Search
Content type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: Long Read
This image was found here.
Spain is holding a national general election on April 28 (its third in four years). Four weeks later Spaniards will again go to the polls to vote in the European Parliament elections. At Privacy International we are working to investigate and challenge the exploitation of people’s data in the electoral cycle including in political campaigns. This includes looking at the legal frameworks governing the use of data by political parties and their…
Content type: News & Analysis
At the beginning of November 2018, the first GDPR-related privacy and freedom of expression case arose in Romania in connection to the publication by the RISE Project of several articles about a corruption investigation. The articles reported a close relationship between a road construction company that is currently under investigation for fraud, European funds, and a high-profile politician.
Shortly after the first article was published, the Romanian data protection authority (“ANSPDCP”) sent…
Content type: Press release
Consumer groups, NGOs and industry call jointly for the Council of the EU to advance ePrivacy reform
On Monday 3 December, a coalition of more than 30 consumer groups, NGOs and industry representatives sent a letter to EU Ministers and the Council of the EU calling for the conclusion of the negotiations on the reform of the ePrivacy legislation.
The letter was sent prior to yesterday's (4 December) meeting in the TTE Council, with signatories sharing concerns over the slow progress of the negotiations in the Council of the EU despite the repeated scandals that demonstrate the clear and…
Content type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: Advocacy
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more…
Content type: Advocacy
This photo originally appeared here.
For years, Privacy International and our partners in Kenya have been promoting the right to privacy in Kenya through research and investigations into government and private sector policies and practices and advocating for the adoption and enforcement of the strongest data protection and privacy safeguards.
The need for Kenya to adopt a comprehensive data protection framework (in addition to strengthening privacy protections in other legislation) has always…
Content type: News & Analysis
This piece originally appeared here.
The tech industry is ramping up its attack and promulgation of myths around the ePrivacy regulation, as shown by Julia Apostle’s op-ed “We survived GDPR, but now another EU privacy law looms” (June 14). Let’s set the record straight.
Myth #1: the ePrivacy regulation will be detrimental for innovation. This predictable and tired argument is made anytime companies face regulation. It is particularly fallacious in this case. The aim of the ePrivacy regulation…
Content type: Long Read
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations…
Content type: News & Analysis
En el 2011 se liquidó el DAS. Las violaciones, excesos y abusos de la inteligencia estatal que comenzaban por la intimidad y terminaban con la vida de los ciudadanos habían producido condenas judiciales a varios exdirectores: claro indicador de que se necesitaba un cambio. Siete años ha tenido el Estado colombiano para ordenar la casa y esta semana someterá sus récords de derechos humanos al examen de los miembros de Naciones Unidas. La evaluación analizará, entre otros…
Content type: News & Analysis
Los frecuentes escándalos sobre el abuso de la vigilancia estatal en actividades de inteligencia, la exagerada obligación legal que tienen las empresas de telefonía de retener los datos de las comunicaciones de sus usuarios por cinco años o la manera como se diluye el concepto de privacidad en el Código de Policía serán parte del examen que se haga en el seno de la ONU sobre la forma como Colombia cumple sus compromisos de derechos humanos.
Dirigido por los Estados y con el auspicio del…
Content type: News & Analysis
In the lead-up to the 30th session of the Universal Periodic Review which took place on 10 May 2018, Fundación Karisma, a partner organisation in the Privacy International Network, joined a coalition of civil society groups in Colombia to raise more awareness about the country's human rights record.
As part of the joint effort, the coalition produced factsheets on various human rights in the Colombian context, including the right to privacy. It is available in both English and Spanish.
Content type: Report
In contrast to automated decision-making, profiling is a relatively novel concept in European data protection law. It is now explicitly defined in Article 4(4) of the EU General Data Protection Regulation (GDPR), and refers to the automated processing of data (personal and not) to derive, infer, predict or evaluate information about an individual (or group), in particular to analyse or predict an individual’s identity, their attributes, interests or behaviour.
Through profiling, highly…
Content type: Long Read
As we said before, Facebook and Cambridge Analytica scandals are a wake-up call for policy makers. And also a global issue. People around the world are concerned by the exploitation of their data. The current lack of transparency into how companies are using people’s data is unacceptable and needs to be addressed.
There is an entire hidden ecosystem of companies harvesting and sharing personal data. From credit scoring and insurance quotations to targeted political communication, this…
Content type: Long Read
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
Content type: News & Analysis
What we can achieve. What we are doing.
A week to discuss global privacy
Throughout these last days, in the context of the #dataprivacyweek, we have been talking about privacy from a global perspective, while showcasing the research done by Privacy International and the organisations who are part of its International Network.
