>The </span></span><a href="http://camslatinoamerica.com/estadisticas.html"><span><span>page</span></span></a><span><span> details the number of women attending different Latin American CAMs, the ages of the women, marital status, gestation status, and reason for seeking an abortion. </span></span></span></span></p> <p><span><span><span><span>Individual CAM websites may also present information in ways that may induce the person seeking care to believe that the centre offers access to specific contraception, and that they are qualified to provide medical advice in relation to its use. </span></span></span></span></p> <p><span><span><span><span>For example, the below screenshot is of a </span></span><a href="http://centrodeasistenciaalamujer.com/component/content/category/17-cytotec.html"><span><span>website</span></span></a><span><span> from a CAM centre in Quito, Ecuador in which they offer information regarding Cytotec (the commercial name for misoprostol) and a phone number to call to discuss its use and effects. However, abortion is </span></span><a href="https://www.theguardian.com/global-development/2019/sep/18/clashes-erupt-after-ecuador-fails-to-decriminalize-abortion-for-victims"><span><span>illegal</span></span></a><span><span> in Ecuador except in cases where the life of the pregnant person is in danger or if the pregnancy is the result of the rape of a person with mental disabilities, meaning that it is unlikely that this organisation provides medically accurate information about the medication’s use.</span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2012.png?itok=7DjzFO1Z 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2012.png?itok=iJpKcrXr 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2012.png?itok=iJpKcrXr" alt="On this website they mention that women will be treated by “personnel highly trained”. " typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><span>On this </span></span><a href="http://centrodeasistenciaalamujer.com/component/content/category/17-cytotec.html"><span><span>website</span></span></a><span><span> they mention that women will be treated by “personnel highly trained”. </span></span></span></span></p> <p> </p> <p><span><span><em><span><span><span>Embarazo Inesperado CAM – Chile</span></span></span></em></span></span></p> <p><span><span><span><span><span>Another example of CAM websites in Latin America comes from Chile, where </span></span></span><span><span>Paz Peña,<em> </em></span></span><span><span><span>who worked with PI on this research, focused on the national Embarazo Inesperado</span></span></span><span><span> CAM website. The website has a phone number, webchat, and promotes its services on Facebook and Instagram. </span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2016.png?itok=7W-4Cr_6 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2016.png?itok=ENf1sHsW 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2016.png?itok=ENf1sHsW" alt="Chilean version of Embarazo Inesperado’s website" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span>Chilean version of </span></span></em><em><span><span><span>Embarazo Inesperado’s website</span></span></span></em></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2019.png?itok=0WKpxkAv 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2019.png?itok=2uWCv86O 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2019.png?itok=2uWCv86O" alt="Embarazo Inesperado – Chile Instagram page" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span><span>Embarazo Inesperado – Chile Instagram page</span></span></span></em></span></span></p> <p> </p> <p><span><span><span><span><span>Despite the CAMs social media presence and modern website, there is markedly little information available about who is behind </span></span></span><span><span><span>Embarazo Inesperado in Chile. </span></span></span><span><span><span>According to Paz,</span></span></span><span><span> the Chilean</span></span><em> </em><span><span><span>Embarazo Inesperado<em> </em></span></span></span><span><span>domain name (.cl) was purchased by a Chilean marketing company. Among the marketing company’s clients are two opposition groups: ISFEM and Red por la Vida y la Familia. Despite being distinct organisations, there are links between them. For example, ISFEM’s vice-president is also the coordinator for Red por la Vida y la Familia; and ISFEM is a member organisation of the Red por la Vida y la Familia network. </span></span></span></span></p> <p><span><span><span><span>While details remain scarce, given the domain was registered by a marketing company working with like-minded opposition groups, questions can be raised about these groups’ relationship with </span></span><span><span><span>Embarazo Inesperado.</span></span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2020.png?itok=pvAOXPZh 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2020.png?itok=2O61GFNv 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2020.png?itok=2O61GFNv" alt="Screenshot apparently showing that the Chilean Embarazo Inesperado domain was registered by the marketing company ETZ En Tus Zapatos SPA was provided to PI by Paz Peña." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span><span>Screenshot</span></span></span></em><em><span><span> apparently showing that the Chilean </span></span></em><em><span><span><span>Embarazo Inesperado domain was registered by the marketing company ETZ En Tus Zapatos SPA was provided to PI by </span></span></span></em><em><span><span>Paz Peña.</span></span></em></span></span></p> <p> </p> <p> </p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2021.png?itok=EKbI6mAm 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2021.png?itok=oiOcT0OL 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2021.png?itok=oiOcT0OL" alt="This screenshot apparently shows other clients of the marketing company ETZ En Tus Zapatos SPA. Screenshot provided to PI by Paz Peña." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span><span>This</span></span></span></em><em><span><span> screenshot apparently shows other clients of</span></span></em><em><span><span><span> the marketing company ETZ En Tus Zapatos SPA. Screenshot provided to PI by </span></span></span></em><em><span><span>Paz Peña.</span></span></em></span></span></p> <p> </p> <p><span><span><span><span>PI International Network partner Hiperderecho, who worked with PI on this report, spoke with the Peruvian organisation Serena Morena about their thoughts on such honey pot websites. They said: “</span></span></span>If you are looking for a safe abortion on a social media, [conservative groups] will contact you and tell you “visit us at this address!”. We have heard stories of women who go to these places, thinking they will receive information on how to get a safe abortion, but as soon as they arrive, they are shown graphic videos and are given presentations with misinformation that aim to dissuade them from aborting. [At this point] these groups already have collected their personal data. We know that in Ecuador they have even used personal data to intimidate these women</span><span>".<span><span><span> </span></span><a href="https://www.serenamorenaperu.com/"><span><span>Serena Morena</span></span></a><span><span> is self-described as “A network of women volunteers who accompany women in abortion situations. We do this because in Peru women who decide to abort - even in cases of rape! - are criminalised.”</span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span><span>International trainings and campaigning</span></span></span></strong></span></span></h3> <p><span><span><span><span><span>International trainings are another way that international opposition organisations can disseminate talking points, develop campaign ideas, and train international partners on a variety of topics.</span></span></span></span></span></p> <p> </p> <p><span><span><span><span>CitizenGo</span></span></span></span></p> <p><span><span><span><span>CitizenGO is an international ultraconservative online campaign and advocacy platform headquartered in Spain. It promotes petitions against same sex marriage, abortion, transgender rights, and more, and </span></span><a href="https://www.actuall.com/criterio/democracia/population-research-institute-y-citizengo-en-la-innovacion-de-la-participacion-ciudadana/"><span><span>reportedly</span></span></a><span><span> has over 10 million active members. CitizenGO’s executive director has </span></span><a href="https://www.europapress.es/epsocial/punto-critico/noticia-citizengo-cambiando-mundo-forma-efectiva-alvaro-zulueta-director-ejecutivo-citizengo-20140128113750.html"><span><span>said</span></span></a><span><span> that the organisation</span></span><span><span><span> “provide[s] a complete technological tool, easy, comfortable, and effective, free of charge, so that organisations can dedicate their resources - without distracting them from tools outside their "core" - to more effectively fulfil their mission."</span></span></span>  </span></span></p> <p><span><span><span><span><span>According to the independent consultant </span></span></span><span><span>Paz Peña, who worked on this report with Privacy International, </span></span><span><span><span>CitizenGO has several petitions locally in Chile. For example, </span></span></span><a href="https://www.citizengo.org/es-cl/fm/171446-van-por-tus-hijos"><span><span>one petition</span></span></a><span><span><span> said that the Chilean State was aiming to control the "soul of our children" because Congress was discussing the constitutional rank of the principle of progressive autonomy of children and adolescents. Another online </span></span></span><a href="https://www.citizengo.org/es/160081-dejen-fuera-menores-ley-identidad-genero"><span><span>petition</span></span></a><span><span><span> was from the campaign #ConMisHijosNoTeMetas and raised several myths on the gender identity bill that were </span></span></span><a href="https://www.biobiochile.cl/noticias/nacional/chile/2017/07/18/mito-y-realidad-cuales-son-las-implicancias-del-proyecto-de-ley-de-identidad-de-genero.shtml"><span><span>clarified</span></span></a><span><span><span> by specialists in media.</span></span></span></span></span></p> <p><span><span><span><span><span>The Population Research Institute and CitizenGO have worked together on campaigns as well. It was </span></span></span><a href="https://www.actuall.com/criterio/democracia/population-research-institute-y-citizengo-en-la-innovacion-de-la-participacion-ciudadana/"><span><span>reported</span></span></a><span><span><span> that the Institute routinely collaborates with CitizenGO and that the Population Research Institute is training CitizenGO staff in the use of political strategy tools and communications. The Institute’s division responsible for “developing tools for political participation” </span></span></span><a href="https://www.actuall.com/criterio/democracia/population-research-institute-y-citizengo-en-la-innovacion-de-la-participacion-ciudadana/"><span><span>reportedly</span></span></a><span><span><span> presented its work at CitizenGO’s Summer School in 2018. It was </span></span></span><a href="https://www.actuall.com/criterio/democracia/population-research-institute-y-citizengo-en-la-innovacion-de-la-participacion-ciudadana/"><span><span>reported</span></span></a><span><span><span> that the central theme at the 2019 CitizenGO board meeting was “to reflect on the new forms of political organisations that have emerged due to the possibilities offered by current information technology”, including “easy affiliation and involvement in political activities through the internet” and more.</span></span></span></span></span></p> <p><span><span><span><span>CitizenGO also works in Kenya. PI International Network partners the Kenya Legal and Ethical Issues Network on HIV and AIDS (KELIN) told PI that CitizenGO has launched petitions and campaigns against reproductive healthcare in Kenya. In November 2018, some of Marie Stopes International’s (MSI) reproductive health services were </span></span><a href="https://www.theguardian.com/global-development/2018/dec/21/kenya-lifts-ban-marie-stopes-abortion-services-after-warning-lives-are-at-risk"><span><span>suspended</span></span></a><span><span> including their abortion services. According to MSI, the </span></span><a href="https://www.mariestopes.org/where-we-work/kenya/"><span><span>organisation</span></span></a><span><span> is the country’s largest sexual and reproductive health organisation. KELIN told PI that this was </span></span><a href="https://www.nation.co.ke/news/Ban-on-Marie-Stopes-abortion-services-lifted/1056-4904014-nw9wdo/index.html"><span><span>due</span></span></a><span><span> to a petition by members of Citizen Go Africa, which accused Marie Stopes of advocating for abortions through radio stations. This resulted in the Kenya Medical Practitioners and Dentists Board (the “KMPDB”) demanding that MSI stop offering abortion services. KELIN told PI that the Kenyan government lifted the ban after an audit by the KMPDB who confirmed that MSI had complied with all laws and regulations and were now able to resume their abortion care services under regular supervision. </span></span></span></span></p> <p><span><span><span><span>KELIN told PI that the Executive Director of the Trust for Indigenous Culture and Health, who campaigned for the ban to be lifted, </span></span><a href="https://www.theguardian.com/global-development/2018/dec/21/kenya-lifts-ban-marie-stopes-abortion-services-after-warning-lives-are-at-risk"><span><span>said</span></span></a><span><span> the suspension of Marie Stopes services has had a chilling effect on women’s health services and voiced concern over what this means for individual healthcare providers.<span> According to KELIN, the Executive Director</span> further asserted that “reproductive rights advocates faced an increasingly hostile climate and anti-abortion groups always hit hard after success in the realisation of progressive reproductive health services for women in Kenya”. </span></span></span></span></p> <p> </p> <p><span><span><span><span><span>Heartbeat International</span></span></span></span></span></p> <p><span><span><span><span><span>According to Heartbeat International’s website it runs an “Academy” </span></span></span><a href="https://www.heartbeatinternational.org/academy"><span><span>that</span></span></a><span><span><span> “offers life-affirming leaders, staff members, volunteers, and supporters” online talks and courses related to, in part, “prenatal diagnostic tests to implementing STI testing in your center”. Other courses </span></span></span><a href="https://www.heartbeatservices.org/enter-academy"><span><span>include</span></span></a><span><span><span> “8 Steps for advancing your social media strategy”, “abortion pill rescue training”, and “is there a link between abortion and breast cancer?”. </span></span></span></span></span></p> <p><span><span><span><span><span>The types of courses offered by Heartbeat International are important because they are promoted to the organisation’s international network of affiliated crisis pregnancy centres. </span></span></span><a href="https://www.heartbeatservices.org/services-home"><span><span>Self-described</span></span></a><span><span> as “the largest worldwide network of pregnancy help organizations”, Heartbeat International runs a network of “over 2,700 affiliated pregnancy help organizations worldwide and affiliated pregnancy help organizations in more than 60 countries” – it says it </span></span><a href="https://www.heartbeatservices.org/international/international-affiliates"><span><span>has</span></span></a><span><span> “700 affiliate locations outside the US”.</span></span> <span><span><span>The courses that Heartbeat International is promoting to its global affiliate could be used to directly promote </span></span></span><span><span>misleading health </span></span><span><span><span>information and misinformation globally.  </span></span></span></span></span></p> <p><span><span><span><span><span>Open Democracy </span></span></span><a href="https://www.opendemocracy.net/en/5050/trump-linked-religious-extremists-global-disinformation-pregnant-women/"><span><span>reports</span></span></a><span><span><span> that the one </span></span></span><span><span>online webinar </span></span><a href="https://www.heartbeatinternational.org/resources/resources-by-topic/volunteer-training/talking-about-abortion"><span><span>“developed from the experience of Heartbeat affiliates”</span></span></a><span><span> teaches hotline operators to discourage or delay women from accessing abortions and emergency contraception. They report that content from another webinar “show[s] how Heartbeat teaches incorrect medical information. For instance, it says that abortion can increase women’s risks of getting cancer and mental illnesses. There is </span></span><a href="https://annals.org/aim/fullarticle/717375/induced-abortion-overview-internists"><span><span>no credible medical evidence</span></span></a><span><span> for </span></span><a href="https://www.apa.org/pi/women/programs/abortion/mental-health.pdf"><span><span>these claims</span></span></a><span><span>, which have been repeatedly refuted by global health bodies.”</span></span></span></span></p> <p> </p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Human Life International (HLI)</span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Human Life International was established in 1981 and describes themselves as “the world’s largest global pro-life apostolate, with an active network in over 100 countries”. In a 2018 </span></span><a href="https://www.hli.org/wp-content/uploads/2019/07/HLI-2018-Impact-1.pdf"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>impact report</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>, the organisation says that it organises “the pro-life movement” in “Europe”, parts of Africa, “Asia/Oceania”, and “Latin America” to plan and implement training sessions for “pro-life leaders” and others, and “assist[s] with grassroots movements, such as pregnancy help centres, counseling” and more.</span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>On their website HLI </span></span><a href="https://www.hli.org/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>describe</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> contraception as the “root of the culture of death”, abortion as “the consequence of failed contraception” and reproductive technologies as “unethical procedures of procreation”. HLI further </span></span><a href="https://www.hli.org/about-us/our-mission/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>state</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> on their website that they collaborate with local, regional and national leaders to provide educational and financial resources to support local programs which instill a greater awareness of the assaults to human life and the family. HLI </span></span><a href="https://www.politicalresearch.org/2018/05/08/profile-on-the-right-human-life-international-hli"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>opposes</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> contraception, in-vitro fertilization, comprehensive sex education, and abortion in all circumstances. </span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>PI International Network partner </span></span><span><span>the Kenya Legal and Ethical Issues Network on HIV and AIDS (KELIN) t</span></span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>old PI that in 2015, HLI </span></span><a href="https://nairobinews.nation.co.ke/news/catholic-church-unveils-controversial-anti-condom-billboard"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>started</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> a campaign against condom use by erecting a banner in a rural town in Kenya. KELIN told PI that the campaign was an attempt to condemn the advertising of condoms in all media platforms which they believed were always misleading and encouraging the youth to engage in sexual activities before marriage. In addition, the banner was said to convey the message that condoms cannot prevent the spread of HIV/AIDS. In response, the National Aids Control Council (“NACC”) </span></span><a href="https://www.nation.co.ke/news/Anti-condom-posters-to-be-seized/-/1056/2990620/-/111pj10/-/index.html"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>took</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> hold of the banner and in exchange for its return demanded that the church stop its campaign.<span>.</span> Instead, it was reported, HLI </span></span><a href="https://nairobinews.nation.co.ke/news/catholic-allied-groups-demand-return-of-controversial-anti-condom-billboard"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>led protests</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> along with five other NGO’s outside the NACC’s building and threatened legal action should the NACC fail to return the banners it had pulled down within 14 days.