Search
Content type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: Long Read
This image was found here.
Spain is holding a national general election on April 28 (its third in four years). Four weeks later Spaniards will again go to the polls to vote in the European Parliament elections. At Privacy International we are working to investigate and challenge the exploitation of people’s data in the electoral cycle including in political campaigns. This includes looking at the legal frameworks governing the use of data by political parties and their…
Content type: News & Analysis
At the beginning of November 2018, the first GDPR-related privacy and freedom of expression case arose in Romania in connection to the publication by the RISE Project of several articles about a corruption investigation. The articles reported a close relationship between a road construction company that is currently under investigation for fraud, European funds, and a high-profile politician.
Shortly after the first article was published, the Romanian data protection authority (“ANSPDCP”) sent…
Content type: Press release
Consumer groups, NGOs and industry call jointly for the Council of the EU to advance ePrivacy reform
On Monday 3 December, a coalition of more than 30 consumer groups, NGOs and industry representatives sent a letter to EU Ministers and the Council of the EU calling for the conclusion of the negotiations on the reform of the ePrivacy legislation.
The letter was sent prior to yesterday's (4 December) meeting in the TTE Council, with signatories sharing concerns over the slow progress of the negotiations in the Council of the EU despite the repeated scandals that demonstrate the clear and…
Content type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: News & Analysis
This piece originally appeared here.
The tech industry is ramping up its attack and promulgation of myths around the ePrivacy regulation, as shown by Julia Apostle’s op-ed “We survived GDPR, but now another EU privacy law looms” (June 14). Let’s set the record straight.
Myth #1: the ePrivacy regulation will be detrimental for innovation. This predictable and tired argument is made anytime companies face regulation. It is particularly fallacious in this case. The aim of the ePrivacy regulation…
Content type: Report
In contrast to automated decision-making, profiling is a relatively novel concept in European data protection law. It is now explicitly defined in Article 4(4) of the EU General Data Protection Regulation (GDPR), and refers to the automated processing of data (personal and not) to derive, infer, predict or evaluate information about an individual (or group), in particular to analyse or predict an individual’s identity, their attributes, interests or behaviour.
Through profiling, highly…
Content type: Advocacy
Privacy International's comments to the Article 29 Working Party Guidelines on automated individual decision-making and profiling are here.
Content type: News & Analysis
7 July 2016
It has been said is that we pay for free services with our personal data. Now, the Privacy Shield exponentially expands this truth and we are paying for the cost of U.S. political dysfunction combined with EU complacency with our privacy. More than four months after the first EU-US Privacy Shield was published on 29 February 2016, a new version has been leaked. Remarkably, it is expected to be adopted.
Four months, two opinions by group of EU data protection…
Content type: Advocacy
Privacy International has responded to the European Commission’s consultation on the interoperability of EU information systems for borders and security.
The Commission is currently looking at ways in which various border control and policing EU databases and IT systems can be connected to share and exchange more data.
The plans raise a number of concerns as highlighted by Privacy International in our response. These relate to significant potential harms associated with…
Content type: News & Analysis
We found this image here.
On 11 October, the LIBE Committee of the European Parliament votes on the draft e-privacy regulation. As the landscape of generation, collection, and other processing of data in the digital sphere evolves, the proposal seeks to update the rules on confidentiality and security of electronic communications and online activities.
Unsurprisingly, companies whose business models rely on tracking individuals online have been busy lobbying against the new regulation. The…
Content type: Advocacy
Privacy International welcomes the willingness of the UK government to implement the EU General Data Protection Regulation (GDPR), which provides stronger standards of protection of personal data to those contained in the EU Directive 1995, whose provisions were implemented in the Data Protection Act 1998. Improved rights and enforcement measures will generate greater trust and therefore greater engagement in the digital environment, which will in turn benefit the economy. …
Content type: Advocacy
After the adoption of the EU General Data Protection Regulation, the Data Protection Directive for Law Enforcement Agencies, the EU-US Privacy Shield, your understandable EU privacy policy fatigue is excused.
But when a coalition of tech and telecom industries calls for a relatively obscure EU directive to be repealed, it may unintentionally trigger an atypical Streisand effect: if companies, which often so cavalier to individuals’ privacy, want to get rid of the EU e-privacy…
Content type: News & Analysis
After the adoption of the EU General Data Protection Regulation, the Data Protection Directive for Law Enforcement Agencies, the EU-US Privacy Shield, your understandable EU privacy policy fatigue is excused.
But when a coalition of tech and telecom industries calls for a relatively obscure EU directive to be repealed, it may unintentionally trigger an atypical Streisand effect: if companies, which often so cavalier to individuals’ privacy, want to get rid of the EU e-privacy…
Content type: Press release
The committee of data protection regulators across Europe, the Working Party 29, announced today its opinion on the current “Privacy Shield”. The Opinion is expected shortly, and based on the statements made by the Working Party chair in a press conference, we understand that the Working Party, while noting improvements from the annulled “Safe Harbor” agreement, has serious concerns about a range of aspects of the current "Privacy Shield" agreement with the U.S.
