Search
Content type: Long Read
2nd February 2018
To celebrate International Data Privacy Day (28 January), PI and its International Network have shared a full week of stories and research, exploring how countries are addressing data governance in light of innovations in technology and policy, and implications for the security and privacy of individuals.
Content type: Advocacy
8th November 2018
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK.
It’s been more than five months since the EU’s General Data Protection Regulation (GDPR) came into effect. Fundamentally, the GDPR strengthens rights of individuals with regard to the protection of their data, imposes more stringent…
Content type: News & Analysis
9th January 2018
This post was written by Chair Emeritus of PI’s Board of Trustees, Anna Fielder.
The UK Data Protection Bill is currently making its way through the genteel debates of the House of Lords. We at Privacy International welcome its stated intent to provide a holistic regime for the protection of personal information and to set the “gold standard on data protection”. To make that promise a reality, one of the commitments in this government’s ‘statement of intent’ was to enhance people’s enforcement…
Content type: Long Read
27th March 2018
As we said before, Facebook and Cambridge Analytica scandals are a wake-up call for policy makers. And also a global issue. People around the world are concerned by the exploitation of their data. The current lack of transparency into how companies are using people’s data is unacceptable and needs to be addressed.
There is an entire hidden ecosystem of companies harvesting and sharing personal data. From credit scoring and insurance quotations to targeted political communication, this data is…
Content type: Long Read
14th May 2018
Hasn't Facebook said it would give European data protection to all of their users?
Yes, but only in very vague language. In an initial reaction to the Cambridge Analytica scandal, Mark Zuckerberg declared that Facebook would apply the EU General Data Protection Regulation (GDPR) “in spirit” to their 2 billion users worldwide. When questioned by members of the US Congress, Zuckerberg declared that "[a]ll the same controls will be available around the world". Representative Green sought…
Content type: News & Analysis
23rd August 2018
This month Brazil adopted a new data protection law, joining the ranks of more than 120 countries which have adopted such legislation, providing individuals with rights against the exploitation of their personal data. But after a veto from the Brazilian president, the law lacks an independent authority in charge of its application, which can severely undermine its impact.
When drafting data protection bills, one of the most important and often politically contentious issue tends to be their…
Content type: Long Read
25th May 2018
Privacy and data protection are fundamental rights. When respected they help improve trust and reduce power imbalances. Individuals should have rights over their personal data, regardless of who holds or processes it, and effective ways to enforce those rights, through independent bodies.
While not an ideal solution, GDPR gives individuals more control over their personal data. Rather than burdening individuals with managing and protecting their data, the onus will be on the companies to do so…
Content type: Long Read
25th May 2018
The European Union's new data privacy law (General Data Protection Regulation, better known as GDPR) takes effect today May 25th, 2018, after a two-year transition period. Despite some companies appearing to believe otherwise, and many articles misrepresenting its contents, the GDPR will have a significative impact beyond the European Union, and it will extend many of its data privacy safeguards to users’ data globally.
There are a number of reasons that explain this impact:
Obligations for…
Content type: News & Analysis
8th November 2018
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: News & Analysis
13th June 2018
While the worlds’ attention, the world’s humour, including a dedicated playlist of 89 songs on Spotify, were on the coming into force of EU’s General Data Protection Regulation (GDPR) on 25th May, the UK’s Data Protection Act 2018 (DPA 2018) that received Royal Assent only two days previously had barely received a few column inches in the mainstream press.
However, the substance of the debates in parliament during the passage of this Act has received wide attention in the UK, linking…
Content type: Advocacy
18th July 2018
This photo originally appeared here.
For years, Privacy International and our partners in Kenya have been promoting the right to privacy in Kenya through research and investigations into government and private sector policies and practices and advocating for the adoption and enforcement of the strongest data protection and privacy safeguards.
The need for Kenya to adopt a comprehensive data protection framework (in addition to strengthening privacy protections in other legislation) has always…
Content type: Advocacy
29th May 2018
This stakeholder report is a submission by Privacy International (PI) and the Jordan Open Source Association (JOSA).
Privacy International and the Jordan Open Source Association wish to bring concerns about the protection and promotion of the right to privacy for consideration in Jordan’s upcoming review at the 31st session of the Working Group on the Universal Periodic Review.
Content type: Advocacy
29th May 2018
This Universal Periodic Review (“UPR”) stakeholder report is a submission by Privacy International and Paradigm Initiative.
Together Privacy International and Paradigm Initiative wish to bring their concerns about the protection and promotion of the right to privacy in Nigeria before the Human Rights Council for consideration in Nigeria’s upcoming review at the 31st session of the Working Group on the Universal Periodic Review.
Content type: News & Analysis
14th May 2018
In the lead-up to the 30th session of the Universal Periodic Review which took place on 10 May 2018, Fundación Karisma, a partner organisation in the Privacy International Network, joined a coalition of civil society groups in Colombia to raise more awareness about the country's human rights record.
As part of the joint effort, the coalition produced factsheets on various human rights in the Colombian context, including the right to privacy. It is available in both English and Spanish.