</span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>KELIN told PI that HLI also </span></span><a href="https://www.hli.org/2019/11/human-life-international-hli-kenya-uganda-statement-on-the-icpd25-nairobi-summit/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>publicly denounced</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> the </span></span><span><span>International Conference on Population and Development</span></span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> 25 summit in Nairobi by partnering with other pro-life and pro-family entities and creating an alternative summit dubbed the “Vita et Familia ICPD25”. </span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Even more notable, KELIN told PI, is HLI’s </span></span><a href="https://www.politicalresearch.org/2018/05/08/profile-on-the-right-human-life-international-hli"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>alleged</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> involvement in a campaign in 2010 created to persuade Kenyans to reject the country’s new constitution which legalized abortion if the woman needed emergency care or her life or health was in danger. KELIN told PI that it was </span></span><a href="https://www.standardmedia.co.ke/article/2000004940/church-asked-to-rethink-stance-on-constitution/?pageNo=2"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>reported</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span> that the Catholic Church threatened to reject the 2010 Constitution due to Article 26(4) of the Constitution of Kenya allegedly promoting abortion. KELIN told PI that the HLI Kenya Council chairman at the time was quoted stating that: “the issue should not be whether to legalize abortion, but establishing why it is on the rise”. He also stressed the need to “first address reasons why abortion is rife”.  Following the promulgation of the Constitution, HLI were also against the issuance of the 2012 Guidelines. The HLI’s country director reportedly </span></span><a href="https://www.aljazeera.com/indepth/features/2016/10/dangerously-cheap-kenya-illegal-abortions-161027075859609.html"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>stated</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>: “who has given these individuals the right to decide who should die?”.</span></span></span></span></p> <p> </p> <p><span><span><span><span><span>Life Matters Worldwide</span></span></span></span></span></p> <p><span><span><span><span>Life Matters Worldwide describes itself as “help[ing] the Body of Christ articulate the biblical pro-life message in word and deed”. It </span></span><a href="https://www.lifemattersww.org/MISSIONS"><span><span>says</span></span></a><span><span> that it has “partnered with pro-life ministries to establish and sustain them</span></span> <span><span>as effective Gospel outreaches for the glory of God” and has “worked with believers in Eastern Europe, South America, Africa, and Asia”.</span></span></span></span></p> <p><span><span><span><span>In India, Life Matters Worldwide </span></span><a href="https://www.lifemattersww.org/MISSIONS/Pro-life-partners-around-the-world/India"><span><span>says</span></span></a><span><span> that it has partnered with at least one hospital in the country and “helped them obtain ultrasound equipment”. PI International Network partner the Center for Internet and Society (CIS) told PI that “by partnering with public hospitals and spreading their message, they are actively working to restrict abortions for rural women in particular through their self-perceived roles as guiders, saviours, and educators”. </span></span></span></span></p> <p> </p> <p><span><span><span><span>Population Research Institute (PRI)</span></span></span></span></p> <p><span><span><span><span><span><span>According to PI International Network partner Hiperderecho, the Population Research Institute was founded in 1989 in the United States as a Human Life International research institute, but became independent in 1996.</span></span></span><span><span><span> It </span></span></span><span><a href="https://www.pop.org/simple/who-we-are/"><span><span>says</span></span></a></span><span><span><span> it operates in over 30 countries</span></span></span><span><span><span>. The office for Latin America is based in Lima, Peru and Hiperderecho told PI that from there different anti-reproductive rights movements have been planned and funded in recent years such as “Marcha por la Vida” against abortion and others against gender policies in education such as “Con Mis Hijos No Te Metas”. Both of these campaigns have been run in other countries in the region as well, such as Argentina, Chile, and Colombia. Members of this organisation </span></span></span><span><a href="https://ojo-publico.com/730/religion-o-estado-los-congresistas-del-evangelio-en-el-peru"><span><span>reportedly</span></span></a></span><span><span><span> have influence and lobby with public officials and congressmen due to independent </span></span></span><span><a href="https://ojo-publico.com/730/religion-o-estado-los-congresistas-del-evangelio-en-el-peru"><span><span>investigations</span></span></a></span><span><span><span> detailing lobbying by PRI members. </span></span></span></span></span></span></p> <p> </p> <p><span><span><span><span><span>TeenSTAR</span></span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>TeenSTAR (“Sexuality Teaching in the Context of Adult Responsibility”)</span></span> <span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>is an educational programme that started in the US – <span>TeenSTAR </span></span></span><a href="https://reproductiverights.org/press-room/us-based-sex-ed-program-comes-under-fire-in-international-human-rights-case"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>does not</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span> promote the use of contraceptives. The programme </span></span></span><a href="http://teenstar.org/worldwide/"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>appears</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span> to be used in 36 countries. For example, according to the </span></span></span><a href="https://reproductiverights.org/press-room/us-based-sex-ed-program-comes-under-fire-in-international-human-rights-case"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Center for Reproductive Rights</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>, Croatia has sponsored the programme for a decade and is seeking to mandate a nearly identical programme. The programme is described by the Center for Reproductive Rights to teach teenagers that contraception “disturbs the essence and the nature of sexual act…can be a protection to a certain extent, but on the other hand, it can give a false sense of security, and sooner or later fail the user”. The Center for Reproductive Rights also says that the programme teaches that, among other things, “masturbation “is a case of severe moral disorder”, intimacy between same-sex couples if counter to “proper” sexual intercourse, analogizing it to sexual harassment and other socially “deviant” phenomena”.</span></span></span></span></span></p> <p><span><span><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>According to the </span></span></span><a href="https://reproductiverights.org/press-room/us-based-sex-ed-program-comes-under-fire-in-international-human-rights-case"><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span>Center for Reproductive Rights</span></span></a><span lang="EN-US" xml:lang="EN-US" xml:lang="EN-US"><span><span>, “individual Croatian </span></span></span><span><span>government officials and an independent commission charged with reviewing Croatia's sex education programs have already concluded that TeenSTAR is neither based in science nor expert medical facts, and that the program fails to address the research and available data on Croatian teenagers' sexual behaviour”.</span></span></span></span></p> <p><span><span><span><span><span>In a 2018 </span></span></span><a href="https://www.womenofwearables.com/new-blog/kx27pvw6fpbcu2sw48d6f14sznm89h"><span><span>interview</span></span></a><span><span><span>,</span></span></span> <span><span><span>the Western Regional Director at TeenSTAR in the US, said that “for the first time in human history, we have the capacity to collect and store enormous amounts of detailed personal data for our interpretation and application. Fertility charting is exactly that! And it is on the rise among women of all ages”.</span></span></span> </span></span></p> <p><span><span><span><span><span>Teen STAR and FEMM have an intersection with Chile. The </span></span></span><a href="http://rhrinstitute.org/our-team/"><span><span>current</span></span></a><span><span><span> Medical Director of the Reproductive Health Research Institute (which </span></span></span><a href="https://femmhealth.org/research/what-we-do/"><span><span>collaborates</span></span></a><span><span><span> with FEMM) is the </span></span></span><a href="https://femmhealth.org/teacher/dr-pilar-vigil-bmed-md-phd-facog/"><span><span>current</span></span></a><span><span><span> President of TeenSTAR international. She is </span></span></span><a href="https://femmhealth.org/teacher/dr-pilar-vigil-bmed-md-phd-facog/"><span><span>also</span></span></a><span><span><span> an Associate Professor at the Pontifical Catholic University of Chile, which has </span></span></span><a href="http://www.teenstar.cl/2018/08/07/conferencia-hormonas-cerebro-dra-pilar-vigil-11-agosto-2018/"><span><span>hosted</span></span></a><span><span><span> TeenSTAR. It also appears, from the address available on TeenSTAR’s Facebook page and the Chilean address available on the Reproductive Health Research Institute’s website, that TeenSTAR Chile shares an address with the Reproductive Health Research Institute in the country.</span></span></span></span></span></p> <p> </p> <p><span><span><span><span><span>World Youth Alliance (WYA)</span></span></span></span></span></p> <p><span><span><span><span><span>The World Youth Alliance was founded by the current CEO of the FEMM Foundation in 1999. The WYA </span></span></span><a href="https://www.wya.net/about-wya/how-we-work/"><span><span>says</span></span></a><span><span><span> that it “participates directly at the United Nations, European Union, and Organization of American States” and has produced fact sheets and white papers which show that the organisation stands against access to </span></span></span><a href="https://www.wya.net/wp-content/uploads/2014/10/WYA_fact_sheet_sex_education.pdf"><span><span>comprehensive sex education</span></span></a><span><span><span>, </span></span></span><a href="https://www.wya.net/wp-content/uploads/2014/04/WYA_Reproductive_Health_White_Paper.pdf"><span><span>abortion care</span></span></a><span><span><span>, and </span></span></span><a href="https://www.wya.net/wp-content/uploads/2014/04/WYA_family_planning_white_paper.pdf"><span><span>contraception</span></span></a><span><span><span>. </span></span></span></span></span></p> <p><span><span><span><span><span>According to financial </span></span></span><a href="https://apps.irs.gov/pub/epostcard/cor/134196230_201812_990_2019080916559285.pdf"><span><span>reports</span></span></a><span><span><span>, in 2018 WYA provided nearly 400,000 USD in financial support to organisations in Africa, Asia Pacific, Europe, Latin America, and the Middle East to, in part, “help promote the dignity of the human person in international policy” and “building a culture of life”. According to its website, WYA </span></span></span><a href="https://www.wya.net/op-ed/femm-teacher-training-course-in-malta/"><span><span>has promoted and run</span></span></a><span><span><span> FEMM teacher trainings </span></span></span><a href="https://www.wya.net/press-release/wya-presents-hdc-femm-to-african-leaders-youth/"><span><span>around</span></span></a><span><span><span> the </span></span></span><a href="https://www.wya.net/press-release/femm-and-the-reproductive-health-research-institute-rhri-conduct-training-for-doctors/"><span><span>world</span></span></a><span><span><span>. In a 2018 </span></span></span><a href="https://www.wya.net/wp-content/uploads/2019/08/WYA-Annual-Report-2018.pdf"><span><span>annual report</span></span></a><span><span><span>, the organisation </span></span></span><a href="https://www.wya.net/wp-content/uploads/2019/08/WYA-Annual-Report-2018.pdf"><span><span>said</span></span></a><span><span><span> that FEMM trained over 160 people in Europe and the US and over 150 people as FEMM “health coaches and teachers”.</span></span></span></span></span></p> <p><span><span><span><span>The Fertility Education and Medical Management Foundation or FEMM </span></span><a href="https://femmhealth.org/about-us/what-is-femm/"><span><span>describes</span></span></a><span><span> itself as a women’s health program that in part “teaches women to understand their bodies” and “provides accurate medical testing and treatment based on new research and medical protocols”. </span></span><span><span><span>However, as mentioned previously,</span></span></span><span><span> it </span></span><a href="https://www.theguardian.com/world/2019/may/30/revealed-womens-fertility-app-is-funded-by-anti-abortion-campaigners"><span><span>revealed</span></span></a><span><span> that the FEMM smartphone app “is funded and led by anti-abortion, anti-gay Catholic campaigners” and “sows doubt over the safety of birth control”. According to the Guardian, FEMM is backed financially by the Chiaroscuro Foundation, which is primarily funded by Sean Fieler. Sean Fieler is a </span></span><a href="https://rewire.news/article/2014/09/23/sean-fieler-little-known-atm-fundamentalist-christian-anti-choice-movement/"><span><span>prominent</span></span></a><span><span> donor to Conservative organisations in the US.</span></span></span></span></p> <p><span><span><span><span>The apparently global reach of the World Youth Alliance and its </span></span><a href="https://www.wya.net/wp-content/uploads/2019/08/WYA-Annual-Report-2018.pdf"><span><span>reported</span></span></a> <span><span><span>“steady integration in local governments and institutions” to promote a worldview that does not include basic reproductive rights such as access to comprehensive sex education, contraception, and abortion care, is problematic and concerning.</span></span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span><span>Online ads and social media</span></span></span></strong></span></span></h3> <p><span><span><span><span>A relatively new component of how opposition groups spread misleading health information, is through social media ad targeting systems. These systems allow the opposition to target misleading health information even more precisely and rapidly. While these targeting systems can help those seeking medically accurate reproductive health information and care, they can also be invasive, harmful, and ultimately delay or deny a person from finding and obtaining the care they need. </span></span></span></span></p> <p><span><span><span><span>Juan Pablo Poli, who is a sociologist and member of the Red Nacional de jóvenes para la salud sexual y reproductive in Argentina,</span></span> a youth-led network promoting gender-inclusive access to sexual and reproductive rights, <span><span>told PI research partner Equipo Latinoamericano de Justicia y Género (ELA), that “There are thousands of instances of disinformation, because, for example, in social networks one can say what they want and especially in this time when people share things without properly reading them. Added to the natural disinformation that people have because these topics are generally not discussed in homes, or in families, or in society in general, or in the media. So it is very counterproductive. And then the anti-rights groups have been able to exploit social media exponentially, perhaps even better than pro-choice groups. Their handling of social media and communication is really impressive. They are very cunning.” </span></span></span></span></p> <p> </p> <p><span><span><span><span><span>Facebook and Facebook-owned Instagram and WhatsApp</span></span></span></span></span></p> <p><span><span><span><span><span>Facebook and Facebook-owned Instagram and WhatsApp are used by opposition groups to promote </span></span></span><span><span>misleading health </span></span><span><span><span>information about abortion and contraceptives. </span></span></span></span></span></p> <p><span><span><span><span><span>The Facebook Ad Library, which </span></span></span><a href="https://privacyinternational.org/node/3244"><span><span>has not been</span></span></a><span><span><span> fully implemented or made accessible globally by Facebook, can give insights into what opposition groups are advertising, who they are targeting with ads, and what they are saying.</span></span></span></span></span></p> <p><span><span><span><span><span>For example, the following three ads from the US, which were </span></span></span><a href="https://www.facebook.com/ads/library/?active_status=all&amp;ad_type=political_and_issue_ads&amp;country=US&amp;impression_search_field=has_impressions_lifetime&amp;q=abortion%20reversal&amp;sort_data%5bdirection%5d=desc&amp;sort_data%5bmode%5d=relevancy_monthly_grouped"><span><span>accessed</span></span></a><span><span><span> by PI on 3 April 2020, promote the </span></span></span><a href="https://www.vice.com/en_us/article/a3yjd5/medical-community-slams-study-pushing-abortion-reversal-procedure"><span><span>scientifically dubious</span></span></a> <span><span><span>“abortion pill reversal”, which is a programme of Heartbeat International. Dr Monica McLemore, an Associate Professor of Family Health Care Nursing at the University of California, San Francisco </span></span></span><a href="https://www.innovating-education.org/2018/03/explained-so-called-abortion-reversal/"><span><span>described</span></span></a> <span><span>abortion reversal as “a misnomer”. She said, “It is impossible to reverse a procedure. For medication abortion the process described as reversal is scientifically inaccurate. The practice at issue is the untested and unstandardized administration of large doses of progesterone with the intent to overcome the action of the mifepristone. This intervention is not known to be safe or efficacious.” Yet, so-called abortion pill reversal is being promoted via advertising on Facebook and Instagram by opposition groups. </span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2022.png?itok=nE3f5QqG 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2022.png?itok=_ypNQUgy 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2022.png?itok=_ypNQUgy" alt="Example 1: This ad is running on Facebook and is being targeted at women ages 18-24 and 25-34. " typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em><span><span><span><span><span>Example 1: This </span></span></span><a href="https://www.facebook.com/ads/library/?id=1652286841574748"><span><span>ad</span></span></a><span><span><span> is running on Facebook and is being targeted at women ages 18-24 and 25-34. </span></span></span></span></span></em></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2023.png?itok=k6agxSJU 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2023.png?itok=TmhR90rD 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2023.png?itok=TmhR90rD" alt="Example 2: This ad is running on Facebook but appears to have been incorrectly marked as non-political, meaning that no targeting information is available." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em><span><span><span><span><span>Example 2: This </span></span></span><a href="https://www.facebook.com/ads/library/?id=2597610060526766"><span><span>ad</span></span></a><span><span><span> is running on Facebook but appears to have been incorrectly marked as non-political, meaning that no targeting information is available.</span></span></span></span></span></em></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2024.png?itok=KgeK-HMR 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2024.png?itok=Hc7rM1Kp 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2024.png?itok=Hc7rM1Kp" alt="Example 3: This ad was run on Facebook and Instagram." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em><span><span><span><span><span>Example 3: This </span></span></span><a href="https://www.facebook.com/ads/library/?id=2443425652652918"><span><span>ad</span></span></a><span><span><span> was run on Facebook and Instagram.</span></span></span></span></span></em></p> <p> </p> <p><span><span><span><span><span>Another example of ads run on social media by opposition groups, is the</span></span></span><span><span> Chilean Embarazo Inesperado CAM. It offers a stark example of how little information the social media platforms provides about who is behind these ads.</span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2025.png?itok=XF03Zg22 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2025.png?itok=vaap_wDz 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2025.png?itok=vaap_wDz" alt="Example 4: This screenshot is of an ad being run by the Chilean Embarazo Inesperado CAM, about which Facebook provides very little information despite the political nature of the ad." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em><span><span><span><span>Example 4: This screenshot is of an ad being run by the Chilean Embarazo Inesperado CAM, about which Facebook provides </span></span><a href="https://www.facebook.com/ads/library/?active_status=all&amp;ad_type=all&amp;country=CL&amp;impression_search_field=has_impressions_lifetime&amp;view_all_page_id=206797183530039&amp;sort_data%5bdirection%5d=desc&amp;sort_data%5bmode%5d=relevancy_monthly_grouped"><span><span>very little information</span></span></a><span><span> despite the political nature of the ad.