Search
Content type: Long Read
What happened?On 19 July 2024, American cybersecurity company CrowdStrike released an update to its CrowdStrike Falcon software that ultimately caused 8.5 million computers running Microsoft Windows to crash. The damage done was both deep and wide: deep because the computers affected were unable to recover without direct user intervention. Wide because a whole range of companies - from airlines to healthcare to media - across a whole range of countries - from Sweden to India to New Zealand -…
Content type: Long Read
In August 2021, PI published the report An unhealthy diet of targeted ads where we uncovered how personal data was shared by diet companies through their online ads and online testing. Our findings were quite grim, with highly sensitive personal data shared with third parties without consent.
Following this initial report, we performed follow-up research with the same methodology and by September 2021 we reported a number of positive changes from two of these websites: BetterMe and VShred.…
Content type: Long Read
Last update: 26 April 2023
In 2022, Privacy International continues to produce real change by challenging governments and corporations that use data and technology to exploit us.
We know life moves quickly. So, we wanted to keep you in the loop and ensure you don’t miss out on how we’re changing the world for the better.
That’s why we’ve created this highlight reel of our wins in the past year.
Take a look below!
PS: To continue to do this, and more, into 2023, we need your support. We…
Content type: Examples
The Irish Council for Civil Liberties (ICCL) has filed a lawsuit in Hamburg against three AdTech industry trade bodies including the Interactive Avertising Bureau (IAB). Members of the IAB include big tech companies (Google, Facebook, Amazon, Twitter...), data brokers (Equifax, Experian, Acxiom...) and advertising agencies (Groupm, Publicis, IPG...).
The lawsuit follows the filing in 2018 of complaints with the Irish Data Protection Commission (DPC) and UK Information Commissioner (ICO), which…
Content type: Examples
When Dallas police posted on Twitter asking for videos of the protests taking place after George Floyd's killing, a flood of videos and images of K-pop stars were uploaded to its anonymous iWatch Dallas tip-off app. Law enforcement can call on vast numbers of networked cameras - from cars, food and retail chains that are typically willing to share with police, law enforcement agencies' own networks of surveillance and body cameras as well as object and face recognition software, protesters and…
Content type: Video
Links!
If you're worried about your devices and a controlling partner, we have some tips for you; you can also find out more at women's aid's website.
Find out more about our court victory.
Listen to Dr David Crepaz-Keay from the Mental health Foundation talk about mental health and tech
Tom on immunity passports
Lucy on marketing and maternity and low cost tech
Eva and smart cities
And support PI's work at support.privacyinternational.org
You can listen and subscribe to the…
Content type: Video
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify
Apple podcasts
Google podcasts
Castbox
Overcast
Pocket Casts
Peertube
Youtube
Stitcher
And more...
And support PI's work here: support.privacyinternational.org
Content type: Examples
Civil society organisations Civil Liberties union for Europe, Open Rights Group and Panoptykon Foundation have filed complaints against Google and Interactive Advertising Bureau (IAB) member companies in Croatia, Cyprus, Greece, Malta, Portugal and Romania.
The complaints address privacy abuses arising from real-time bidding processing, and call on data protection authorities to work together in investigation the real-time bidding industry.
Content type: Examples
French data protection regulator CNIL fined Google and Amazon €100 million and €35 million respectively for breaches of the French Data Protection Act. The CNIL found that the French websites of Google and Amazon had not sought the prior consent of visitors before advertising cookies were saved on computers, and failed to provide clear information to users as to how they intended to make use of online trackers and how to refuse any use of cookies.
In relation to Google, the CNIL made an…
Content type: Video
You can listen and subscribe to the podcast where ever you normally find your podcasts:
Spotify
Apple podcasts
Google podcasts
Castbox
Overcast
Pocket Casts
Peertube
Youtube
Stitcher
And more...
And support PI's work here: support.privacyinternational.org
Content type: Examples
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: Examples
When Google and Apple announced their joint platform for contact tracing, the companies said the system would not track users’ locations. By mid-July, the resulting apps had been downloaded more than 20 million times in companies such as Germany and Switzerland. However, in order for Bluetooth, which the app requires, to work on Android phones, users must enable location services, with the result that Google may be able to track their location. Governments and health officials in Germany,…
Content type: Examples
Several of the Chinese companies producing personal protective equipment such as face masks were shown via undercover video footage to be using Uighur labour under a government labour transfer programme that pays regional subsidies for each worker taken in. The equipment is being shipped all over the world, including to the US and Latin America. In the course of the pandemic, the number of companies producing PPE in Xinjiang has risen from four to 51. At Medwell, one such company, Uighurs are…
Content type: Examples
The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their contacts, not just those who had been in recent proximity, and the privacy policy was insufficiently specific about the categories of data that were being processed and its recipients. Finally, the…
Content type: Examples
Hours before OpenDemocracy filed suit to compel the UK government to release all the contracts governing its deals with a list of technology firms including Amazon, Microsoft, Google, Palantir, and Faculty, the UK government released the contracts. Faculty is being paid more than £1 million to provide AI services for the NHS, and the companies involved in the NHS data store project, including Faculty and Palantir, were originally granted intellectual property rights and were allowed to train…
Content type: Examples
Many of the steps suggested in a draft programme for China-style mass surveillance in the US are being promoted and implemented as part of the government’s response to the pandemic, perhaps due to the overlap of membership between the National Security Commission on Artificial Intelligence, the body that drafted the programme, and the advisory task forces charged with guiding the government’s plans to reopen the economy. The draft, obtained by EPIC in a FOIA request, is aimed at ensuring that…
Content type: Examples
The UK government spent two months touting its contact tracing app as the prospective basis for returning to something close to normality. As the June 1 target date approached, however, the government increasingly downplayed its importance. In the meantime, Apple and Google’s API were adopted by several others countries that had intended, like the UK, to build their own, and a trial on the Isle of Wight failed to produce the download numbers or success rate the commissioning agency, NHSx, had…
Content type: Examples
US state and local authorities are using data from a host of location tracking companies, some of them little-known, such as X-Mode Social, Foursquare Labs, Cuebiq, Unacast, Phunware, and SafeGraph, to help them decide how and when to reopen. Many of these companies are part of the adtech industry and collect location data from unrelated apps to which users have given permission to access their location. Apple’s and Google’s refusal to allow contact tracing apps using their system to access…
Content type: Long Read
Monday, 16 June 2025
It’s 7:33 am. Lila’s GoogBit watch vibrates. “You got 6 hours and 57 minutes of sleep last night, including 2 hours and 12 minutes of deep sleep”, the watch reads. “In total, you tossed and turned for 15 minutes only”. Taking into account Lila’s online browsing activity, her sleep pattern, the recent disruptions in some of her other biorhythms, as well as her daily schedule, GoogBit watch has calculated the very best minute to wake her up.