The right to privacy is a particularly multifaceted human right, which manifests in diverse and nuanced ways. As we said when we set the tone for this week, privacy is…
Content type: Long Read
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
At the core of data protection debates, there is a power play between empowering individuals to control their data and empowering those who use (or want to) use their data.
By…
Content type: News & Analysis
It has been almost 40 years since the Council of Europe’s Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data was signed. The Convention was the first binding treaty dealing with privacy and data protection that recognised the necessity to “reconcile the fundamental values of the respect for privacy and the free flow of information between peoples” and is the reason why we celebrate Data Protection Day annually on 28 January.
It has since been…
Content type: Advocacy
Privacy International's comments to the Article 29 Working Party Guidelines on automated individual decision-making and profiling are here.
Content type: Advocacy
In this submission, Privacy International provides the Committee with their observations to the written replies of the Pakistani government and with additional, up to date information to that contained in the brieing submitted to the Committee in advance of the adoption of the list of issues in 2016.
Content type: News & Analysis
7 July 2016
It has been said is that we pay for free services with our personal data. Now, the Privacy Shield exponentially expands this truth and we are paying for the cost of U.S. political dysfunction combined with EU complacency with our privacy. More than four months after the first EU-US Privacy Shield was published on 29 February 2016, a new version has been leaked. Remarkably, it is expected to be adopted.
Four months, two opinions by group of EU data protection…
Content type: Advocacy
Privacy International has responded to the European Commission’s consultation on the interoperability of EU information systems for borders and security.
The Commission is currently looking at ways in which various border control and policing EU databases and IT systems can be connected to share and exchange more data.
The plans raise a number of concerns as highlighted by Privacy International in our response. These relate to significant potential harms associated with…
Content type: News & Analysis
We found this image here.
On 11 October, the LIBE Committee of the European Parliament votes on the draft e-privacy regulation. As the landscape of generation, collection, and other processing of data in the digital sphere evolves, the proposal seeks to update the rules on confidentiality and security of electronic communications and online activities.
Unsurprisingly, companies whose business models rely on tracking individuals online have been busy lobbying against the new regulation. The…
Content type: Advocacy
Privacy International welcomes the willingness of the UK government to implement the EU General Data Protection Regulation (GDPR), which provides stronger standards of protection of personal data to those contained in the EU Directive 1995, whose provisions were implemented in the Data Protection Act 1998. Improved rights and enforcement measures will generate greater trust and therefore greater engagement in the digital environment, which will in turn benefit the economy. …
Content type: Advocacy
After the adoption of the EU General Data Protection Regulation, the Data Protection Directive for Law Enforcement Agencies, the EU-US Privacy Shield, your understandable EU privacy policy fatigue is excused.
But when a coalition of tech and telecom industries calls for a relatively obscure EU directive to be repealed, it may unintentionally trigger an atypical Streisand effect: if companies, which often so cavalier to individuals’ privacy, want to get rid of the EU e-privacy…
Content type: Press release
The committee of data protection regulators across Europe, the Working Party 29, announced today its opinion on the current “Privacy Shield”. The Opinion is expected shortly, and based on the statements made by the Working Party chair in a press conference, we understand that the Working Party, while noting improvements from the annulled “Safe Harbor” agreement, has serious concerns about a range of aspects of the current "Privacy Shield" agreement with the U.S.
Overall they note the…
Content type: News & Analysis
Should the European Union agree to legitimise trade with a country that refuses to adhere to European legal standards? This is the fundamental question that will be addressed at tomorrow’s meeting among European privacy regulators when they publish their opinion on the data-sharing agreement known as the ‘Privacy Shield’, the replacement to the failed ‘Safe Harbour’ agreement.
Background
Many of the world’s largest companies, such as Google and Facebook, store their customers’ data in…
Content type: News & Analysis
PI's full analysis can be read here
On 29 February 2016, the European Commission and the US government released the details of the proposed EU-U.S. “Privacy Shield”. The “Privacy Shield” replaces the now defunct so-called “Safe Harbor”.
The Privacy Shield is in fact a significant number of documents from various parts of the U.S. administration, which merely outline the existing, weak U.S. safeguards applicable to personal data of EU citizens. These documents are…
Content type: Advocacy
Introduction
On 29 February 2016, the European Commission and the US government released the details of the proposed EU-U.S. “Privacy Shield”. The “Privacy Shield” replaces the now defunct so-called “Safe Harbor”.
The Privacy Shield is in fact a significant number of documents from various parts of the U.S. administration, which merely outline the existing, weak U.S. safeguards applicable to personal data of EU citizens. These documents are meant to serve as the basis for an “adequacy”…