</span></span></span></span></em></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2026.png?itok=PJCXSZ1l 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2026.png?itok=zS7UGaWx 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2026.png?itok=zS7UGaWx" alt="Example 5: Ads being run [accessed April 2020] by Embarazo Inesperado in Chile. Very little information is made available by Facebook about who is behind the page." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em><span><span><span><span>Example 5: Ads being run [accessed April 2020] by Embarazo Inesperado in Chile. Very little information is made available by Facebook about who is behind the page.</span></span></span></span></em></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2027.png?itok=jcXHcGA3 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2027.png?itok=usWDPpNO 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2027.png?itok=usWDPpNO" alt="This ad screenshot shows how little information Facebook makes available about who is being targeted with the ad and who is behind the Facebook page." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em>Example 6: <span><span><span><span>This </span></span><a href="https://www.facebook.com/ads/library/?id=219322852727439"><span><span>ad screenshot</span></span></a><span><span> shows how little information Facebook makes available about who is being targeted with the ad and who is behind the Facebook page.</span></span></span></span></em></p> <p> </p> <p><span><span><span><span>Due to Facebook’s limited implementation and piecemeal enforcement, many countries are left without any transparency as to what ads are being run by opposition groups, who they are targeting, and what they are saying on Facebook and other Facebook-owned platforms. Oftentimes it is up to journalists to uncover such ads or other methods of spreading misleading health information.</span></span></span></span></p> <p><span><span><span><span>For example with regards to WhatsApp, following the legislative debate to legalise abortion in Argentina in 2018, it was </span></span><a href="https://sxpolitics.org/GPAL/uploads/Ebook-argentina_20200203.pdf"><span><span>reported</span></span></a><span><span> that opposition groups began a campaign on the app against comprehensive sex education. The campaign, which was reportedly launched by evangelical groups in the country, circulated messages in WhatsApp groups for mothers. The messages went viral and were widely shared. It was </span></span><a href="https://sxpolitics.org/GPAL/uploads/Ebook-argentina_20200203.pdf"><span><span>reported</span></span></a><span><span> that the circulated audio messages detailed vulgar and false descriptions of what sex ed classes contain. The messages also were reportedly transphobic. It was </span></span><a href="https://sxpolitics.org/GPAL/uploads/Ebook-argentina_20200203.pdf"><span><span>reported</span></span></a><span><span> that similar false information was circulated on Facebook.</span></span></span></span></p> <p><span><span><span><span>Ingrid Beck, a journalist based in Argentina told the Argentine organisation Equipo Latinoamericano de Justicia y Género (ELA), with which PI worked on this report that, “The main network to distribute false information is WhatsApp. Followed by the rest of the social media. The list would be WhatsApp, Facebook and Twitter. Essentially, they [the opposition] use [social media] to raise doubts and false information about human rights defenders, spread anti-science discourse, anti-scientific evidence, and conservative and reactionary discourse. I think that all those messages come from false news that have no scientific sources or simply fake news that could not even be credible, but as they get replies or are distributed, they become credible. Sometimes they are built in a way that looks like they are real and other times they are absolutely crazy, but because they work with the confirmation bias they make that news credible”.</span></span></span></span></p> <p><span><span><span><span>During the 2018 abortion referendum in Ireland, Facebook “</span></span><a href="https://www.theguardian.com/world/2018/may/12/ireland-abortion-campaign-foreign-influence-facebook"><span><span>mistakenly launched</span></span></a><span><span>” a transparency tool that allowed users to see “the real-life location of people who were managing” Facebook pages related to the referendum. A </span></span><a href="https://www.theguardian.com/world/2018/may/12/ireland-abortion-campaign-foreign-influence-facebook"><span><span>reportedly</span></span></a><span><span> “significant proportion” of posts related to the referendum were “from pages managed partly or entirely outside of Ireland”. Some of the pages running ads against legalising abortion had foreign page managers including managers based in the UK, Hungary, and “other unidentified countries”. Facebook eventually banned foreign ads related to the referendum. Google eventually </span></span><a href="https://www.theguardian.com/technology/2018/jul/20/facebook-publish-data-irish-abortion-referendum-ad-spending-targeting-voters"><span><span>banned</span></span></a><span><span> all ads related to the referendum.</span></span></span></span></p> <p><span><span><span><span>In late 2019, over a year after the referendum, Facebook released data related to how much money was spent to buy Facebook ads related to the Irish referendum prior to Facebook banning foreign ads. It was </span></span><a href="https://www.businesspost.ie/more-business/over-1m-spent-on-facebook-ads-during-abortion-referendum-c5483f9e"><span><span>reported</span></span></a><span><span> that over €1 million euros was spent, by 350 groups. Facebook has </span></span><a href="https://twitter.com/AarRogan/status/1180832596730765313"><span><span>apparently</span></span></a><span><span> not released information about what groups bought ads, meaning that it is not currently possible to understand how opposition groups, neither foreign nor domestic, targeted people with potentially misleading ads during the referendum. </span></span></span></span></p> <p><span><span><span><span>While Facebook has since taken further steps to increase transparency for users and researchers around what advertisers are buying ads, whom they are targeting, and what they are saying, in many countries, advertisers are not mandated by Facebook to provide heightened transparency about who is behind a message. Given the </span></span><a href="https://www.theguardian.com/technology/2020/jan/09/facebook-political-ads-micro-targeting-us-election"><span><span>prominence</span></span></a><span><span> of the debate around political ads transparency in some countries, it’s unacceptable that Facebook allows such a stark transparency differential. Opposition groups are using Facebook, Instagram, WhatsApp, and other platforms, as the above examples demonstrate, to promote misleading health information and delay people from seeking care. People everywhere should be able to understand why they are seeing an ad and who’s behind it, and societies globally must be able to understand when misleading health information is being promulgated on social media. The effect that misleading health information could have on people’s lives </span></span><a href="https://slate.com/human-interest/2018/07/why-an-abortion-pill-reversal-study-has-been-temporarily-withdrawn-by-the-pro-life-journal-that-published-it.html"><span><span>could have devastating</span></span></a><span><span> results.</span></span></span></span></p> <p><span><span><span><span>Damián Levy, a doctor and member of the Advocacy Committee of the Access to Safe Abortion Network Argentina (REDAAS) told the Argentina-based organisation Equipo Latinoamericano de Justicia y Género (ELA) that “In Argentina, phone calls, websites, Facebook, and WhatsApp are the main forms of technology used in the provision or restriction of reproductive health services and information.” Given this, it’s crucial that Facebook provide meaningful transparency about what organisations are behind anti-reproductive rights ads globally and who they are targeting.</span></span></span></span></p> <p> </p> <p><span><span><span><span><span>Google and Google-owned YouTube</span></span></span></span></span></p> <p><span><span><span><span><span>In the US, Google has come under </span></span></span><a href="https://www.theguardian.com/technology/2019/may/12/google-advertising-abortion-obria"><span><span>criticism</span></span></a><span><span><span> for giving “tens of thousands of dollars in free advertising” to an </span></span></span><a href="https://rewire.news/article/2019/05/14/an-anti-choice-group-pledged-it-would-never-provide-contraception-as-it-pursued-title-x-funds/"><span><span>anti-contraceptive and anti-abortion network</span></span></a><span><span><span> of crisis pregnancy centres.</span></span></span></span></span></p> <p><span><span><span><span>Groups </span></span><a href="https://www.theguardian.com/technology/2019/may/12/google-advertising-abortion-obria"><span><span>exist</span></span></a><span><span> to help opposition organisations promote their services and assist them in applying for Google grants. For example, Heartbeat International’s Extend Web Services </span></span><a href="https://extendwebservices.com/services/pay-per-click"><span><span>offers</span></span></a><span><span> assistance to crisis pregnancy centres for obtaining Google’s AdWords Grant for Non-Profits.</span></span></span></span></p> <p><span><span><span><span><span>Below are some examples of Google ads running on search terms such as “free pregnancy test” and “abortion”.</span></span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2028.png?itok=ayyAto5v 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2028.png?itok=WnwOYwE_ 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2028.png?itok=WnwOYwE_" alt="Example 1: In the US state of North Dakota, there is one remaining abortion clinic, the Red River Women’s Clinic. However, Google Maps doesn’t clearly identify which clinic is real and which are crisis pregnancy centres. People searching for abortion care would find it difficult to know which clinic are real. The top ad is a crisis pregnancy centre as well." typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><em><span><span><span>In the US state of North Dakota, there is one remaining abortion clinic, the Red River Women’s Clinic. However, Google Maps doesn’t clearly identify which clinic is real and which are crisis pregnancy centres. People searching for abortion care would find it difficult to know which clinic are real. The top ad is a crisis pregnancy centre as well.</span></span></span></em></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2029.png?itok=Sg-aHTvU 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2029.png?itok=6M1vMILm 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2029.png?itok=6M1vMILm" alt="All of these ads link to crisis pregnancy centres. The UK’s Life Charity does not promote or refer for abortion. " typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><em>All of these ads link to crisis pregnancy centres. The UK’s Life Charity does not promote or refer for abortion. </em></p> <p> </p> <p><span><span><span><span><span>Twitter</span></span></span></span></span></p> <p><span><span><span><span><span>It’s near impossible to get a sense how opposition groups are advertising on Twitter, due to the nature of Twitter’s advertising transparency tools. The platform </span></span></span><a href="https://techcrunch.com/2018/06/28/twitter-ads-transparency-center/"><span><span>launched</span></span></a><span><span><span> its political ads transparency tool in 2018, which archived ads related to an election for seven days and gave heighted information about who was being targeted with the ads and who was paying for them. Twitter also retains non-political ads for seven days, before they are deleted from the archive. In 2019 the platform </span></span></span><a href="https://www.google.com/search?client=firefox-b-d&amp;ei=e5yJXuOtG6OFhbIP0rek-AE&amp;q=twitter+ban+political+ads&amp;oq=twitter+ban+pol&amp;gs_lcp=CgZwc3ktYWIQAxgAMgIIADICCAAyAggAMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgYIABAWEB4yBggAEBYQHjIGCAAQFhAeMgUIABDNAjoECAAQRzoECAAQQzoFCAAQkQI6BQgAEIMBShQIFxIQOC03MGc4MWc2N2c3NWcxOUoPCBgSCzgtMWcyZzVnMWcyUInyBli2-gZgiv4GaABwAngAgAFTiAGsBJIBATmYAQCgAQGqAQdnd3Mtd2l6&amp;sclient=psy-ab"><span><span>announced</span></span></a><span><span><span> it would ban political ads on its platform, meaning that the heightened transparency around election ads was halted. Crucial to reemphasise, for Twitter users outside of the US the company’s </span></span></span><a href="https://privacyinternational.org/taxonomy/term/721"><span><span>definition</span></span></a><span><span><span> of political ads was limited to ads tied to an election, instead of ads that were also related to political issues. This means that ads tied to abortion, a highly political issue, would have been allowed to run without heightened transparency.</span></span></span></span></span></p> <p><span><span><span><span><span>The company </span></span></span><a href="https://ads.twitter.com/transparency"><span><span>appears</span></span></a><span><span><span> to still retain non-political ads for seven days, before they are deleted from the archive. However, the tool is cumbersome to navigate. Ads are searchable only by advertiser, rather than by topic – so to understand what ads are being run that relate to contraception or abortion, a person cannot conduct a global search on the term “abortion reversal”, for example, but instead needs to have an idea of what Twitter users might be running ads, and then individually search for that advertiser to check. Furthermore, ads are deleted after seven days, making it virtually impossible to get a sense of how opposition groups are testing and targeting messages on Twitter.</span></span></span></span></span></p> <p><span><span><span><span><span>There have been instances where the platform has removed or rejected opposition ads. In 2017, the platform </span></span></span><a href="https://www.washingtonpost.com/business/economy/twitter-wont-run-an-anti-abortion-groups-paid-advertising-unless-it-scrubs-its-website-of-sensitive-content/2017/09/22/d914fc8a-9ecb-11e7-9083-fbfddf6804c2_story.html"><span><span>rejected ads</span></span></a><span><span><span> from two prominent opposition groups for violating its “health and pharmaceutical products and services policy”. As of 2020, one of the opposition groups is no longer </span></span></span><a href="https://ads.twitter.com/transparency/SBAList"><span><span>eligible</span></span></a><span><span><span> to run ads on the platform.</span></span></span></span></span></p> <p> </p> <h3><span><span><span><span><span>Blocking access to reproductive health information</span></span></span></span></span></h3> <p><span><span><span><span><span><span><span>In countries where different reproductive health care such as access to abortion care or contraceptives is limited by law or stigma, harsher measures to block access to information may also occur. </span></span></span><span><span><span>According to PI International Network partner </span></span></span><span><span><span>the Institute for Policy Research and Advocacy (ELSAM)</span></span></span><span><span><span>, the </span></span></span><span><span><span>Indonesian government has imposed internet blocking and filtering against some websites, including websites with breast feeding information, LGBTQ rights, and websites offering abortion care information and telemedical services. According to ELSAM the website blocking is regulated by the Ministry of Communication and Informatics and is a part of the governments “Healthy Internet” (“Internet Sehat”) programme. ELSAM told PI that the programme includes a list of blacklisted internet content that the Ministry considers negative, including “negative content” based on URL/domain/keyword-based filtering. ELSAM told PI that if the Ministry considers content to be negative it has the authority to order internet service providers to block the content, so that people can no longer access the content under question. </span></span></span></span></span></span></span></p> <p><span><span><span><span><span><span>ELSAM, which has </span></span></span><a href="https://pusdok.elsam.or.id/repository/download/desain-kebijakan-tata-kelola-konten-internet-usulan-pelembagaan-dari-perspektif-hak-asasi-manusia/"><span><span><span>studied</span></span></span></a><span><span><span> the policy, told PI that there are several problems with the websites on the blacklist, including that the blocking and filtering method is often wrongfully targeted and contents such as websites that provide reproductive health information and services have been blocked.</span></span></span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2030.png?itok=csuFSQfm 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2030.png?itok=O0Y_oLDe 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2030.png?itok=O0Y_oLDe" alt="The above screenshot shows one of articles being blocked, Bolt. The description says “We have blocked the site you visited in order to support the “Internet Sehat” (Healthy Internet) Program, a program initiated by the Indonesian Government.”" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><em><span><span><span>The above </span></span></span></em><a href="https://twitter.com/suratedaran/status/492511658044968960?s=21"><em><span><span><span>screenshot</span></span></span></em></a><em><span><span><span> shows one of articles being blocked, Bolt. The description says “We have blocked the site you visited in order to support the “Internet Sehat” (Healthy Internet) Program, a program initiated by the Indonesian Government.”</span></span></span></em></span></span></span></p> <p> </p> <p><span><span><span><span><span><span>Indonesian branch of Women on Web, which offers telemedical access to abortion care, told ELSAM that the Women on Web website had been blocked several times for posting an article about medical abortion. After the website was blocked, Women on Web asked the Ministry for further information about the reason for the block; the Ministry replied with basic information about the decision.</span></span></span></span></span></span></p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2031.png?itok=xCZEhKM_ 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2031.png?itok=IFgkrQV5 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2031.png?itok=IFgkrQV5" alt="31" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><span><span><span>ELSAM told PI that the above screenshot shows the reply from the ministry administrator. It says</span></span></span><em> </em><em><span><span><span>“We wanted to inform you that your site has been blocked for posting an article or activity related to abortion. The normalisation [reinstatement] process has been undertaken after we conducted a verification confirming the removal of negative contents posted in womenonweb.org.”</span></span></span></em></span></span></span></p> <p> </p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-04/Picture%2032.png?itok=ppKst3Qh 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2032.png?itok=x582TEA7 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-04/Picture%2032.png?itok=x582TEA7" alt="32" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><span><span><span><span><span><span>ELSAM told PI that this screenshot shows a message explaining why the article on Women on Waves was blocked. It is said that the website was blocked because it violated Art. 75 (1) of Law on Health (36/2009) that states</span></span></span> <em><span><span><span>“everyone is prohibited from doing abortion”</span></span></span></em> <span><span><span>so that all internet content related to how to do abortion is prohibited. That is the only information given by the administrator.</span></span></span></span></span></span></p> <p><span><span><span><span><span><span><span>ELSAM </span></span></span></span><span><span><span>expressed to PI that the Indonesian government’s sensitivity to some issues around reproductive health has impacted to the full enjoyment of the rights and that many medical professionals view abortion as something that is unsafe and unjustified, and that these personal viewpoints can result in there being a lack of clear information available from trusted sources online. In Indonesia, abortion is still considered fundamentally illegal and this perspective seems to affect the internet content polices that make medically accurate and complete information harder for pregnant people to find. “This puts women in a vulnerable condition as it will lead them to seek an unsafe abortion service in either online (such as the marketplace) or offline services (illegal clinic or unsafe advices from the amateurs)”, ELSAM told PI.</span></span></span></span></span></span></p> <p> </p> <h3><span><span><strong><span><span>Gagging international reproductive healthcare providers</span></span></strong></span></span></h3> <p><span><span><span><span>Finally, it is crucial to mention that a major reason that partial reproductive health information is being provided globally is due to international aid funding </span></span><a href="https://pai.org/data-and-maps/whats-the-difference/"><span><span>restrictions</span></span></a><span><span>. The US Helms Amendment, which restricts funding for abortion related activities, and the US Global Gag Rule, which places requirements for clinics receiving US funding to not provide any abortion services, advocate for legalisation of abortion, or refer clients to another clinic for abortion, both have limited what information and services people outside of the US seeking reproductive healthcare receive.