Overall they note the…
Content type: News & Analysis
Should the European Union agree to legitimise trade with a country that refuses to adhere to European legal standards? This is the fundamental question that will be addressed at tomorrow’s meeting among European privacy regulators when they publish their opinion on the data-sharing agreement known as the ‘Privacy Shield’, the replacement to the failed ‘Safe Harbour’ agreement.
Background
Many of the world’s largest companies, such as Google and Facebook, store their customers’ data in…
Content type: News & Analysis
PI's full analysis can be read here
On 29 February 2016, the European Commission and the US government released the details of the proposed EU-U.S. “Privacy Shield”. The “Privacy Shield” replaces the now defunct so-called “Safe Harbor”.
The Privacy Shield is in fact a significant number of documents from various parts of the U.S. administration, which merely outline the existing, weak U.S. safeguards applicable to personal data of EU citizens. These documents are…
Content type: Advocacy
Introduction
On 29 February 2016, the European Commission and the US government released the details of the proposed EU-U.S. “Privacy Shield”. The “Privacy Shield” replaces the now defunct so-called “Safe Harbor”.
The Privacy Shield is in fact a significant number of documents from various parts of the U.S. administration, which merely outline the existing, weak U.S. safeguards applicable to personal data of EU citizens. These documents are meant to serve as the basis for an “adequacy”…
Content type: News & Analysis
The major overhaul of data protection laws in Europe is finally over, after three years of arduous and sustained political and lobbying activity by all those with a major stake and interest, including us at Privacy International (See our initial analysis of the two laws in 2012). We welcome this long overdue closure, but is this 91-articled, 200-paged piece of legislation been worth the enormous effort and no doubt millions of euros, dollars and pounds spent on it?
The legislative package…
Content type: Advocacy
Following today's Justice Ministers Council meeting in Luxembourg where an agreement was reached on the proposal for a General Data Protection Regulation (GDPR), Privacy International and European Digital Rights (EDRi) issued the following statement:
In January 2012, the European Commission, following extensive consultations, published a draft Regulation. The initiative had three priorities - modernisation of the legal framework for the protection of personal data,…
Content type: News & Analysis
Privacy laws around the world are under threat by ambitious governments and voracious industry. Sixty-six privacy, digital rights and consumer rights organisations from around the world have joined forces to push back against attempts to weaken European privacy legislation. The coalition today wrote to the President of the European Commission (the civil service of the European Union) to demand that high levels of privacy protections must be respected in Europe's ongoing revision of its data…
Content type: News & Analysis
To read Privacy International's take on the ruling, go here.
What does the decision actually say?
The primary question that the Court was asked to consider was whether Google Search has obligations under the Data Protection Directive 1995, the EU legal framework regulating how public bodies and businesses deal with individuals’ personal data.
There were three primary issues at hand: the first was whether Google Inc., the international entity which operates Google Search, was under the…
Content type: News & Analysis
Since the European Court of Justice in May ruled in the “right to be forgotten” case, there has been a dizzying amount of debate about the decision, and its implications for privacy and free expression.
A main thread within these discussions is an old story that US Industry loves to tell and has told for some time: Europeans love privacy law, and Americans love free speech, and the twain shall never meet.
The Google Search case at the European Court of Justice has fuelled this view…
Content type: News & Analysis
We, and other privacy advocates, havecriticised the poor provisions of the so-called Safe Harbour agreement, which allows free transfers of personal information from European countries to companies in the United States that have signed up and promise to abide by its Principles. Now the European Commission, prompted by the recent mass surveillance scandals, has published an investigation into this agreement which provides overwhelming evidence that it is not fit for purpose. It…
Content type: News & Analysis
The European Parliament Committee that deals with civil liberties and justice issues will have a first vote this week on the revised European data protection framework after months and months of deliberations and negotiations over more than 4,000 amendments. The vote is the first on the framework, which will decide the future of privacy and data protection in Europe. The recent revelations surrounding government surveillance involving some of the Internet's biggest companies have highlighted…
Content type: Advocacy
Just over a year ago, vitally important reforms to European privacy and data protection laws were proposed. Now these reforms, which will affect the rights of half a billion Europeans, are being watered down in their passage through various European parliamentary committees as MEPs succumb to an unprecedented industry lobbying onslaught. There is now irrefutable evidence of the impact of this lobbying, thanks to a technology-powered research method comparing corporate lobby documents…
Content type: News & Analysis
Just over a year ago, vitally important reforms to European privacy and data protection laws were proposed. Now these reforms, which will affect the rights of half a billion Europeans, are being watered down in their passage through various European parliamentary committees as MEPs succumb to an unprecedented industry lobbying onslaught. There is now irrefutable evidence of the impact of this lobbying, thanks to a technology-powered research method comparing corporate lobby documents…
Content type: Press release
A European privacy group claimed today that dozens of amendments to the new Data Protection Regulation being proposed by Members of the European Parliament (MEPs) are being copied word-for-word from corporate lobby papers, with MEPs frequently failing to even remember their own amendments. Max Schrems, of the website and campaign Europe v Facebook, noticed striking similarities between proposed amendments and lobby papers written by representatives of Amazon, eBay, the American Chamber of…