Search
Content type: News & Analysis
21st April 2020
A few weeks ago, its name would probably have been unknown to you. Amidst the covid-19 crisis and the lockdown it caused, Zoom has suddenly become the go-to tool for video chat and conference calling, whether it’s a business meeting, a drink with friends, or a much needed moment with your family. This intense rise in use has been financially good to the company, but it also came with a hefty toll on its image and serious scrutiny on its privacy and security practices.
While Zoom already had a…
Content type: News & Analysis
6th February 2020
On 30 January 2020, Kenya’s High Court handed down its judgment on the validity of the implementation of the National Integrated Identity Management System (NIIMS), known as the Huduma Namba. Privacy International submitted an expert witness testimony in the case. We await the final text of the judgment, but the summaries presented by the judges in Court outline the key findings of the Court. Whilst there is much there that is disappointing, the Court found that the implementation of NIIMS…
Content type: Long Read
4th December 2020
In 2019, we exposed the practices of five menstruation apps that were sharing your most intimate data with Facebook and other third parties. We were pleased to see that upon the publication of our research some of them decided to change their practices. But we always knew the road to effective openness, transparency, informed consent and data minimisation would be a long one when it comes to apps, which for the most part make profit from our menstrual cycle and even sometimes one’s desire to…
Content type: Examples
12th April 2020
The US Department of Health and Human Services has announced it will waive penalties for violations of the Health Insurance Portability and Accountability Act, which protects patient data privacy. HHS argued that in the nationwide emergency caused by the COVID-19 pandemic, greater latitude is needed to allow doctors to provide telehealth services and use new technologies such as one-on-one video conferencing apps to communicate with patients. However, the agency said that public-facing…
Content type: Examples
24th July 2020
In early July the Open Rights Group issued a pre-action legal letter to UK health secretary Matt Hancock and the Department of Health and Social Care saying they have breached requirements under the Data Protection Act 2018 and GDPR by failing to conduct an impact assessment for the Test and Trace system. ORG and its lawyers, AWO, had been asking for details of the DPIA since the beginning of June, a few days after the system was launched. In their response, the DHSC’s lawyers said “there were…
Content type: Examples
20th August 2020
The outsourcing company Serco, which the UK government has contracted to perform contact tracing, accidentally shared the email addresses of almost 300 of the contact tracers it hired when a staff member sent an introductory email and used CC rather than blind CC. Serco does not intend to refer itself to the Information Commissioner's office.
Writer: Ross Hawkins
Publication: BBC
Content type: Examples
12th April 2020
On March 20, the UK's Department of Health and Social Care published a notice providing legal backing for the NHS to set aside the duty of patient confidentiality as part of its response to the COVID-19 pandemic. As long as it is to fight the coronavirus, NHS organisations and GPs may share whatever patient data they deem necessary.
Source: https://twitter.com/halhod/status/1245297265054367744/photo/1
Writer: Hal Hodson
Publication: Twitter
Content type: Examples
13th July 2020
Hours before OpenDemocracy filed suit to compel the UK government to release all the contracts governing its deals with a list of technology firms including Amazon, Microsoft, Google, Palantir, and Faculty, the UK government released the contracts. Faculty is being paid more than £1 million to provide AI services for the NHS, and the companies involved in the NHS data store project, including Faculty and Palantir, were originally granted intellectual property rights and were allowed to train…
Content type: Examples
21st September 2020
Following trials in Leicester, Luton, and Blackburn with Darwen, the UK government will assign teams of health care professionals to more than ten local authorities and offer them Public Health England’s near real-time data on infections and a dedicated team of contact tracers, shifting away from its £10 billion centralised national system run under contract by Serco. As of early August, the Serco scheme was still failing to reach a significant proportion of those who had been in close contact…
Content type: News & Analysis
27th October 2020
Privacy International (PI) welcomes today's report from the UK Information Commissioner's Office (ICO) into three credit reference agencies (CRAs) which also operate as data brokers for direct marketing purposes. As a result, the ICO has ordered the credit reference agency Experian to make fundamental changes to how it handles people's personal data within its offline direct marketing services.
It is a long overdue enforcement action against Experian.
Read our Q&A on the report here.…
Content type: Long Read
26th June 2020
What Do We Know?
In late March, the NHS quietly announced that it would give technology businesses access to unprecedented quantities of patient data for processing and analysis in response to COVID-19. One of those businesses is CIA-backed Palantir Technologies. Palantir’s software is allegedly “mission critical” to US Immigration and Customs Enforcement’s (ICE) mass raids, detentions, and deportations. Despite trusting Palantir with patient data, the NHS has been tight-lipped about the scope…
Content type: Advocacy
23rd April 2020
Background
In February 2020, the Australian Competition and Consumer Commission (ACCC) commenced an investigation into the proposed acquisition of Fitbit by Google, which was originally announced in November 2019.