</span></span></span></span></p> <p><span><span><span><span>For example, the Kenya Legal and Ethical Issues Network on HIV and AIDS (KELIN) told PI that while the Global Gag Rule was intended to reduce the number of abortions, it has instead had </span></span><a href="https://citizentv.co.ke/news/abortions-on-the-rise-in-kenya-as-trump-cuts-marie-stopes-funding-201651/"><span><span>the opposite effect</span></span></a><span><span> and that lack of funding due to the abovementioned policies has closed clinics and curtailed family planning and maternal child healthcare services thereby frustrating the affordable access to safe abortion services. </span></span></span></span></p> <p><span><span><span><span>In India, PI International Network partner the Center for Internet and Society (CIS), told PI that USAID programs in India are geared towards maternal and child health and family planning. In line with India’s legal framework, USAID programmes </span></span><a href="///Users/lauralc/Downloads/from%20https:/www.usaid.gov/india/health-partnerships"><span><span>claim</span></span></a><span><span> to support an individual's right to make informed and voluntary decisions regarding their reproductive health and body. However, CIS told PI that international programs funded by the US are implicated by US domestic policies, posing restrictions on international USAID work in Global South countries that are riddled with power asymmetries – and that the most prolific example of domestic politics affecting funding internationally for reproductive rights is the Global Gag Rule. </span></span></span></span></p> <p><span><span><span><span>CIS told PI that the extent to which the Global Gag Rule will impact Indian NGOs is not entirely known as the full list of health and family planning organisations that receive USAID funding in the country is </span></span><a href="https://qz.com/india/952760/trumps-anti-abortion-policies-are-cutting-off-funding-for-maternal-health-ngos-in-india/"><span><span>not available</span></span></a><span><span>. What remains clear, CIS told PI, is that women, especially women who have used or rely on services provided by organisations funded by USAID, will be restricted from receiving abortion-related care or information. CIS concluded by saying that “as is the trend historically, reproductive bodies become the site of geopolitical contestation and are burdened with facing more barriers to exercise their fundamental reproductive rights”.</span></span></span></span></p> <p> </p> <p>End note</p> <h3><span><span><span><span><span>Data exploitation by those opposed to sexual and reproductive rights is just beginning. As access to contraception, abortion care, and sexual health information is increasingly digitalised, those fighting for bodily autonomy must also remain vigilant to how the opposition is developing data exploitative technologies to further their own aims. We hope that this report helps to add momentum to this conversation.</span></span></span></span></span></h3> <p> </p></div> </div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/sexual-and-reproductive-rights" hreflang="en">Sexual and Reproductive Rights</a></div> </div> </div> <div class="field field--name-field-attachments field--type-file field--label-inline"> <div class="field__label">Attachments</div> <div class="field__items"> <div class="field__item"> <span class="file file--mime-application-pdf file--application-pdf"> <a href="http://www.privacyinternational.org/sites/default/files/2020-04/PI-Sexual-Repruductive-Rights-report.pdf" type="application/pdf; length=8800701">PI-Sexual-Repruductive-Rights-report.pdf</a></span> </div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/reproductive-rights-and-privacy-project" hreflang="en">Reproductive Rights and Privacy Project</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/180" hreflang="en">PI-Sexual-Repruductive-Rights-report-final (dragged).png</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>This Privacy International report documents 10 data exploitative technologies and tactics being developed to delay or curtail access to reproductive healthcare globally.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li><span><span><span><span>PI has documented a series data exploitative tactics that the opposition is using to delay or curtail access to reproductive healthcare.</span></span></span></span></li> </ul></div> </div> Tue, 21 Apr 2020 11:36:01 +0000 tech-admin 3669 at http://www.privacyinternational.org Tracking the Global Response to COVID-19 http://www.privacyinternational.org/key-resources/3460/tracking-global-response-covid-19 <span class="field field--name-title field--type-string field--label-hidden">Tracking the Global Response to COVID-19</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/460" typeof="schema:Person" property="schema:name" datatype="">caitlinb</span></span> <span class="field field--name-created field--type-created field--label-hidden">Thursday, March 19, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19 virus.</p> <p>Some of these measures impose severe restrictions on people’s freedoms, including to their privacy and other human rights. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.</p> <p>Many of those measures are based on extraordinary powers, only to be used temporarily in emergencies. Others use exemptions in data protection laws to share data.</p> <p>Some may be effective and based on advice from epidemiologists, others will not be. But all of them must be temporary, necessary, and proportionate.</p> <p>It is essential to keep track of them. When the pandemic is over, such extraordinary measures must be put to an end and held to account.</p> <p>This page will be updated as measures are reported.</p> <p>This is a collective project led by PI alongside its global Network. But we also need your help. If you know of an example we can add and track, please contact us with an open source link, at <a href="https://dev.privacyinternational.org/contact">https://privacyinternational.org/contact</a><em>.</em></p></div> <div class="field field--name-field-resource-type field--type-entity-reference field--label-above"> <div class="field__label">Related learning resources</div> <div class="field__items"> <div class="field__item"><a href="/learning-resources/analysing-responses-covid-19" hreflang="en">Analysing responses to Covid-19</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/732" hreflang="en">News and Analysis</a></div> <div class="field__item"><a href="/taxonomy/term/734" hreflang="en">Reports</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/115" hreflang="en">Scenario_02.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Tech companies, governments, and international agencies have all announced measures to help contain the spread of the COVID-19 virus. Unprecedented levels of surveillance, data exploitation, and misinformation are being tested across the world.</p></div> </div> Thu, 19 Mar 2020 14:54:48 +0000 caitlinb 3460 at http://www.privacyinternational.org Brazil’s Bolsa Familia Program: the impact on privacy rights http://www.privacyinternational.org/long-read/3758/brazils-bolsa-familia-program-impact-privacy-rights <span class="field field--name-title field--type-string field--label-hidden">Brazil’s Bolsa Familia Program: the impact on privacy rights</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Wednesday, May 13, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><em>This article has been written by our partner organisation InternetLab. Read this article in Portuguese <a href="https://www.internetlab.org.br/pt/privacidade-e-vigilancia/bolsa-familia-pensando-a-privacidade-das-titulares/">here</a>. </em></p> <p>Over the last months, the organisation InternetLab has researched privacy, data protection, gender, and social protection, focusing on the beneficiaries of the Bolsa Familia Program (PBF). The PBF is the most extensive Brazilian cash transfer program, and its functioning is linked to <a href="https://www.ipea.gov.br/portal/images/stories/PDFs/TDs/td_1414.pdf">CadÚnico</a>, a database that comprises 40% of the country’s population. Moreover, it is a program whose beneficiaries are mostly women (approximately 90%) due to the policy’s own design, and which, in the last years, has been one of the most disputed issues in Brazil, both in terms of politics and public debate. The (lack of) privacy experienced by this segment of the population deserves special attention due to their vulnerable socioeconomic condition and also to the gender aspect involved in the privacy-related harms or losses.</p> <h3><br /> Focalized, conditional, 20% of Brazilian population: what we already know about PBF</h3> <p>Bolsa Familia is a conditional cash transfer program that currently reaches 13.1 million families or 40.8 million people. The main selection criterium is the family income, and the eligibility is defined in two lines: the extreme poverty, characterized by the monthly per capita income of up to R$ 89 ($ 17,55), and the poverty, characterized by the household income per capita between R$89,01 and R$ 178 ($ 35,10) .</p> <p>The program’s purpose is the immediate relief of extreme poverty and the provision of conditions to overcome socioeconomic vulnerability, as well as to break the intergenerational transmission of poverty. In addition to the direct cash transfer and the monitoring of health and education conditionalities, the program relies on the coordination with other policies to achieve these goals.</p> <h3>Data, what for?</h3> <p>The main database used for selecting beneficiaries and managing the program is called CadÚnico (Unified Registry for Social Programs of the Federal Government). Created in 2001 and connected to the management of PBF in 2003, CadÚnico is an instrument of identification and socioeconomic characterization of low-income Brazilian families. It serves not just PBF, but more than thirty public policies.</p> <p>CadÚnico contains information such as housing conditions, personal identification, level of literacy and education, work situation and income and whether the family belongs to traditional and specific groups. Together, they form a set of referential data about the most impoverished population in Brazil: 76.417.354 people, according to data of December 2019. It is through CadÚnico that the automated selection of the beneficiaries is processed.</p> <p>In addition to the registration and selection process, PBF deploys informatized systems that make it possible to manage the program at different levels of the federation and allow for the collection and integration of data related to the monitoring of conditionalities. The conditionalities are requirements assumed by the beneficiaries in order to be granted the benefits, and they consist of school attendance as well as immunization, prenatal care, and nutritional monitoring of children. A great amount of personal data, including sensitive ones, informs, thus, PBF. The execution of crucial policy processes depends on the intensive processing of personal data: the examination of eligibility criteria, the implementation of targeting mechanisms, the granting and payment of benefits, and the monitoring of conditionalities.</p> <p>The program also comprises periodic evaluation of permanence conditions through a continuous update and cadastral verification. The families are required to update their registers annually or in case of any changes in their data. The cadastral verification is carried out by cross-checking CadÚnico with other federal databases.</p> <p>According to interviews with members of the Office of the Comptroller General and records of the <a href="https://www.ipea.gov.br/portal/index.php?option=com_content&amp;view=article&amp;id=34443&amp;Itemid=433">Monitoring and Evaluation Committee for Federal Public Policies (CMAP)</a>,  the frequency of these crossings has increased lately. “Until 2016, the action was annual (…); since 2017, the procedure started to be performed during the fiscal year, on a routine basis, distributing the new information all over the year to be addressed by the municipal managers, thereby facilitating their dynamics” (<a href="http://www.ipea.gov.br/portal/images/stories/PDFs/livros/livros/181127_comite_de_monitoramento_cap08.pdf">Miranda Alves Pereira, 2018</a>).</p> <p>Besides, the selection, which formerly depended on self-declared information, has been automatically filtered – for instance, the impediment of qualifying families with a member who, not having declared income to CadÚnico, is listed in the RAIS/CAGED  base (Miranda Alves Pereira, 2018). The intensification of these control proceedings finds relation to budgetary and financial restrictions resulting from the New Fiscal Regime, approved in 2016 (EC 95/2016).  The new regime established a cap on public spending. Consequently, it imposed cost savings, the reduction in the number and rigid controls on individuals benefiting from government welfare or public pension systems.</p> <h3>Under scrutiny: public resources, vulnerable beneficiaries</h3> <p><br /> The information that feeds CadÚnico is declared by the primary person responsible for the family unit, who must be over 16 years and preferably female. The family representative is also the priority benefit holder. The female priority is upheld by law and, according to policy analysts, direct transfer to women favours the use of cash transfers within families (<a href="http://www.ipea.gov.br/portal/images/stories/PDFs/TDs/td_2331.pdf">Bartolo, Fountoura, Passos, 2017</a>). Official data indicates that currently 88.5% households are represented by women (<a href="https://bit.ly/37kY3VC">Senarc, set. De 2019</a>).</p> <p>Many scholars seek to understand the effects of prioritising women as a way of ensuring the effectiveness of public policies. Some of them point out that, regardless of the adequacy of such decisions, gender stereotypes manifest themselves in the respective inspection and social control mechanisms.</p> <p>The complaints presented by citizens to the Ombudsman’s Offices allow for a fruitful investigation of these conceptions. Although not so frequent and not very expressive in terms of effectively leading to the cancelling of benefits, they reflect in a very particular way some perceptions on the beneficiaries of the program. They are therefore crucial for the understanding of control dynamics that may be imperceptible through the analysis of the policy design itself. To analyse these complaints (obtained via a request to access information, according to Access to Information Act proceeding), we have built a dialogue with other research efforts. An expressive body of literature has focused on the effects of public policies on the sociability of beneficiaries, as well as on the morals constructed either socially or in the face of state bureaucracy (Marins, 2017; <a href="https://bit.ly/37l1trq">Milanezi, 2019</a>).</p> <p>The complaints are mostly motivated by citizens’ perceptions that some people should not receive the benefit as a result of their income. Complainants refer to beneficiaries having cars, properties, or even a salary (for the most part, by the way, close to the national minimum). Other frequent causes for complaints are related to the family structure (custody and domicile of the children, for example), and pattern of expenditure (complainants describe in detail how the beneficiaries fail to direct the resources to their children or spend it in a way considered superfluous). These complaints express an evaluation on the “legitimate beneficiaries”, which involves gender stereotypes. For example, the judgment on who the "good" and "bad" mothers are, and the strengthening of the bond between female identity and the ethos of motherhood (for conclusions in the same direction, see studies by Marins, 2017, and <a href="http://www.ipea.gov.br/portal/images/stories/PDFs/TDs/td_2331.pdf">Bartolo, Fountoura, Passos, 2017</a>).</p> <p>From a data protection perspective, it is relevant to note that about 60% of the complaints contained personal information from the beneficiaries, including taxpayer registry number (CPF), mother's name and the social security identification number (known as NIS).</p> <p>Even if the beneficiary’s name, the social security identification number, and the benefit value are, in fact, considered public data by the Brazilian government, how are citizens other than the beneficiaries able to grasp access to these data? We have identified at least four paths.</p> <p>The social security identification number of any citizen can be accessed on the “<a href="https://aplicacoes.mds.gov.br/sagi/consulta_cidadao/">Citizen Space – CadÚnico</a>”, a government's official website, by inserting the name, birth date, mother’s name, and the beneficiary’s city. It is also possible, in possession of the name, NIS and CPF, to access the benefit status on the <a href="https://www.beneficiossociais.caixa.gov.br/consulta/beneficio/04.01.00-00_00.asp">Caixa Econômica Federal’s </a>website. In the <a href="http://www.portaltransparencia.gov.br/beneficios/consulta?ordenarPor=mesAno&amp;direcao=desc">Transparency Portal</a>, it is also possible to find, sorting by the municipality, the name of the beneficiary, social security identification number, and the benefit value. In addition to those, there is an extra-official public application through which some of these data can be accessed: the <a href="http://bolsafamilia.info/">BolsaFamilia.Info</a>. Through this portal, built by a private party aiming “to eliminate the fraudsters from the program”, it is possible to access the full name, social security identification number, benefits' values, merely by defining the state and municipality of the beneficiary.</p> <p>Given the above, several questions can be raised about the legal basis and the proportionality of the exposure to which beneficiaries of the PBF are subjected.</p> <p>The Bolsa Familia Act, in fact, establishes that the “list of beneficiaries and the respective benefit value shall be publicly accessible”. The decree that regulates it provides that the Social Control Council must have access to PBF data and information and also that the list of beneficiaries of the PBF should be widely disclosed by the Municipal and Federal District governments.</p> <p>The Access to Information Act is, furthermore, another instrument that, in terms of active transparency, establishes that information of public interest must be disclosed regardless of requests (art. 3, II). It also determines that personal information can be released by the government, when consented (art. 31, II), by overriding public interest (art. 31, §3º, V), or, yet, when irregularities are at stake.</p> <p>In the case of the PBF payroll, the disclosure of personal data seems to be taken as a measure of active transparency, according to the Bolsa Família Act and its Decree. These measures, although legal, are under possible tension with the General Data Protection Act (enacted in 2018, coming into force later this year), exceed the specific obligations established in the Access to Information Act, and fail to meet requirements of necessity and proportionality.</p> <p>After all, a broad disclosure of these data involves risks already materialised. Last year, a scam spread through Whatsapp messages installed viruses on devices of beneficiaries, by offering <a href="https://link.estadao.com.br/noticias/cultura-digital,golpe-no-whatsapp-promete-beneficio-do-bolsa-familia,70002284879">a link that promised an additional benefit</a>, <a href="https://agenciabrasil.ebc.com.br/geral/noticia/2019-07/golpe-promete-liberacao-instantanea-de-13a-do-bolsa-familia">the 13th month-pay</a>. Something similar occurred in 2018: During the last presidential elections, it was found out that a candidate <a href="https://www1.folha.uol.com.br/poder/2018/11/campanha-de-meirelles-enviou-whatsapp-a-beneficiarios-do-bolsa-familia.shtml">was sending propaganda</a> directed specifically to the program beneficiaries, by WhatsApp as well.</p> <p>Although the management of PBF involves several agencies at different levels of the federation, its functioning provides generous sharing and control strategies, which calls into question the necessity for a frequent, active and general disclosure of this information to the public.</p> <h3>Alerts and Developments</h3> <p><br /> The study is still in the research and writing phase. Some alerts are already in place, however.</p> <p>Advances in technology and the increased data processing capabilities allow for more constant collection, validation, and sharing of information among government bodies. The accounts from our interviewees also point to an expectation of efficiency increase, and the improvement in the focalization of the policy – which, although frequently questioned, is an essential feature of PBF since its inception.<br />  <br /> Especially in the face of the imminent coming to force of the Brazilian General Data Protection Act, we seek to address some of the eventual systemic problems that may arise in such a context. For instance, the excessive data collection; the opacity of systems and infrastructure; the lack of openness, inclusiveness, and transparency in the decision-making process; flawed accountability mechanisms and security. The latter is exacerbated by the number of agents and bodies processing these data (be it to render services, to implement policies, or to inspect activities), by inadequate data protection safeguards, and the vulnerable position in which beneficiaries encounter themselves. Issues about data sharing and its use for non-specific, unforeseen and uninformed purposes also arise, such as we have discussed at the time of publication of the Decree on the <a href="https://www.internetlab.org.br/pt/privacidade-e-vigilancia/cadastro-base-e-amplo-compartilhamento-de-dados-pessoais-a-que-se-destina/">Base Registry</a>.