Content type: Advocacy
1st March 2018
This stakeholder report is a submission by Dejusticia, Fundación Karisma and Privacy International (PI). Dejusticia is a Colombian human rights organization that provides expert knowledge on human rights. Fundación Karisma is a Colombian civil society organization that seeks to respond to the opportunities and threats that arise in the context of ‘technology for development’ for the exercise of human rights. PI is a human rights organisation that works to advance and promote the right to…
Content type: News & Analysis
24th September 2018
“The gathering and holding of personal information on computers, data banks, and other devices, whether by public authorities or private individuals or bodies, must be regulated by law.”
- UN Human Rights Committee, General Comment No. 16, 1988
Underpinning the obligations of those who process personal data, both public and private institutions, the grounds on which they may do so, and the rights of individuals, there are various data protection principles which promote and uphold values…
Content type: News & Analysis
2nd October 2018
Image attribution: By Blue Diamond Gallery CC BY-SA 3.0.
In March 2017, when the UN Human Rights Council requested the High Commissioner for Human Rights to prepare a report on the right to privacy in the digital age, including the responsibility of business enterprises, Cambridge Analytica was an obscure company among others. A year later the data exploitation scandal erupted, leading to plenty of soul searching by politicians in US, UK, Europe and elsewhere, pledges of enhanced privacy…
Content type: News & Analysis
8th November 2018
Email addresses
Acxiom: dataprotection@acxiom.com
Criteo: dpo@criteo.com
Equifax: complaints@equifax.com
Experian: customerservices@uk.experian.com
Oracle: https://oracle.ethicspointvp.com/custom/oracle/dp/en/form_data.asp
Quantcast: privacy.qil@quantcast.com cc: dpo@quantcast.com
Tapad: privacy@tapad.com
Letter for Acxiom and Oracle
subject line: Right to Erasure Request
I am concerned your company exploits my data.
In accordance with my right[s] under the General Data…
Content type: Impact Case Study
2nd May 2018
What happened
Strong and effective data protection law is a necessary safeguard against industry and governments' quest to exploit our data. A once-in-a-generation moment arose to reform the global standard on data protection law when the European Union decided to create a new legal regime. PI had to fight to ensure it wasn't a moment where governments and industry would collude to reduce protections.
In January 2012, the European Commission published a proposal to comprehensively reform the…
Content type: News & Analysis
9th April 2018
Today, the Transatlantic Consumer Dialogue (TACD) sent a letter to the CEO of Facebook, Mark Zuckerberg, urging Facebook to adopt the General Data Protection Regulation (GDPR) as a baseline standard, not just for EU consumers as it is required, but for all Facebook services.
The letter comes ahead of Facebook Chief Executive Officer, Mark Zuckerberg’s, appearance before congressional committee over Cambridge Analytica’s misuse of customer data to interfere in the U.S. presidential election.…
Content type: Advocacy
19th December 2018
Since 2014 the Indonesian Ministry of Communication and Informatics (MOCI) has been proposing that the Parliament passes a comprehensive data protection law. A first draft data protection law was issued by the Government for public comment in 2015 but no progress was made, and then in early 2018, the Indonesian Government issued a new draft personal data protection law.
While these renewed efforts have positive intentions, a number of concerns ought to be addressed with the aim of…
Content type: Advocacy
19th December 2018
In September 2018, the National Executive sent the proposed Data Protection Bill to the National Congress. The proposed law was directed to the Senate and it will be considered by two commissions: the Commission of Constitutional Affairs (Comision de Asuntos Constitucionales) and the Commission of Rights and Guarantees (Comision de Derechos y Garantías).
Privacy International welcomes the continued efforts by Argentina to provide protections for the right to privacy, already enshrined in the…
Content type: Advocacy
9th October 2018
Privacy International welcomes the effort by the Government of India to reaffirm its commitment to upholding and respecting the right to privacy, and for noting the need to regulate the processing of personal data as essential for the protection of privacy through the adoption of a data protection law.
The urgent need for this legislation has been validated in the Supreme Court decision regarding the Aadhaar Act, which stipulates the need for a robust data protection regime.
However, the…
Content type: Press release
25th May 2018
On the day that GDPR comes into force, PI has launched a campaign investigating a range of data companies that make up a largely hidden data ecosystem. This hidden data ecosystem is comprised of thousands of non-consumer facing data companies - such as Acxiom, Criteo, Quantcast - that amass and exploit large amounts of personal data. Using the rights and obligations provided for within the new data privacy law, PI's campaign involves investigating a selection of these companies whose business…
Content type: News & Analysis
28th April 2018
Image was found here.
As part of Privacy International’s mission, we aim to take the issues emerging from our research and that of our partners to new spaces of debate and to the attention of stakeholders at the national, regional and international level.
In April 2018, Privacy International was able to engage for the first time with the African Commission on Human and People's Rights (ACHPR) at its 62nd Ordinary Session, which took place in Nouakchott, Mauritania.
The right to privacy does…