Search
Content type: News & Analysis
On 11 March 2025, The Atlantic journalist, Jeffrey Goldberg was added to a Signal chat where senior US Government officials were discussing the United States’ military strikes in Yemen.This happened to Goldberg as an accident. Yet, security services around the world have pushed for this to be part of their clandestine surveillance operations: the so-called “Ghost Protocol”.Governments have been trying to gain access to private online conversations since private online conversations have existed…
Content type: Long Read
In 2024, Privacy International (PI) continued to produce real change by challenging governments and corporations that use data and technology to exploit us.Since the beginning of the year, we’ve achieved some wins and would like to share the most recent ones with you.Creating change is hard, and takes time. We have to uncover problems, draw attention to them, and pressure for change. In the latest quarter, we've been able to push regulators for stronger standards on generative AI systems, draw…
Content type: News & Analysis
As the New York Times reports the health programmes are being cut by USAID cuts, the US Government declares them as “inconsistent with the national interest or agency policy priorities.” Sadly at PI we know the kind of foreign aid that governments believe are in the national interest: surveillance funding.We’re alarmed by aid budgets being cut by governments world-wide. People will be hurt, and people will die.And while most of the news has been dominated by the US’s cuts, the UK and France…
Content type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content type: Guide step
Tracking pixels are a common online tracking technique used in email messages. They consist in embedding a unique, disguised or invisible, image in an email message to gather data about your interactions with it.
When you open a message containing a tracking pixel, your email client makes a request to load the image so that it can display it to you: in practice, this request acts as a notification to the server. Since only you are served this exact pixel, when your email client requests it to…
Content type: Guide step
In the current digital landscape, passwords are the predominant method for user authentication across most platforms. From a privacy perspective, passwords present a advantage over some other methods like biometrics, as they do not disclose any additional or unique data about you – apart from the selected username
Given the widespread adoption of passwords, manually managing multiple, unique passwords for each online account becomes more difficult. Having unique random passwords for each…
Content type: Guide step
In your day-to-day life, your smartphone silently captures and stores a digital footprint of your whereabouts by keeping a location history: this history is then used to enhance your mobile experience, such as by aiding in navigation and customizing app experiences according to your location habits.
Yet, it's essential to recognize the potential risks tied to this seemingly innocuous practice. Understanding how your location data is handled becomes vital, as it can impact your privacy in ways…
Content type: Guide step
Many mainstream Internet platforms, such as YouTube and X, often collect extensive user data, track online activities, and employ algorithms to create content recommendations based on individual preferences. For a privacy-conscious user, this is nothing short of a nightmare. Making use of alternative front-ends allows you to access the content you want, while minimising the data collected about you. Essentially, this corresponds to using a different website to access the same content. By using…
Content type: Advocacy
We believe the Government's position of refusing to confirm or deny the existence of the Technical Capability Notice or acknowledge Apple's appeal is untenable and violates principles of transparency and accountability.