</p> <p>The interdependent nature of human rights and the necessity to embody privacy protection on social protection systems is, in this context, particularly important. We base our next step on this premise. Women on situations of poverty and extreme poverty, possibly relatively more threatened by more on and offline surveillance and data exploitation, should not have to choose between privacy and social protection, food security, or a benefit that after all alleviates, but does not eliminate poverty (<a href="https://bit.ly/38oegKW">Souza et al; 2019:10</a>).</p> <p> </p></div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/poverty" hreflang="en">Poverty</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/taxonomy/term/776" hreflang="en">Realise Our Rights to Live with Dignity</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/675" hreflang="en">When Big Brother Pays Your Benefits</a></div> </div> </div> <div class="field field--name-field-type-of-abuse field--type-entity-reference field--label-above"> <div class="field__label">Type of abuse</div> <div class="field__items"> <div class="field__item"><a href="/examples/benefits-claimants" hreflang="en">Benefits claimants</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/232" hreflang="en">Imagem Cartao Ag Senado CC BY 2 tarja.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Our partner organisation InternetLab has been researching the Bolsa Familia Program and its consequences for gender and privacy, here are the first results.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Bolsa Familia is a conditional cash transfer program that currently reaches 13.1 million families or 40.8 million people.</li> <li>InternetLab is conducting research to understand how the data processing may be affecting the populations that are benefitting from the programme.</li> <li>Advances in technology and the increased data processing capabilities allow for more constant collection, validation, and sharing of information among government bodies. The accounts from their interviewees also point to an expectation of efficiency increase.</li> <li>With the future coming into force of the Brazilian General Data Protection Act, the excessive data collection; the opacity of systems and infrastructure; the lack of openness, inclusiveness, and transparency in the decision-making process; flawed accountability mechanisms and security all need to be addressed urgently.</li> </ul></div> </div> Wed, 13 May 2020 10:01:59 +0000 staff 3758 at http://www.privacyinternational.org UK government Covid tracking app: what we found http://www.privacyinternational.org/long-read/3752/coronavirus-tracking-uk-what-we-know-so-far <span class="field field--name-title field--type-string field--label-hidden">UK government Covid tracking app: what we found</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Thursday, May 7, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>This week saw the release of a coronavirus tracking app within the United Kingdom, initially to be trialled in the Isle of Wight. Privacy International has been following this closely, along with other ‘track and trace’ apps like those seen in over <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19?tid%5B%5D=895&amp;field_location_region_locale_target_id=&amp;sort_by=field_date_value&amp;sort_order=DESC">30 other countries</a>.</p> <p>The UK’s app is no different. It is a small part of a public health response to this pandemic. As with all the other apps, it is vital that it be integrated with a comprehensive healthcare response, prioritise people, and minimise data. It must empower people so that they know that their data and their devices are secure, and any new functionality must be destroyed at the end of this global pandemic. Our broader look at apps being used to fight COVID19 is available <a href="https://privacyinternational.org/long-read/3675/theres-app-coronavirus-apps">here</a>.</p> <p>PI was fortunate enough to be given early access to the UK NHS COVID19 tracker (Also know as CoLocate or Solar) as it entered its trial period. PI is investigating both the Android and iOS implementations of the app. Although we plan to do a deeper technical investigation soon, here is what we know so far, along with our concerns in the wider security and privacy contexts.</p> <h3 id="What-we-know">What we know</h3> <p>We appreciate that this app’s development cycle has been accelerated, and that the current form of the app at time of writing may only be the most minimum of viable products, however it is already being touted by politicians and press in the UK as something that will assist in the easing of current lockdown conditions.</p> <p>To date, PI has only looked at the app functionally, its associated documentation, and run it through our own internal Exodus Privacy instance. Exodus Privacy does basic “static analysis” (programmatically looking at the code for trackers and permissions) on Android installer packages. We will cover this in three parts, what we can learn from the Apple App Store and Google Play Store documentation, what we can learn from the permissions the app requests, and finally how those permissions interact with the functionality.</p> <h4 id="App-Store-Metadata">App Store Metadata</h4> <p>Both the Apple App Store and Google Play Store link to a Privacy Policy on the <a href="https://covid19.nhs.uk">https://covid19.nhs.uk</a> website, which is separate from the main NHS privacy statement. The iOS version also includes a link to the software license, which in this case is an <a href="https://opensource.org/licenses/MIT">open-source MIT License</a>. While we would commend the NHS for distributing this software under such a permissive license (as it makes the legal barriers of doing deeper security and privacy research using techniques such as decompilation considerably less onerous), the use of such a permissive license poses a number of issues, this includes allowing individuals to sell the NHS COVID tracking app if they so wish.</p> <blockquote> <p>…without restriction, including <strong>without limitation</strong> the rights to use, copy, modify, merge, publish, distribute, sublicense, <strong>and/or sell copies</strong> of the Software,</p> </blockquote> <p> </p> <p>We have concerns that this could lead to copycat apps being spread that trick users into installing them, these would erode users’ trust and could compromise users’ devices if these apps have malicious behaviours, a <a href="https://privacyinternational.org/news-analysis/3330/senior-google-engineer-reveals-privacy-bombshell-androids-preinstalled-apps">topic which PI has previously highlighted concerns around</a>.</p></div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-05/mitlices.jpg?itok=K5XhlEwh 1x" media="(min-width: 1520px)" type="image/jpeg"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/mitlices.jpg?itok=qgEkFA3I 1x" media="(min-width: 0px)" type="image/jpeg"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/mitlices.jpg?itok=qgEkFA3I" alt="MIT Licence" typeof="foaf:Image" /> </picture> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">The MIT Licence as it appears in the iOS app store</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>Lastly, in relation to licensing, the software is provided without any warranty; “As-is”. This would appear peculiar for an app being targeted directly at a public health initiative by a government, although the NHS may be giving other guarantees elsewhere.</p> <h4 id="Permissions">Permissions</h4> <p>Having downloaded the app, we parsed it through our own version of the Exodus tool, by <a href="https://github.com/Exodus-Privacy/exodus">Exodus Privacy</a>, to examine its permissions and trackers (a topic we have covered many times <a href="https://privacyinternational.org/appdata">here</a>, <a href="https://privacyinternational.org/long-read/3196/no-bodys-business-mine-how-menstruations-apps-are-sharing-your-data">here</a> and <a href="https://privacyinternational.org/long-read/3194/privacy-international-investigation-your-mental-health-sale">here</a>).</p> <p>The permissions detected by Exodus can be seen below:</p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-05/upload_dc47bf4d75aa62fb44e4bc3df5c5e12e.png?itok=lCd5XPs8 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/upload_dc47bf4d75aa62fb44e4bc3df5c5e12e.png?itok=gFIZkfYs 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/upload_dc47bf4d75aa62fb44e4bc3df5c5e12e.png?itok=gFIZkfYs" alt="permission" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>Most of these permissions aren’t surprising, or indeed particularly harmful in a conventional sense, although they do directly contradict assertions made by UK Government Ministers. For instance, the WAKE_LOCK permission will (as Exodus summarises) stop the phone from “going to sleep”, a crucial mode for saving battery capacity. That the app prevents sleeping will cause, by design, accelerated battery drain. Most of the remaining permissions are either related to maximising when the app is available or manipulating Bluetooth access.</p> <p>As Exodus highlights, two of the permissions are marked “Dangerous or Special”, meaning they require specific consent to operate properly. These permissions relate to the collection of location data (a byproduct of <a href="https://privacyinternational.org/explainer/3536/bluetooth-tracking-and-covid-19-tech-primer">the ‘Bluetooth Low Energy tracking’</a> the app employs). Although we don’t believe the app to be using location data at this time, this could be changed subsequently and the permission would have already be granted (e.g access to GPS). This would mean additional, very accurate data about the users’ location could be collected without additional consent.</p> <h4 id="Functionality">Functionality</h4> <p>Early tests by us on multiple phones suggest that the app works as described when in the <strong>foreground</strong> of both Apple and Android devices. We have yet to do analysis of what data is being transmitted between devices, what data is being shared with the NHS, or what is sent to the two third-party trackers included with the app (shown below)</p> <p> </p></div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <picture> <!--[if IE 9]><video style="display: none;"><![endif]--> <source srcset="/sites/default/files/flysystem/styles/large/local-default/2020-05/2upload_e99564750e7536cb85d54a9a529f094c.png?itok=Aoa3lEEM 1x" media="(min-width: 1520px)" type="image/png"/> <source srcset="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/2upload_e99564750e7536cb85d54a9a529f094c.png?itok=rvUn3wLF 1x" media="(min-width: 0px)" type="image/png"/> <!--[if IE 9]></video><![endif]--> <img src="/sites/default/files/flysystem/styles/middle_column_small/local-default/2020-05/2upload_e99564750e7536cb85d54a9a529f094c.png?itok=rvUn3wLF" alt="trackers" typeof="foaf:Image" /> </picture> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>Until we do further analysis we won’t be sure around what data if any these trackers are collecting and with whom those data is being shared with. Within the app’s workflow there is no method to opt-in (or opt-out) to analytics or third party tracking – this means if any personal data such as unique identifiers (e.g. your phone’s Google Advertising ID) are being sent to third parties without consent for non-healthcare-related purposes, this could be a breach of the General Data Protection Regulation (GDPR).</p> <p>We note (along with <a href="https://www.bbc.co.uk/news/technology-52551273">other commentators</a>) that the Apple version of the app uses surprisingly little energy (battery) as it runs. This suggests that the app may not, in fact, be functioning correctly – we suspect it isn’t actually sending Bluetooth beacons, in line with Apple’s developer documentation that background Bluetooth scanning is prohibited. We are hoping to test this further soon.</p> <p>The app installed successfully on only two of five Android devices we had available, even though we were assured that the app would work on Android 6+ devices:</p> <h5 id="Android-App-is-working-on-these-devices">Android: App is working on these devices</h5> <ul><li>Google Pixel (1) - Stock Android 10</li> <li>LGE/Google Nexus 5 - CM/Lineage Android 8.1</li> </ul><h5 id="Android-App-failed-to-work-on-these-devices">Android: App failed to work on these devices</h5> <ul><li>ASUS/Google Nexus 7 (2013) - Stock Android 6.0.1</li> <li>LGE/Google Nexus 5 - Stock Android 7.1</li> <li>Amazon Fire HD 8 - Incompatible Android/No Google Play Store</li> </ul><h5 id="iPhone-the-app-worked-on-both-devices">iPhone the app worked on both devices:</h5> <ul><li>iPhone 7</li> <li>iPhone SE (2020)</li> </ul><h3 id="Who-are-these-apps-for">Who are these apps for?</h3> <p>Privacy International has been working for the past year on the question of whether those with the cheapest phones are being excluded from society or being otherwise exploited. The cursory testing we have completed of this latest app seems to suggest that only those with modern smartphones will be eligible to run it. This means it is likely to exclude those who can only afford cheaper phones, and most likely people on lower incomes. It is of note that those who are on the lowest incomes are disproportionately likely to be key/essential workers and the elderly, who are at most risk/exposure.</p> <p>The fact that the app must be in the foreground to be effective makes its usefulness highly questionable. Many workers who are putting themselves at risk, and are also a likely conduit for the spreading of the virus, will be unable to have the app open while working. For example Uber drivers, Deliveroo and Amazon deliverers all use those companies apps when completing tasks. Even the NHS’ own responders using the GoodSAM app may have difficulty using the NHS COVID19 while completing their duties. This makes the app’s data collection spurious. This is before entering into the debate that the app uses self-reporting rather than medical testing to assess if an individual has coronavirus.</p> <p>Although we commend the NHS for attempting to innovate in the climate of an unprecedented public health crisis, it would appear that governmental pressure has stifled these apps’ ability to be of realistic help to the public. In its current state, its hard to quantify if it offers any benefit to the public. In a time when people are looking for care and clarity, this app provides only capricious uncertainty.</p></div> </div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/health-data" hreflang="en">Health Data</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/safeguarding-peoples-dignity" hreflang="en">Safeguarding Peoples&#039; Dignity</a></div> <div class="field__item"><a href="/taxonomy/term/776" hreflang="en">Realise Our Rights to Live with Dignity</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/campaigns/fighting-global-covid-19-power-grab" hreflang="en">Fighting the Global Covid-19 Power-Grab</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/836" hreflang="en">Technologies, laws, and policies contain modern safeguards to protect people from exploitation.</a></div> <div class="field__item"><a href="/taxonomy/term/838" hreflang="en">People and communities can protect their data and rights, resist and object to exploitation by governments and industry.</a></div> <div class="field__item"><a href="/taxonomy/term/481" hreflang="en">People must know what data is generated and processed</a></div> <div class="field__item"><a href="/taxonomy/term/486" hreflang="en">Control over intelligence</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/reveal" hreflang="en">We uncover and expose</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/732" hreflang="en">News and Analysis</a></div> <div class="field__item"><a href="/taxonomy/term/734" hreflang="en">Reports</a></div> <div class="field__item"><a href="/taxonomy/term/738" hreflang="en">Tech</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/217" hreflang="en">47028496254_21a33b62df_c.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>As the UK is about to launch its app to trace potential Coronavirus patients; as it launches its 'pilot' we look at its technical functionalities.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Our analysis of the NHSX app reveals that there is no mechanism to opt-in or opt-out of third-party trackers which are included with the app</li> <li>It seems that the app would only work when it is operating on the foreground, particularly on iOS devices, making its efficacy questionable</li> <li>The app is incompatible with a range of older Android devices, potentially putting the most vulnerable, such as the elderly or those on low incomes, at risk</li> </ul></div> </div> <div class="field field--name-field-glossary field--type-entity-reference field--label-above"> <div class="field__label">Glossary</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/901" hreflang="en">Bluetooth</a></div> </div> </div> Thu, 07 May 2020 10:16:13 +0000 staff 3752 at http://www.privacyinternational.org (Sort of) Trust but Verify: Palantir Responds to Questions about its work with NHS http://www.privacyinternational.org/long-read/3751/sort-trust-verify-palantir-responds-questions-about-its-work-nhs <span class="field field--name-title field--type-string field--label-hidden">(Sort of) Trust but Verify: Palantir Responds to Questions about its work with NHS</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Wednesday, May 6, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>On 12 April 2020, citing confidential documents, the <a href="https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response">Guardian reported</a> Palantir would be involved in a Covid-19 data project which &quot;includes large volumes of data pertaining to individuals, including protected health information, Covid-19 test results, the contents of people’s calls to the NHS health advice line 111 and clinical information about those in intensive care&quot;.</p> <p>It cited a Whitehall source &quot;alarmed at the “unprecedented” amounts of confidential health information being swept up in the project, which they said was progressing at alarming speed and with insufficient regard for privacy, ethics or data protection&quot;.</p> <p>As a result, Privacy International, Big Brother Watch, medConfidential, Foxglove, and Open Rights Group <a href="(https://privacyinternational.org/press-release/3732/press-release-10-questions-palantir-privacy-organisations)">sent</a> Palantir 10 questions about their work on the project to seek clarification and assurances.</p> <p>Their response, attached below in full, offers some assurances but fails to clarify the extent of the project and what protections exist.</p> <p>Given that Palantir is unable to release further information, it is now up to the Health Secretary to release any impact assessment and agreements in place to enable public trust and verification.</p> <p><strong>The NHS Covid-19 datastore</strong></p> <p>Palantir’s role in the project involves integrating NHS datasets with the US company’s data-management platform, Foundry.</p> <p>Palantir <a href="https://www.palantir.com/palantir-foundry/">claim</a> that Foundry is a software that allows users &quot;source, connect, and transform data into any shape they desire, then use it to take action&quot;.</p> <p>As Palantir put it in a recent <a href="https://medium.com/palantir/data-protection-in-palantir-foundry-5ab9f346195">blog</a>, Foundry helps &quot;organizations map, understand, and operationalize their data, so they can use that data to make informed, timely decisions&quot; to deal with the pandemic.</p> <p>Our <a href="https://privacyinternational.org/press-release/3732/press-release-10-questions-palantir-privacy-organisations">questions</a> related to their access to this highly sensitive data set, and what protections there are in place against misuse.</p> <p>Here's our key takeaways from their response (full response attached below):</p> <p><strong>First</strong>, Palantir notes that their role in this exercise is that of a data processor and that the company &quot;serves as a technical agent to its customers, providing software and services to enable and support them in analysing the data they control&quot;.</p> <p>This means that, under data protection laws, Palantir merely processes the data under the direction and guidance of the data controller, in this case the NHS, which would be the one maintaining control over the data and deciding how it should be processed.</p> <p>In their response, Palantir do not rule out the possibility that they might still obtain access to confidential NHS patient data:</p> <blockquote> <p>any access to customer data under any circumstances would be strictly at the direction of customers, in support of legitimate purposes, and in adherence with all applicable rules and regulations.</p> </blockquote> <p>However, they do not clarify whether the company would obtain access to any sensitive health data held by the NHS such as patient records. Instead, they direct us to the NHS to answer this question.