Content type: Examples
Italy has launched Immuni, one of the first contact tracing apps based on the Apple-Google API. The app is opt-in, and includes an explanation of the privacy and security measures in its setup. The app collects anonymously bluetooth tokens that are automatically randomised, but does not collect GPS or location data and performs all processing on the device.
Source: https://9to5mac.com/2020/06/01/italy-apple-exposure-notification-api-app/
Writer: Michael Potuck
Publication: 9 to 5 Mac
Content type: Examples
France, like the UK, opted to develop its own contact tracing app. "StopCovid", using a centralised design developed by the Pan-European Privacy-Preserving Proxity Tracing (PEPP-PT) group, which created a framework called ROBust and the privacy-presERving proximity Tracing protocol (ROBERT). French ministers have defended the decision to choose ROBERT rather than the decentralised options, DP3T or Apple's and Google's jointly developed API, saying that the app is not intended to monitor…
Content type: Examples
It's been two months since the launch of "Perú en us manos", the mobile app promoted by the Peruvian government amidst the Covid-19 pandemic. Until now the app did not accomplish the ambitious goals it set out to.
On its first month the app had detected 1400 risk zones while there where already 36,000 confirmed infection cases. There is little transparency on how those risk zones are estimated. Developers of the app state that only one fifth of the data provided by the Health Ministry is clean…
Content type: Examples
Contact tracing apps will only work effectively if people trust them and install them in sufficient numbers. Soon after its launch, however, the North Dakota contact tracing app people were already dropping it after posting complaints in the Google App store. In a survey of 798 Americans, researchers at Microsoft Research, Johns Hopkins University, and the University of Zurich found that nearly half said they would not install a COVID-19 contact tracing app that has false negatives or could…
Content type: Examples
Latvia became one of the first countries to use Apple's and Google's new joint toolkit to launch a smartphone contact tracing app, Apturi Covid. For now, the app will only work for Latvia's 2 million citizens, but the intention is that it should interoperate with the apps other countries to aid travellers.
https://www.euractiv.com/section/digital/short_news/latvia-to-launch-google-apple-friendly-coronavirus-contact-tracing-app/
Writer: Reuters
Publication: Euractiv
Content type: Examples
Three days after announcing Germany would adopt the centralised Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) standard for contact tracing, the country's chancellery minister Helge Braun and health minister Jens Spahn announced they would instead use the decentralised approach backed by Apple, Google, and other European countries. While both standards rely on Bluetooth connections between nearby phones, PEPP-PT would have required Apple's cooperation to implement, and the company…
Content type: Examples
Google has begun publishing "COVID-19 Community Mobility Reports", which analyse the location data it collects from smartphones to create maps of aggregated changes in the movement of populations around the world. Google claims the data is "anonymised" via differential privacy, and suggests that governments can use the results of its analysis to understand not only whether people are travelling but where, so they can adapt transport policies to ensure adequate distancing. It is unclear how…
Content type: Examples
Apple and Google have announced a partnership to enable governments and health agencies to use Bluetooth for proximity-based contact tracing to help reduce the spread of the novel coronavirus while preserving user privacy and security. The effort is due to begin with the May release of APIs that will enable Android and iOS devices using apps from public health authorities to interoperate. The two companies will go on to build Bluetooth-based contact tracing into their underlying platforms. The…
Content type: Examples
On the second day of India's nationwide shutdown due to the COVID-19 outbreak, the Karnataka government published the home addresses of quarantined residents, as a deterrent to breaking the rules. The list included individuals who had flown in from a foreign country and been asked to stay indoors for two weeks but who had not tested positive for the novel coronavirus. Although the government deleted a tweet announcing its intention, the list is still available on its website and is circulating…
Content type: Examples
On November 3rd, 2019, [...] a critical vulnerability affecting the Android Bluetooth subsystem [was reported]. This vulnerability has been assigned CVE-2020-0022 and was now patched in the latest security patch from February 2020. The security impact is as follows:
On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled. No user interaction is required and only the Bluetooth MAC…