Content type: Guide step
The practice of buying and selling email addresses is a common one among digital data brokers. Say you register at an online shop to buy an item from a brand. The shop can then sell your email address to that same brand, so they can advertise to you directly in your email inbox. This is a form of targeted advertising, and we have written about its privacy implications to you as a digital citizen. Online marketing is not the sole reason you should consider concealing your personal email address…
Content type: Guide step
Depending on where in the world you are visiting from, websites may seek consent as one way to justify their collection of data about you. This has become general practice across the web, and the typical way to ask for user consent is via banners that pop up first thing when the webpage loads. Often these banners will make use of design elements and user interfaces aiming to mislead or influence you in giving away consent to collect and process your data - these are called Dark Patterns and are…
Content type: Explainer
Imagine this: a power that secretly orders someone anywhere in the world to abide and the receiver can’t tell anyone, can’t even publicly say if they disagree, and can’t really question the power in open court because the secret order is, well, secret. Oh and that power affects billions of people’s security and their data. And despite being affected, we too can’t question the secret order.In this piece we will outline what’s ridiculous, the absurd, and the downright disturbing about what’s…
Content type: News & Analysis
Edit: 13 March 2025 - You can find more about what happened next on our case pageOn February 21st, Apple disabled their ‘advanced data protection’ service for UK customers. That means no-one in Great Britain can now enable a powerful security safeguard that people who use Apple devices everywhere else on the planet can: user controlled end-to-end encryption of stored data.This is likely in response to a disturbing secret government power. Well, that’s what we think happened. We can’t know for…
Content type: Guide step
Depending on where in the world you are visiting from, websites may seek consent as one way to justify their collection of data about you. This has become general practice across the web, and the typical way to ask for user consent is via banners that pop up first thing when the webpage loads. Often these banners will make use of design elements and user interfaces aiming to mislead or influence you in giving away consent to collect and process your data - these are called Dark Patterns and are…
Content type: Press release
Privacy International (PI)FOR IMMEDIATE RELEASEUnited Kingdom goes after Apple's encrypted dataThe United Kingdom has used its investigatory powers to force disclosure of private data held by Apple Inc."The United Kingdom's unprecedented attack on individuals' private data around the globe is disproportionate and unnecessary.""This is a fight the UK should not have picked. The reported details suggest the UK is seeking the ability to access encrypted information Apple users store on iCloud, no…
Content type: Advocacy
Our joint stakeholder report made the following recommendations: Strengthen the implementation of Data Protection Act, 2019 and make clear in law and in relevant guidelines that personal data from the electoral register which has been made accessible is still subject to, and protected, by data protection law, including for onward processing.Ensure that there is an effective legal and regulatory framework in place to guarantee a human rights-based approach in the design and deployment of…
Content type: Advocacy
Our submission made the following recommendations to the Committee regarding the Kenya:Review and amend the proposed digital identity system, the Maisha Numba, to ensure it aligns with Kenya’s national and international human rights obligations in its design and implementation, and adopts legal, policy and technical safeguards to prevent exclusion and marginalisation.Ensure that measures taken to develop digital public infrastructures abide by Kenya’s national and international human rights…
Content type: Video
Links- Read PI's research- Learn more about Rhizomatica- Learn more about Lũa and his work on Starlink- We'd love to hear from you! Share your thoughts, case studies, or ideas about vertical mergers using our survey- More about X and Starlink's legal trouble in Brazil- Our podcast about competition with Dr Deni Mantzari
Content type: Advocacy
We responded to the Home Office consultation on codes of practices under the Investigatory Powers (Amendment) Act 2024 (IPAA). Our response focused on (1) the draft codes relating to bulk personal datasets with low or no reasonable expection of privacy, (2) third-party bulk personal datasets and (3) the notices regime. You can download our full response with its 23 recommendations for reform at the bottom of this page.'Low Privacy' Bulk Personal DatasetsThe IPAA introduces a new concept of…
Content type: News & Analysis
Together 12 organisations, including trade unions and NGOs across the EU and the UK, are asking Deliveroo, Uber, and Just Eat Takeaway to take serious steps to significantly improve the transparency and explainability around the algorithms they use to manage their workforce.These platforms rely heavily on the use of algorithms to manage many aspect of their workers employment, from account creation, to account suspension to how much workers get paid. Yet, it’s almost impossible for workers to…
Content type: Advocacy
Algorithmic management of workers has become the norm for gig-economy platforms, with workers obligated to give up an immense amount of personal data just to go to work. Decisions made by these algorithms can determine how much individuals are paid and even whether their employment or accounts are suspended or terminated. Yet, workers are often not provided with satisfactory explanations as to how these decisions are made. This lack of transparency means that decisions made through the "black-…
Content type: Long Read
Intrusive surveillance technology is increasingly used during protests around the world, and we’ve been tracking its use around the world for years.This technology is often being deployed in secret, without a clear legal basis and without the safeguards and oversight applied to other surveillance technologies under international human rights law.We’ve increasingly observed the use of unlawfully generated and collected data from these technologies being used in court against people exercising…