</p> <p><strong>Second</strong>, while the <a href="https://data.england.nhs.uk/covid-19/">NHS Covid-19 datastore website</a> mentions that 111 and 999 call data is aggregate, <a href="https://www.theguardian.com/world/2020/apr/12/uk-government-using-confidential-patient-data-in-coronavirus-response">the Guardian reports</a> that:</p> <blockquote> <p>While anonymised, confidential 111 call information in the Covid-19 datastore may include people’s gender, postcode, symptoms, the mechanism through which any prescription was dispatched to them, and the precise time they ended the call.</p> </blockquote> <blockquote> <p>The project appears to be using a “pseudo NHS number” to cross-match large datasets, including a master patient index, an existing NHS resource that uses “social marketing data” to segment the British population into different “types” at household level.</p> </blockquote> <p>Even if anonymised or pseudo-anonymous datasets were among the ones used to facilitate the NHS datastore, both Palantir and the UK government need to be very clear about the anonymisation or pseudo-anonymisation techniques they are using.</p> <p>There is a fine line between pseudo-anonymous and anonymised data. The first can still render an individual identifiable. For example, journalists from the German public broadcaster NDR were able to identify the <a href="https://www.theregister.co.uk/2016/11/07/browsers_ban_web_of_trust_addon_after_biz_is_caught_selling_its_users_browsing_histories">sexual preference and medical history of judges and politicians</a>, using online identifiers. This is just one example, that serves to illustrate the insights that can be gleaned from seemingly mundane and pseudonymous data and the value it might have.</p> <p>Even if it is not a company’s intention to directly identify an individual, this is still possible, due to the vast amount of data it might collect and generate. And, even when data appears to be truly anonymised by companies, and consequently exempt from the protection guaranteed by the General Data Protection Regulation, for example, this anonymisation might still lead to the re-identification of individuals.</p> <p>In 2015, researchers at Harvard University found vulnerabilities in the anonymisation procedures used for health care data in South Korea that enabled them to <a href="https://techscience.org/a/2015092901/">de-anonymise patients with a 100% success rate and to decrypt the Resident Registration Numbers</a>. The unique 13-digit codes enabled full re-identification. In the UK, medical information that is held on the NHS Personal Demographics Service (PDS) is identified by the patient's ten-digit NHS number.</p> <p>In the UK, Cambridge University security engineer Ross Anderson noted that the problem is that 800,000 NHS employees need access to the PDS; Hampshire GP Neil Bhatia agreed that the large number of users means that <a href="https://www.theregister.co.uk/2015/10/02/s_korean_anonymised_health_data_sharing_a_breach_in_waiting">access can't be audited or controlled and relies on trust</a>.</p> <p>Similarly, in <a href="https://www.nature.com/articles/s41467-019-10933-3">a more recent study published in Nature</a>, researchers were able to demonstrate that, despite the anonymisation techniques applied, “data can often be reverse engineered using machine learning to re-identify individuals.”</p> <p><strong>Third</strong>, with regards to our question whether Palantir has similar collaborations with health services in other countries, and, if so, what these countries are, Palantir said they &quot;are supporting a range of public and private sector organisations in their response to the Covid-19 crisis&quot;. They direct us to their <a href="https://www.palantir.com/covid19/">website</a>, which does not however provide any specific information about similar projects in other countries. At the same time, Palantir keep emphasising that it is their customers, whose directions they are acting under, &quot;in support of legitimate purposes, and in adherence with all applicable rules and regulations&quot;.</p> <p>Bloomberg <a href="https://www.bloomberg.com/news/articles/2020-04-02/coronavirus-news-palantir-gives-away-data-mining-tools">reports</a> that &quot;a dozen governments joined the U.S. and U.K. in adopting Palantir software for their fights against the deadly virus&quot;.</p> <p>It is important to note that while the NHS/UK has a data protection framework, not all countries do. In the end, even if it is not Palantir's decision what data to put into the system, it still bears a responsibility to ensure that its software won't be used as a tool to legitimise mass surveillance for &quot;legitimate purposes&quot;. If not, do they want to be an accomplice in a totalitarian nightmare?</p> <p>Not being able to disclose similar collaborations in other countries raises transparency concerns, especially in light of recent reports that Palantir in fact does have <a href="https://www.forbes.com/sites/thomasbrewster/2020/04/11/palantir-the-peter-thiel-backed-20-billion-big-data-cruncher-scores-17-million-coronavirus-emergency-relief-deal/#30cf01f15ed1">those</a> and are negotiating <a href="https://www.bloomberg.com/news/articles/2020-04-01/palantir-in-talks-with-germany-france-for-virus-fighting-tool">more</a>.</p> <p>Passing the buck to the NHS is not the answer. And, as PI revealed in December 2019 regarding similar <a href="https://privacyinternational.org/node/3298">deals between the UK Department of Health and Amazon</a>, such kind of deals might eventually put both the NHS and people in the UK at data exploitation risks.</p> <p>Palantir's welcome assurances must be verified via the company and the government once the pandemic is over. This is the only way we can achieve proper oversight, ensure respect for sensitive patient data and strongly reject any actor that seeks to turn a public health crisis into an <a href="https://privacyinternational.org/campaigns/fighting-global-covid-19-power-grab">opportunistic power grab</a>. In the meantime, we will keep <a href="https://privacyinternational.org/examples/tracking-global-response-covid-19">watching</a> them closely.</p> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/what-governments-do" hreflang="en">What Governments Do</a></div> <div class="field__item"><a href="/learn/policing-and-technology" hreflang="en">Policing and Technology</a></div> <div class="field__item"><a href="/learn/artificial-intelligence" hreflang="en">Artificial Intelligence</a></div> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/health-data" hreflang="en">Health Data</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/challenging-corporate-data-exploitation" hreflang="en">Challenging Corporate Data Exploitation</a></div> <div class="field__item"><a href="/strategic-areas/contesting-government-data-and-system-exploitation" hreflang="en">Contesting Government Data and System Exploitation</a></div> </div> </div> <div class="field field--name-field-attachments field--type-file field--label-inline"> <div class="field__label">Attachments</div> <div class="field__items"> <div class="field__item"> <span class="file file--mime-application-pdf file--application-pdf"> <a href="http://www.privacyinternational.org/sites/default/files/2020-05/Response%20to%20Privacy%20International%20Open%20Letter%20dated%2029%20April%202020.pdf" type="application/pdf; length=195843">Response to Privacy International Open Letter dated 29 April 2020.pdf</a></span> </div> </div> </div> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">Target Profile</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/581" hreflang="en">Palantir</a></div> <div class="field__item"><a href="/taxonomy/term/742" hreflang="en">Government</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/628" hreflang="en">Feeding our followers</a></div> <div class="field__item"><a href="/taxonomy/term/632" hreflang="en">Influence key stakeholders</a></div> <div class="field__item"><a href="/taxonomy/term/627" hreflang="en">Informing the concerned</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/reveal" hreflang="en">We uncover and expose</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/215" hreflang="en">max-bender-qUsHZwZHlgU-unsplash.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Palantir, the US data giant which works with intelligence and immigration enforcement agencies, has responded to our questions about its work on a highly sensitive National Health Service (NHS) project, providing some assurances, passing the buck to the NHS, and raising additional questions.</p> </div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>In April 2020, it was reported that Palantir, the US-based data-mining company, would be involved in a Covid-19 data project with the UK National Health Service (NHS).</li> <li>As a result, Privacy International, Big Brother Watch, medConfidential, Foxglove, and Open Rights Group sent Palantir 10 questions about their work on the project to seek clarification and assurances.</li> <li>Their response offers some assurances but fails to clarify the extent of the project and what protections exist.</li> <li>We will continue to monitor the situation closely and make sure that both Palantir and the UK government are held to account.</li> </ul></div> </div> Wed, 06 May 2020 10:03:17 +0000 staff 3751 at http://www.privacyinternational.org The Coronavirus downturn: social protection under threat http://www.privacyinternational.org/long-read/3749/coronavirus-downturn-social-protection-under-threat <span class="field field--name-title field--type-string field--label-hidden">The Coronavirus downturn: social protection under threat</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Monday, May 4, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Coronavirus-related lockdown measures have impacted almost <a href="https://www.ilo.org/wcmsp5/groups/public/@dgreports/@dcomm/documents/briefingnote/wcms_740877.pdf">2.7 billion workers</a>, with some countries seeing <a href="https://www.theguardian.com/business/2020/mar/26/us-unemployment-rate-coronavirus-business">unprecedented levels</a> of applications for welfare benefits support. </p> <p>In response, emergency relief legislation for welfare recipients has been fast-tracked worldwide, from the UK to Brazil. These measures, combined with the growing awareness of Covid-19's differentiated impact along the fault lines of class, race, gender and legal status, rightly seek to address the needs of those most vulnerable. However, these measures often come at a costly price that is easily overlooked, and eventually forgotten. As the UN Special Rapporteur on extreme poverty recently put it, these support packages have left the most vulnerable <a href="https://www.ohchr.org/SP/NewsEvents/Pages/DisplayNews.aspx?NewsID=25815&amp;LangID=E">"short-changed or excluded"</a>.</p> <h3>Finding the beneficiaries: a "databased" solution</h3> <p>The current welfare solutions aimed at supporting those most afflicted by coronavirus attempt to capture a novel group of beneficiaries. While the eligibility criteria may vary from one jurisdiction to another the targeted beneficiaries are commonly those in a situation of poverty and/or vulnerability exacerbated by Covid-19. Surprisingly, in some countries, like Colombia, there is no need for purported beneficiaries to sign up or apply - governments believe they can accurately determine who needs extra support from the data they already have.  </p> <p>On 4 and 5 April 2020, Colombia passed legislation creating a monetary supplement, the Solidary Income (Ingreso Solidario) in response to Covid-19. As was made clear by the accompanying regulations, the Department for Planning - the government ministry responsible for benefits - would select the beneficiaries <a href="https://ingresosolidario.dnp.gov.co/documentos/DECRETO_518_DEL_4_DE_ABRIL_DE_2020.pdf">based on the SISBEN, Colombia's welfare classification system</a>.</p> <p>Since 1994, all candidates to welfare benefits in Colombia are ranked from 0-100 through SISBEN's algorithm. Their entitlement to benefits will ultimately depend on the score they obtain, with higher scores resulting in inegibility. The SISBEN algorithm and data processing methods are classified, <a href="https://web.karisma.org.co/experimentar-con-los-datos-de-personas-en-situacion-de-pobreza-una-mala-practica-para-lograr-la-justicia-social-en-colombia/">resulting in a welfare black-box</a>. The Solidary Income, like every other benefit in Colombia, relies on SISBEN's scoring. With SISBEN's data as a starting point, the Department for Planning resorts to data-matching with other government databases, including the Departments of Revenue and Health. The selected beneficiaries are subsequently notified via text, and receive the benefit directly to their bank accounts.</p> <p>Despite the wealth of data held by Department for Planning, it lacked the means to communicate with the Solidary Income beneficiaries: crucially, SISBEN did not house contact number data. To allow for the beneficiaries to be informed via text, a government department decided to lift the prohibition on telecommunications companies to disclose communications data. After a backlash by civil society organisations outlining the risks of <a href="https://flip.org.co/index.php/es/informacion/pronunciamientos/item/2486-organizaciones-de-la-sociedad-civil-rechazan-circular-de-la-sic-sobre-uso-de-datos-personales-para-controlar-la-pandemia">enabling the government to access communications data</a>, the prohibition was reinstated. Instead of being told of their eligibility by the government, beneficiaries are told by their banks, and the funds are deposited in their bank accounts. As a result of the individual being completely excluded from the eligibility determination process, it is impossible for anyone to know whether they were in theory entitled to the benefit, but simply failed to receive it due to a government or bank mistake. There are reports of individuals being <a href="https://twitter.com/JuanDiego/status/1247887391752257537">mistakenly awarded</a> the Solidary Income. The reverse could also be true. </p> <p>The Colombian example reflects the limitations of the current use of automation for welfare delivery. In the absence of information relating to the SISBEN algorithm, it is difficult to know whether all intended recipients are being reached. Given that the criteria for entitlement to the Solidary Income aren't public, non-receipt of the benefit cannot be challenged. The Solidary Income can be as punitive as it is exclusionary. The Solidary Income legislation <a href="https://ingresosolidario.dnp.gov.co/documentos/DECRETO_518_DEL_4_DE_ABRIL_DE_2020.pdf">imposes penalties</a> on those having mistakenly received the benefit and failed to report it, despite the fact that mistaken recipients could not have done anything to receive - or indeed avoid receiving - the benefit. </p> <h3>Exchanging privacy for survival? </h3> <p>Brazil has launched an Emergency Support (Auxilio Emergencial) benefit aimed at informal workers, small business owners and the unemployed. Some of those eligible need not take action to receive the benefit; others need to register. </p> <p>Anyone meeting the conditions set out by the Brazilian government <a href="https://auxilio.caixa.gov.br">may register</a> to indicate their eligibility. In order to submit the application form, however, they must authorise the government to access their personal data to verify that they qualify. This seemingly innocent request takes a turn for the intrusive when, on the next page, the applicant is asked for his unique taxpayer number, date of birth, and mother's name. </p> <p>Crucially, the platform has no privacy policy - and Brazil's Data Protection Law is not yet in force. Those seeking to obtain Emergency Support cannot know for what other purposes their data will be used, who it will be shared with, and where and for how long it will be stored. On 28 April, the entry into force of key sections of the Brazil's Data Protection Law - including those outlining data rights - was <a href="https://http://www.in.gov.br/en/web/dou/-/medida-provisoria-n-959-de-29-de-abril-de-2020-254499639">postponed</a>. It is notable that the interim legislation postponing the Data Protection Law also addressed practical, non-privacy related provisions regarding the Emergency Support. </p> <p>Individuals will struggle to exercise their data rights even after the Data Protection Law comes into force. After a series of vetoes to specific articles in the Data Protection Law - a power held by the Brazilian President - Bolsonaro significantly eroded the legislation's potential. As a result of these vetoes, Emergency Support recipients submitting data subject access requests to learn of the fate of their data may have their information disclosed to other public and private entities, <a href="https://artigo19.org/blog/2019/07/10/entre-vetos-preocupantes-presidencia-tenta-derrubar-protecao-de-dados-pessoais-de-requerentes-de-informacao-publica/">potentially resulting in unforeseen reprisals or black-listing</a> by other agencies. Unsuccessful applicants are likely to face higher hurdles: if the selection process for Emergency Support is automated, under the Data Protection Law, they will have <a href="https://medium.com/@cdr_br/coaliz%C3%A3o-direitos-na-rede-repudia-os-9-vetos-de-bolsonaro-%C3%A0-lei-que-cria-a-autoridade-nacional-de-ee536f6baeb">no right to challenge the decision</a>.</p> <h3>The long-term impact</h3> <p>Even where Covid-19 inspired benefits systems can be presumed effective, history tells us that they are likely to be short-lived. </p> <p>Nowhere was this made clearer than during aftermath of the 2008 Great Recession. A study looking at changes in welfare policies across the EU after the 2008 crisis revealed that, despite initial measures to protect citizens and workers from the effects of the crisis, structural reforms aimed at reducing public spending <a href="https://www.intereconomics.eu/contents/year/2012/number/4/article/the-welfare-state-after-the-great-recession.html">undermined social protection</a>. The US responded to the crisis by relaxing eligibility requirements and increasing available funding, until in 2011 the Budget Control Act <a href="https://https://onlinelibrary.wiley.com/doi/full/10.1111/psj.12318">applied public spending cuts</a>.</p> <p>In a world with shrinking public budgets, pressure to optimise the use of taxpayer's money is high. The use of technology - or automation - in the allocation of public funds is one solution which governments turn to in order to ensure that resources are efficiently used. Automation has the potential for good where efficiency is defined as the allocation of resources to those who need them. However, as automation in welfare benefits has often shown, the modern meaning of efficiency does not equate with securing the wellbeing of the many, but <a href="https://privacyinternational.org/news-analysis/3112/stage-1-applying-social-benefits-facing-exclusion">cracking down on the perceived criminality of the few</a>.</p> <p>The post-Covid-19 cycle of welfare restrictions has been already foreshadowed in the US, with the president of the American Enterprise Institute stating that <a href="https://www.nytimes.com/2020/03/31/us/politics/coronavirus-us-benefits.html">any fundamental change to the US benefit system in the wake of Covid-19 would be a mistake</a>, potentially creating “an entitlement system that in good times leads to people passing up the opportunity to work”.  That statement is illustrative of the regrettably <a href="https://privacyinternational.org/news-analysis/3112/stage-1-applying-social-benefits-facing-exclusion">persistent narrative</a> that some people are poor as a result of their personal failings, and not the intersection of structural, broader forms of marginalisation. </p> <p>Welfare benefits cuts are not, however, an inescapable consequence of the pandemic: the Covid-19 crisis has the potential for being a catalyst for positive change. Spain recently announced plans to roll out <a href="https://www.bloomberg.com/amp/news/articles/2020-04-05/spanish-government-aims-to-roll-out-basic-income-soon">universal basic income</a> on a permanent basis, with economists <a href="https://elpais.com/elpais/2020/03/30/opinion/1585560122_606773.html">debunking</a> the long-standing myth that universal basic income is simply unaffordable. Similarly, temporary fixes may pave the way for the overhaul of intrusive and outdated welfare systems. The Irish government has temporarily suspended the requirement for welfare applicants to obtain and present the <a href="https://www.iccl.ie/privacy/public-services-card/">long-decried</a> Public Services Card (PSC) in order to access an unemployment benefit, revealing the PSC to be <a href="https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25811&amp;LangID=E">an unduly burdensome and ultimately unnecessary</a> requirement. </p> <p>It is possible for short-term welfare measures to comprehensively address the needs of those most vulnerable while also protecting their rights. To do so, welfare systems must ensure that the following conditions are met: </p> <ul><li>Eligibility criteria are fair, transparent and lawful, and should not be solely managed through automated systems</li> <li>Individuals are informed, in the clearest possible terms, about how their data will be used before they are asked to submit any personal information, if it will be subject to any automated activities, how long it will be stored for, as well as provided information about any third-parties with whom their data will be shared and for what purpose </li> <li>Application forms and platforms only require the applicant to enter information which is <a href="https://privacyinternational.org/news-analysis/3112/stage-1-applying-social-benefits-facing-exclusion">strictly necessary</a> to assess their entitlement to the relevant benefit</li> <li>The databases where personal data is stored are secure and protected from unauthorised access, destruction, use or disclosure</li> <li>Any data-matching and/or data-sharing mechanisms used are prescribed by law, and use of personal data for these purposes is strictly forbidden where it was not consented to by the individual</li> <li>Where systems and/or databases are integrated as part of the entitlement determination process, applicants are told what specific databases are involved, and which entity is responsible for the integration </li> <li>Where automated scoring systems are used, applicants must be told of the variables that will be used to determine their entitlement, and they should have the opportunity to ensure the data sets/points used to come to a decision are accurate</li> <li>Any decision to deny benefits is subject to review and/or appeal, and the appropriate process is clearly explained to the applicant including relevant deadlines</li> </ul></div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/poverty" hreflang="en">Poverty</a></div> <div class="field__item"><a href="/learn/economic-social-and-cultural-rights" hreflang="en">Economic, social and cultural rights</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/675" hreflang="en">When Big Brother Pays Your Benefits</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/630" hreflang="en">Helping experts with our analyses</a></div> <div class="field__item"><a href="/taxonomy/term/631" hreflang="en">Helping partners and other NGOs know our stance</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/729" hreflang="en">We campaign publicly for solutions</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/210" hreflang="en">joseph-chan-hsQhsVb6l1U-unsplash-2.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Governments around the globe are adopting emergency welfare measures in the form of Covid-19 benefits. However, these short-term solutions often fall short of basic human rights safeguards, foreshadowing a concerning future for benefits claimants.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Emergency welfare responses to the Covid-19 crisis have seen governments increasingly relying on automated eligibility processes and forsaking privacy considerations </li> <li>In the long-term, the financial impact of Covid-19 is likely to result in further tightening of the public purse, leading governments to become more reliant on automated processes for welfare determination </li> <li>In order to ensure welfare benefits systems comprehensively respond to the needs of those most vulnerable while respecting individuals' human rights, they must meet minimum conditions</li> </ul></div> </div> Mon, 04 May 2020 16:34:41 +0000 staff 3749 at http://www.privacyinternational.org Asylum-seekers and Coronavirus in the UK: risking life for status http://www.privacyinternational.org/long-read/3748/asylum-seekers-and-coronavirus-uk-risking-life-status <span class="field field--name-title field--type-string field--label-hidden">Asylum-seekers and Coronavirus in the UK: risking life for status </span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Monday, May 4, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Today, migrant communities in the UK already face multiple well-documented obstacles in accessing healthcare, not least because of charges to access the National Health Service (NHS), as it is the case for non-EU migrants, and <a href="https://privacyinternational.org/advocacy/3490/covid-19-doesnt-discriminate-based-immigration-status-nor-should-home-office">legitimate fears of data-sharing</a> between the NHS and the Home Office. </p> <p>In the current pandemic, in addition to these concerns, asylum-seekers face an impossible choice: risk exposure to coronavirus, or be unable to apply for asylum. </p> <p>Individuals seeking to claim asylum after entering the UK are required to attend an asylum screening interview at an Asylum Intake Unit to register their claim as the first crucial step in the process. This process entails broad questioning, as well their biometrics (fingerprints and photographs) being captured as part of the Home Office's security checks. If at the screening it is found that an individual is entitled to apply to asylum in the UK, a substantive interview to assess the merits of her application is then scheduled. In response to the Covid-19 crisis, the Home Office has <a href="https://righttoremain.org.uk/changes-to-the-asylum-process-due-to-covid-19/">either paused face-to-face substantive interviews or chosen to carry them out remotely</a> until further notice. However, the requirement for asylum-seekers to attend screening interviews - a pre-condition to get to the substantive interview stage - in person is yet to be relaxed. </p> <p>This means that asylum-seekers wishing to trigger the asylum process cannot do so without risking exposure to Coronavirus. Importantly, failure to attend a screening interview prevents asylum-seekers from being considered <a href="https://righttoremain.org.uk/asylum-support/">for emergency asylum support</a>. For some asylum-seekers, the stark choice is not between coronavirus and delay in obtaining status - it is between coronavirus and destitution.</p> <p>Subordinating asylum-seekers' health to the Home Office's compulsive need to carry out security checks is yet another symptom of the hostile environment. Forcing asylum seekers into a legal limbo by effectively preventing them to file their claim means they are forced into destitution and, due to fears of data-sharing or charging, may not seek healthcare if they need it. The Home Office should ensure that asylum-seekers have the option to trigger the asylum process remotely and pursue their applications without being required to fulfil biometric security checks for so long as the pandemic remains a threat to public health. </p> <h3>Background</h3> <p>The asylum-seeking process in the United Kingdom - and Europe generally - is a data-intensive process reliant on <a href="https://privacyinternational.org/learn/biometrics">biometrics</a>. In 2013, <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32013R0603&amp;from=EN">EU legislation</a> was enacted requiring states to collect fingerprint data from asylum-seekers no later than 72 hours after their application was filed. This fingerprint data would subsequently be uploaded into a central fingerprint database for asylum-seekers accessible to member states: <a href="https://privacyinternational.org/blog/1424/eurodac-debate-do-asylum-seekers-deserve-human-rights">Eurodac</a>. To this day, Eurodac enables border authorities to run an asylum-seeker's fingerprint through the system, and determine the EU member state responsible for processing that asylum-seeker's application. A Eurodac hit enables authorities to lawfully deport the asylum-seeker to the country where his fingerprints were first taken. </p> <p>By the time the Eurodac legislation came into force, the United Kingdom had been taking fingerprints from asylum-seekers for over 15 years. </p> <h3>People shouldn't have to choose between status and health</h3> <p>Despite <a href="https://www.refugeecouncil.org.uk/latest/news/our-key-policy-calls-to-the-home-office-in-response-to-covid-19/">calls for screening interviews to be minimised or replaced by avenues to remote registration</a>, the Home Office has failed to take action to protect asylum-seekers who now have to balance the risk of exposure to coronavirus against the benefits of filing their asylum claim or, for those facing destitution, choose between exposure and survival. </p> <p>Given the circumstanes in which most people flee their countries, a large number of asylum-seekers are destitute at the time they attempt to apply for asylum. While their application is decided, subject to the fulfilment of a set of requirements, asylum-seekers may be entitled to asylum support in the amount of £37.75 per week. Though a meagre income, this amount is <a href="https://www.theguardian.com/world/2017/aug/21/asylum-seekers-allowance-surviving-charities-counting-pennies">essential for survival</a> - particularly at a time when access to basic goods is limited. Asylum-seekers may also be granted temporary accommodation while their application is processed. In order to access emergency support or emergency accommodation, asylum-seekers must register their asylum claim, i.e. attend the screening interview and provide biometrics. That is hardly a choice. </p> <p>The fact that the UK government, like many others, is facing an unprecendented public health crisis does not mean that the impact of such extraordinatory circumstances on the migration system were unforeseen. Indeed the Eurodac legislation - which remains binding on the UK until exit day from the European Union - allows states to derogate from the 72 hour period to obtain asylum-seekers' fingerprints on account of measures to ensure the protection of public health. </p> <p><strong>It is therefore possible for the Home Office to *lawfully* suspend the collection of biometrics while continuing to process asylum applications, and resume biometrics checks after the health grounds cease to prevail.</strong></p> <p>In the absence of legal obstacles to do so, the Home Office should enable asylum screening interviews to be conducted remotely, so that asylum-seekers wishing to do so may progress their applications without having to risk exposure to coronavirus - and postpone the collection of biometrics to a later stage.</p> <p>Although one may only speculate as to the reason why the UK government has <a href="https://www.independent.co.uk/news/uk/home-news/coronavirus-home-office-asylum-seekers-immigration-london-liverpool-cardiff-leeds-a9480541.html">chosen to risk the health and welfare of asylum-seekers</a>, the neglect of asylum-seekers' welfare is not a novel issue. An inevitable consequence of the hostile environment is for the interests and welfare of asylum-seekers to be subordinated to budgetary considerations. Running an asylum-seekers' fingerprints in the Eurodac database for a match may reveal that that asylum-seeker's application should in fact be processed somewhere else, as the law requires asylum seekers to apply for asylum in their first country of entry into the European Union. The benefit of allocating an asylum application to another member state seemingly overrides, to the eyes of the Home Office, the cost of an asylum-seeker potentially becoming infected with Covid-19.</p> <p>By allowing this state of affairs to persist, the Home Office is at best misguidedly placing emphasis on the collection of biometrics over public health concerns. At worst, it is discriminating against asylum-seekers in the fulfilment of their right to health. </p> <h3>Biometrics are not the panacea - and "mission creep" is around the corner</h3> <p>Data-intensive solutions to manage migration <a href="https://privacyinternational.org/what-we-do/demand-humane-approach-immigration">erode migrants' agency</a> in what is often a dehumanising, undignified and time-consuming process. The EU-wide system under Dublin III requiring asylum applications to be processed in the first EU country of arrival has been found to be <a href="https:///www.hrw.org/news/2016/11/23/eu-policies-put-refugees-risk">inefficient and inhumane</a>. Similarly, research has shown that the removal of asylum-seekers to their first country of arrival pursuant to Dublin III regulations often <a href="https://drc.ngo/media/5015811/mutual-trust.pdf">fails asylum-seekers with special reception needs</a>. </p> <p>In the UK, the collection of biometrics is considered to be consensual and therefore lawful on the basis that asylum-seekers are given a form (IS86) outlining what the fingerprints will be used for, with whom they will be shared and when they will be destroyed. However, the provision of biometrics is hardly voluntary where it is made a necessary pre-condition to access to vital support and the right to remain. Importantly, refusal to provide fingerprints constitutes a valid ground for the police to <a href="https://www.legislation.gov.uk/ukpga/1999/33/section/142">arrest an asylum-seeker without a warrant</a>.</p> <p>Biometric data can easily be subjected to re-purposing: whilst originally it may have been gathered for migration control purposes, it may later be used for law enforcement purposes. This phenomenon is known as "mission creep". In the UK, as part of their screening interview, asylum-seekers aged 16 or over will have her biometric details checked against fingerprints held on a police database, IDENT1. This follows an announcement by the Home Office in 2018 that it would <a href="https://www.publictechnology.net/articles/news/home-office-bring-together-police-and-immigration-biometrics-schemes-ahead-potential">merge IDENT1 with the Immigration and Asylum Biometrics System (IABS)</a> database, yet further evidence of the increased policing of migrants.</p> <p>The merging of protection and law enforcement purposes at the expense of the former is also gaining traction at EU level: a <a href="https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52016PC0272(01)">proposed amendment to Eurodac legislation</a> expands the scope of the fingerprint database to assist with the control of irregular immigration.</p> <p>The Covid-19 crisis should be taken as an opportunity for governments to re-assess over-reliance on data-intensive systems at the expense of society's most vulnerable. In the short-term, however, governments should strive to ensure that they take steps to protect the health of every individual on their territory, regardless of status.</p></div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/what-we-do/demand-humane-approach-immigration" hreflang="en">Demand a Humane Approach to Immigration</a></div> <div class="field__item"><a href="/taxonomy/term/776" hreflang="en">Realise Our Rights to Live with Dignity</a></div> </div> </div> <div class="field field--name-field-target field--type-entity-reference field--label-above"> <div class="field__label">Target Stakeholders</div> <div class="field__items"> <div class="field__item"><a href="/target-stakeholder/government" hreflang="en">Government</a></div> </div> </div> <div class="field field--name-field-type-of-impact field--type-entity-reference field--label-above"> <div class="field__label">Our impact</div> <div class="field__items"> <div class="field__item"><a href="/impact/fighting-identity-systems" hreflang="en">Fighting Identity Systems</a></div> </div> </div> <div class="field field--name-field-campaign-name field--type-entity-reference field--label-above"> <div class="field__label">Our campaign</div> <div class="field__items"> <div class="field__item"><a href="/protecting-migrants-borders-and-beyond" hreflang="en">Protecting migrants at borders and beyond</a></div> </div> </div> <div class="field field--name-field-type-of-abuse field--type-entity-reference field--label-above"> <div class="field__label">Type of abuse</div> <div class="field__items"> <div class="field__item"><a href="/examples/asylum-seekers" hreflang="en">Asylum seekers</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/630" hreflang="en">Helping experts with our analyses</a></div> <div class="field__item"><a href="/taxonomy/term/631" hreflang="en">Helping partners and other NGOs know our stance</a></div> <div class="field__item"><a href="/taxonomy/term/632" hreflang="en">Influence key stakeholders</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/729" hreflang="en">We campaign publicly for solutions</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/736" hreflang="en">Advocacy</a></div> <div class="field__item"><a href="/taxonomy/term/732" hreflang="en">News and Analysis</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/208" hreflang="en">james-yarema-IiWoS6Be4Fs-unsplash.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p><span><span><span><span><span><span><span>The ongoing requirement for asylum-seekers to register their claim for asylum in person reveals the Home Office's misplaced and onerous emphasis on biometrics collection at the expense of asylum-seekers' health</span></span></span></span></span></span></span></p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul><li>Despite the pandemic, asylum-seekers are still required by the Home Office to physically register their application for asylum at selected venues</li> <li>This requirement persists even in the face of legislation allowing for the suspension of biometrics collection in the event of a public health emergency</li> <li>Exposing asylum-seekers to coronavirus can be a death sentence in circumstances where they have real concerns about NHS charging and data-sharing with the Home Office</li> </ul></div> </div> Mon, 04 May 2020 15:45:24 +0000 staff 3748 at http://www.privacyinternational.org Rage Against Data Dominance: A New Hope http://www.privacyinternational.org/long-read/3734/rage-against-data-dominance-new-hope <span class="field field--name-title field--type-string field--label-hidden">Rage Against Data Dominance: A New Hope</span> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span lang="" about="/user/43" typeof="schema:Person" property="schema:name" datatype="">staff</span></span> <span class="field field--name-created field--type-created field--label-hidden">Friday, May 1, 2020</span> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><em>Photo by Cade Roberts on Unsplash</em></p> <p>For those of you who don't spend the most productive part of your day scanning the news for developments about <a href="https://privacyinternational.org/learning-topics/competition-and-data">data and competition</a>, here's what has been going on in the UK since summer 2019.</p> <p>Basically, the UK competition authority started an investigation into online platforms and digital advertising last summer, and issued their preliminary findings in December 2019, concluding that Facebook and Google are very powerful in the search engine and social media market, and suggesting some cool solutions (and also a creepy one).</p> <p>By the way, if you are a legal/policy/antitrust addict(!), you can find a summary and pdf copy of our latest submission to the CMA <a href="https://privacyinternational.org/advocacy/3733/comments-cmas-interim-report-its-online-platforms-and-digital-advertising-market">here</a>.</p> <h2>What is in the findings?</h2> <p>While you grab some popcorn, we can walk you through the initial findings from the UK competition authority and their suggested solutions, so that you can impress your next <a href="https://www.nytimes.com/2020/01/13/technology/grindr-apps-dating-data-tracking.html">hot date</a> with your vast knowledge.</p> <p>Back in July 2019, the Competition and Market's Authority (CMA), which is the authority that responsible for competition in the UK, announced that they will be <a href="https://www.gov.uk/cma-cases/online-platforms-and-digital-advertising-market-study">looking into online platforms and digital advertising</a>.</p> <p>This was not really a surprise. Just a few months earlier, a panel of <a href="https://privacyinternational.org/news-analysis/3736/tech-giants-do-not-face-enough-competition-new-report-says">competition experts had confirmed that tech giants, like Facebook, Amazon, Google, Apple and Microsoft, do not face enough competition</a> (shocking!).</p> <p>Anyways, it is still good news because it means that Facebook and Google are now under the microscope of UK regulators.</p> <p>We have been investigating the interplay between competition and data privacy <a href="https://privacyinternational.org/learning-topics/competition-and-data">for a while now</a>, and we were very happy to welcome the investigation. We also submitted <a href="https://privacyinternational.org/advocacy/3101/response-cmas-online-platforms-and-digital-advertising-market-study">comments where we highlighted our concerns around the data dominance of big platforms and urged the CMA to take action</a>.</p> <p>If you want to know why big tech companies like Google, Apple, Facebook, Amazon and Microsoft are dominating our devices, data (and inevitably our everyday lives), and why this lets them abuse our rights and set their own rules in the digital market, here's a cool gif that explains the basics.</p> </div> <div class="field field--name-field-repeating-image-and-text field--type-entity-reference-revisions field--label-hidden field__items"> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="PI competition gif" src="/sites/default/files/flysystem/2020-04/competitionPI_0.gif" width="1000" height="1000" typeof="foaf:Image" /> </div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h2>Interim report findings</h2> <p>Fast forward to December 2019. The UK Competition Authority published their interim report where they explain what they found so far and how they propose to move forward. While their <a href="https://assets.publishing.service.gov.uk/media/5dfa0580ed915d0933009761/Interim_report.pdf">283-page report</a> contains a handful of findings and proposals, we'll focus on the most important ones.</p> <p><strong>Facebook and Google have become way too big and this is also due to the amount of data they have on us</strong></p> <p>This might not come as a surprise to most of us (also, it is <a href="https://ec.europa.eu/commission/presscorner/detail/en/IP_19_1770">not the first time these tech giants are facing similar charges</a>). However, the fact that the UK competiton authority did a whole economic analysis of the relevant markets to reach this conclusion is quite fascinating. What we find even more important, is that the personal data these companies have on their users was also considered by the regulator, as we will show right below.</p> <p>The CMA report identifies two different markets either Facebook or Google might have demonstrated dominant practices: the search engine market and social media market. After all, deep inside you knew that there was something weird going on when Facebook was bombing you with friend suggestions of colleagues you were always trying to avoid or when Google could finish your search engine queries in milliseconds.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="monopoly game gif" src="/sites/default/files/flysystem/2020-04/monopoly.gif" width="500" height="281" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/monopoly-l2JJJJUUQBvUspZV6</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><strong>&quot;Google has significant market power in the general search sector [and] search adverting&quot;</strong></p> <p>It is not rocket science. The more data a search engine has, the better able it is to improve its algorithms and thus become more effective. For example, between a search engine with 1,000 users and another one with 1,000,000, one would be able to get a better understanding of what the majority of users wants when they search for &quot;Privacy International&quot; and show first the articles most people would probably be interested in.</p> <blockquote> <p>Google has generated around 90% or more of UK search traffic each year over the last ten years and generated over 90% of UK search advertising revenues in 2018.</p> </blockquote> <p>CMA Interim Report, §16</p> <p>According to the findings of the report, Google's access to vast query data is among the three things its dominance comes from. Don't let the term confuse you; query data is what we type in our search engines hundreds of times per day and as every techie friend will confirm they provide Google also with our location, IP address and other personal data.</p> <p>Combined with the fact that Google has established deals to be the default search engine across most desktop and mobile devices (yes, <a href="https://privacyinternational.org/long-read/3226/buying-smart-phone-cheap-privacy-might-be-price-you-have-pay">Android is also Google</a>) this triggers a vicious cycle where personal data of millions of users' are constantly being fed back to the company.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="hammering phone gif" src="/sites/default/files/flysystem/2020-04/break_phone.gif" width="400" height="220" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/iphone-ron-swanson-cell-phone-xTiTnzvzlEj5vD3Tkk</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><strong>&quot;Facebook has significant market power in social media&quot;</strong></p> <blockquote> <p>None of the platforms currently active in the UK’s social media sector appear to impose a strong competitive constraint on Facebook.com. No existing social media platform offers a comparable range of consumer services, has access to as extensive a consumer network or has a similarly well-developed social graph.</p> </blockquote> <p>CMA Interim Report, §3.165</p> <p>In other words, Facebook has so many users (and accordingly personal data) that they can monopolistically attract advertisers by being able to reach all kinds of audiences. This is because the more we interact with the Facebook services, the more data we generate that can directly or indirectly provide insights about our life or let others draw inferences and assumptions about our habits, behaviour and characteristics. This is what we call profiling. And, in 2018, we showed how <a href="https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report">this could still be done even if you don't have a Facebook account</a>.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="Zuckerberg sorry gif" src="/sites/default/files/flysystem/2020-04/zuckerberg_sorrygif.gif" width="480" height="364" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/sorry-zuckerberg-testimony-1Bh2zyW2yuBEalV0rO</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>There's also another aspect of Facebook's dominance that's worth mentioning; network effects. Due to the vast numbers of users that are on the platform, most of us would find it hard to switch to another service because most of our friends -if not all- are on Facebook, or platforms owned by Facebook like Instagram, for example, and we wouldn't be able to have the same number of connections on a new platform. This is something that might prevent competitors from entering the market, by &quot;locking&quot; users in.</p> <p>As the report (and competition law) say, being big/dominant is problematic when it creates obstacles for other companies to enter the market. For us, this also underlines how our personal data can be used by Facebook and Google to strategically use their market dominance and attract advertisers' attention.</p> <p><strong>This is bad for both consumers and innovation</strong> Why's that important? We're glad you asked.</p> <p>Personal data is valuable tool for these companies as it helps them profile and analyse audiences, and attract advertisers. And, of course, the more personal data they have, the larger their profits, regardless of <a href="https://privacyinternational.org/topics/adtech">whether their exploitation practices are lawful or not</a>.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="eyes following mouse gif" src="/sites/default/files/flysystem/2020-04/eyes_click.gif" width="601" height="601" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/eyes-eye-cursor-WQm7p49Vu8deDHCcS5</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>But here's the spin. If these dominant actors are left unregulated, they will throw out competitors, kill innovation and <a href="https://privacyinternational.org/news-analysis/3280/give-google-inch-and-theyll-take-mile">engage in a race to the bottom to collect ever more data</a>. And if they are able to monopolise users and services, then they can take advantage of us by forcing us to agree to abusive terms (that could, for example, lead to us handing over disproportionate amounts of data in return for services). As the report puts it:</p> <blockquote> <p>limited choice and competition also means that people will be less able to control how their personal data is used and may effectively be faced with a ‘take it or leave it’ offer when it comes to signing up to a platform’s terms and conditions. For some, this will mean they have to provide more personal data to platforms than they would like.</p> </blockquote> <p>CMA Interim Report, §11</p> <p><strong>This is NOT your fault</strong> We don't want to sound like your therapist, but we want to assure you one thing: this is not some kind of black-mirror-style punishment for skipping that 7589343520017462-page-long privacy policy or for that day you wanted to look cool in front of that friend over your shoulder and clicked &quot;Accept&quot; without even reading. EU privacy laws are clear and set strict limits when it comes to what these services are allowed to do without our consent.</p> <p>And, in what can only be seen as an emphatic endorsement of the long-established TL;DR (Too Long; Didn't Read) principle, the CMA also agrees with us:</p> <blockquote> <ul> <li>At the moment consumers must engage with unreasonably long, complex, terms and conditions and must make several clicks to access their settings. Understandably, consumers rarely engage with these terms and when they do, they spend very little time reading them. It is unreasonable to expect ordinary consumers to read and understand these terms for every platform that they use.</li> </ul> </blockquote> <blockquote> <ul> <li>Consumer engagement with privacy policies and controls is low. And platforms do little by the way of systematic testing to measure this or test what would increase consumers’ engagement with these policies. Instead they rely on the fact that very few consumers alter the default settings in order to increase their ability to use personal data.</li> </ul> </blockquote> <p>CMA Interim Report, §4.156</p> <h2>Potential solutions</h2> <p>Having established why this is a problem (a huge one, if you ask us), the CMA goes on to consider a few regulatory interventions (or remedies) that they could impose on dominant tech players to fix the market asymmetry. Some of them are really good, such as a code of practice (soft-law), enhanced privacy enhancing technologies, increased user control over their data, especially data portability, as well as interoperability of online services.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="rupaul thumbs up gif" src="/sites/default/files/flysystem/2020-04/rupaul_thumbsup.gif" width="480" height="265" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/rupaulsdragrace-episode-3-rupauls-drag-race-xUOwFY0qkNiLrQzKUM</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><strong>Third-party access to personal dat... wait, what?</strong> There's a quite awkward moment, where according to the CMA, another potential intervention to deal with Google's dominance in the search engine market is opening up access to search query data that Google has to its competitors:</p> <blockquote> <p>[S]uch an access remedy could require Google to provide access to a number of data points, potentially some or all of; • user queries; • URLs returned; • user clicks and any click backs; and • other relevant data, such as location data or previous search, required to interpret the data above.</p> </blockquote> <p>CMA Interim Report, Appendix J, §41</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="office no scream gif" src="/sites/default/files/flysystem/2020-04/office_no.gif" width="240" height="196" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/reaction-the-office-no-FHCdp8qwulqN2</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p>OK, this is serious.</p> <p>Privacy and the protection of personal data are fundamental human rights. It is <a href="https://privacyinternational.org/long-read/3088/our-data-future">impossible to treat them as any other economic asset</a>. Considering how these companies seem to handle our data, we believe that personal data sharing standards can pose grave risks also for the <a href="https://privacyinternational.org/news-analysis/2819/mystery-amazon-echo-data">security and integrity of consumers’ personal data</a>.</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="regina mean girls privacy gif" src="/sites/default/files/flysystem/2020-04/regina_privacy.gif" width="480" height="270" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/filmeditor-mean-girls-movie-3otPoyXM2G9VRgROnK</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><p><strong>What if we anonymise though?</strong> Si, correcto. Personal data can be pseudo anonymised or anonymised. The first means that certain identifiers in a dataset, for example, are replaced by certain values which make it temporarily hard to re-identify (think of the university exams example where names and student numbers are replaced by candidate numbers which the administration can then trace back to students once papers have been graded). Anonymisation, on the other hand, means that once data has been anonymised, they can never identify individuals again. Accordingly, the first is covered by data protection laws while the second is not.</p> <p>There is a fine line between pseudo anonymous and anonymised data. For example, <a href="https://www.theregister.co.uk/2016/11/07/browsers_ban_web_of_trust_addon_after_biz_is_caught_selling_its_users_browsing_histories/">journalists from the German public broadcaster NDR were able to identify the sexual preference and medical history of judges and politicians</a>, using online identifiers. And, in a recent study, researchers were able to demonstrate that, despite the anonymisation techniques applied, “<a href="https://www.imperial.ac.uk/news/192112/anonymising-personal-data-enough-protect-privacy/">data can often be reverse engineered using machine learning to re-identify individuals</a>.”</p> <p>Last September, we looked into menstruation apps, which are not just concerned with menstruation cycles but may also collect information about users’ health, sexual life, mood etc. We examined whether any of these sensitive health data were shared with third parties without users’ consent or even knowledge. We found out that several apps conducted – at the time of the research – what we believe to be extensive sharing of sensitive personal data with third parties, including Facebook. Among the data shared, was <a href="https://www.privacyinternational.org/long-read/3196/no-bodys-business-mine-how-menstruation-apps-are-sharing-your-data">whether users were having unprotected sex!</a></p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="tina fey not cool gif" src="/sites/default/files/flysystem/2020-04/tina_notcool.gif" width="500" height="250" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/30-rock-funny-tina-fey-NZrgV9nFbWYRW</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h2>It is time to act!</h2> <p>All these just show how messy the situation is at the moment when it comes to online platforms and digital advertising. This is why we had already asked the CMA, in our first submission, to take further action and use its legal powers to carry out a formal investigation.</p> <p>While it admits that “given the […] number of consumers affected by them, a market investigation would appear to be a proportionate response”, to our surpise, the CMA does not think it would be a good idea. And although they reckon that some of their cool solutions could only be imposed as a result of a market investigation, they are discouraged by the fact that the government is considering policy changes too and that the issues are of global nature and it might be hard for the UK to do things on its own.</p> <p>The problem is that if we really want to be pragmatic, we have to take this to the end. The CMA cannot just come up with some recommendations whose implementation will depend on the will of the UK government and the multi-million-dollar lobbying of these companies. The CMA is the independent body that has the capacity and expertise to protect consumers' welfare and send a strong message to its international counterparts by holding these companies to account. It can't just stop here!</p> </div> </div> </div> <div class="field__item"> <div class="paragraph paragraph--type--image-and-text-repeating paragraph--view-mode--default"> <div class="field field--name-field-fieldset-image field--type-image field--label-hidden field__item"> <img alt="lizzo gif" src="/sites/default/files/flysystem/2020-04/lizzo.gif" width="480" height="250" typeof="foaf:Image" /> </div> <div class="field field--name-field-caption field--type-string field--label-hidden field__item">We found this gif here: https://giphy.com/gifs/music-video-lizzo-good-as-hell-xT4uQvEmY3gMMN6Hio</div> <div class="clearfix text-formatted field field--name-field-fieldset-text field--type-text-long field--label-hidden field__item"><h2><strong>What's next</strong></h2> <p>The deadline to respond to the preliminary findings and suggested interventions was February 12, 2020. We submitted our comments, welcoming the findings and some of the interventions, but mainly focusing on the data privacy concerns that the data sharing remedies raise. We also asked the CMA to revisit its position not to make a market investigation. The CMA will have to make a final decision by 2 July 2020. You can find our submission <a href="https://privacyinternational.org/advocacy/3733/comments-cmas-interim-report-its-online-platforms-and-digital-advertising-market">here</a>.</p> </div> </div> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-inline"> <div class="field__label">Learn more</div> <div class="field__items"> <div class="field__item"><a href="/learn/data-exploitation" hreflang="en">Data Exploitation</a></div> <div class="field__item"><a href="/learn/profiling" hreflang="en">Profiling</a></div> <div class="field__item"><a href="/learn/data-protection" hreflang="en">Data Protection</a></div> <div class="field__item"><a href="/learn/adtech" hreflang="en">AdTech</a></div> <div class="field__item"><a href="/learn/competition-and-data" hreflang="en">Competition and Data</a></div> </div> </div> <div class="field field--name-field-resource-type field--type-entity-reference field--label-inline"> <div class="field__label">Related learning resources</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/865" hreflang="en">Our Data Future</a></div> </div> </div> <div class="field field--name-field-programme field--type-entity-reference field--label-inline"> <div class="field__label">Our fight</div> <div class="field__items"> <div class="field__item"><a href="/strategic-areas/challenging-corporate-data-exploitation" hreflang="en">Challenging Corporate Data Exploitation</a></div> </div> </div> <div class="field field--name-field-targeted-adversary field--type-entity-reference field--label-above"> <div class="field__label">Target Profile</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/578" hreflang="en">Google</a></div> <div class="field__item"><a href="/taxonomy/term/577" hreflang="en">Facebook</a></div> </div> </div> <div class="field field--name-field-type-of-abuse field--type-entity-reference field--label-above"> <div class="field__label">Type of abuse</div> <div class="field__items"> <div class="field__item"><a href="/examples/consumers" hreflang="en">Consumers</a></div> </div> </div> <div class="field field--name-field-audience-and-purpose field--type-entity-reference field--label-above"> <div class="field__label">Audiences and Purpose</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/628" hreflang="en">Feeding our followers</a></div> <div class="field__item"><a href="/taxonomy/term/624" hreflang="en">Generalised audience education for inspiration</a></div> <div class="field__item"><a href="/taxonomy/term/625" hreflang="en">Generalised audience problem articulation</a></div> <div class="field__item"><a href="/taxonomy/term/629" hreflang="en">Helping people understand our solutions</a></div> </div> </div> <div class="field field--name-field-principle-or-recommendatio field--type-entity-reference field--label-above"> <div class="field__label">What Pi is calling for</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/835" hreflang="en">Companies protect privacy by design, not exploit people and their data.</a></div> </div> </div> <div class="field field--name-field-change field--type-entity-reference field--label-above"> <div class="field__label">Change</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/729" hreflang="en">We campaign publicly for solutions</a></div> </div> </div> <div class="field field--name-field-content field--type-entity-reference field--label-above"> <div class="field__label">Content</div> <div class="field__items"> <div class="field__item"><a href="/taxonomy/term/730" hreflang="en">Educational</a></div> </div> </div> <div class="field field--name-field-media field--type-entity-reference field--label-above"> <div class="field__label">Media</div> <div class="field__item"><a href="/media/192" hreflang="en">cade-roberts-EpIUbeFrqwQ-unsplash.jpg</a></div> </div> <div class="clearfix text-formatted field field--name-field-summary field--type-text-long field--label-above"> <div class="field__label">Summary</div> <div class="field__item"><p>Throughout these updates, we will do our best to avoid technical terms, obscure references or abstract discussions. We want you to be aware of how data power has grown and why we need to act. This post focuses on data and competition law developments in the UK.</p></div> </div> <div class="clearfix text-formatted field field--name-field-key-findings field--type-text-long field--label-above"> <div class="field__label">Key findings</div> <div class="field__item"><ul> <li>In July 2019, the UK competition regulator started examining online platforms and digital advertising. In December 2019, they published their interim report.</li> <li>The interim report finds that both Google and Facebook enjoy &quot;significant market power&quot; in markets like search engine and digital advertising. It also suggests a series of potential solutions, with one of them relying on data sharing.</li> <li>We submitted comments on the interim report, welcoming privacy-friendly solutions such as a code of practice, privacy enhancing technologies, increased user control over their data, data portability, as well as interoperability of online services.</li> <li>However, we are strongly opposed to any solutions involving the sharing of personal data, even in an anonymised form. Considering how these companies seem to handle our data, personal data sharing standards can pose grave risks for consumers.</li> <li>Finally, we have asked the regulator to revisit their conclusion not to open a formal investigation.</li> </ul> </div> </div> Fri, 01 May 2020 22:21:38 +0000 staff 3734 at http://www.privacyinternational.org