Google, whose parent company, Alphabet, in 2018, generated 85% of its $136.22 billion in revenue from delivering targeted advertisements, has a past of competition law infringements in the European Union. Fitbit is a company that produces and sells health tracking technologies and…
Content type: Advocacy
1st July 2020
Privacy International responded to the call for submissions on Zimbabwe’s Cyber Security and Data Protection Bill, 2019.
According to its Memorandum, the Bill seeks to “consolidate cyber related offences and provide for data protection with due regard to the Declaration of Rights under the Constitution and the public and national interest.” The Bill also proposes the establishment of a Cyber Security Centre and a Data Protection Authority.
In its submission, PI applauds the positive aspects…
Content type: Examples
23rd September 2020
A study describes the data transmitted to backend servers by the Google/Apple based contact tracing (GAEN) apps in use in Germany, Italy, Switzerland, Austria, and Denmark and finds that the health authority client apps are generally well-behaved from a privacy point of view, although the Irish, Polish, Danish, and Latvian apps could be improved in this respect. However, the study also finds that the Google Play Services component of the apps contacts Google servers as often as every 20 minutes…
Content type: News & Analysis
24th April 2020
An estimated 90% of the world’s student population are affected by school closures in the Covid-19 pandemic. And, in the absence of physical space, education technology companies are stepping in to fill the gap. There are plenty of reasons to be excited about the potential of technology to provide support, but it’s important to consider the ongoing implications of which technology we choose, and the implications for those families who don’t have access to them in the first place.
That’s why we…
Content type: Long Read
1st May 2020
Photo by Cade Roberts on Unsplash
For those of you who don't spend the most productive part of your day scanning the news for developments about data and competition, here's what has been going on in the UK since summer 2019.
Basically, the UK competition authority started an investigation into online platforms and digital advertising last summer, and issued their preliminary findings in December 2019, concluding that Facebook and Google are very powerful in the search engine and social media…
Content type: Frequently Asked Questions
27th October 2020
On 27 October 2020, the UK Information Commissioner's Office (ICO) issued a report into three credit reference agencies (CRAs) - Experian, Equifax and TransUnion - which also operate as data brokers for direct marketing purposes.
After our initial reaction, below we answer some of the main questions regarding this report.
Content type: Case Study
17th September 2020
The Peruvian government has a history of collaboration with the private sector in developing technology with the alleged purpose of providing greater security to citizens. The most recent example, the smartphone application "Peru En Tus Manos" launched in the context of the Covid-19 crisis, has been developed in a similar fashion and currently collects geolocation data on more than a million users. Although Peru has a proper legal framework for public private partnerships, developments are…
Content type: Video
23rd June 2020
Immediately following the UK general election in December 2019, we worked with Open Rights Group to commission a YouGov poll about public understanding and public opinion about the use of data-driven campaigning in elections.
The poll used a representative sample of 1,664 adults across the UK population.
'Data-driven political campaigning' is about using specific data about you to target specific messages at you. So, for this might involve knowing that you are, for example, likely to have…
Content type: Advocacy
24th February 2020
TEDIC, InternetLab, Derechos Digitales, la Fundación Karisma, Dejusticia, la Asociación por los Derechos Civiles y Privacy International acogen el llamado de la Relatoría Especial sobre Derechos Económicos, Sociales, Culturales y Ambientales (DESCA) de la Comisión Interamericana de Derechos Humanos (CIDH) de enviar información para la elaboración del Informe Anual sobre DESCA del año 2019, que se presentará ante la Organización de los Estados Americanos (OEA) en 2020.
El objeto de este…
Content type: Examples
26th March 2020
On March 14, the Peruvian government set up a website for individuals to check their symptoms so they can be directed towards sources of help. The web form asks for ID number, phone, email and home address.
Source: https://www.gob.pe/coronavirus
Writer: Peruvian government
Publication: Peruvian government
Content type: Examples
20th May 2020
A parliamentary panel granted Israel's Shin Bet security service an additional three weeks to use mobile phone data to track people infected with the coronavirus; prime minister Benjamin Netanyahu had requested a six-week extension while his government drafts legislation to regulate the data use in line with requirements imposed by the Israeli Supreme Court. Testimony given to the parliament's intelligence subcommittee showed that the Shin Bet surveillance was the reason it was possible to…
Content type: Examples
15th June 2020
The lack of data protection laws and the absence of a privacy commission are contributing factors to Pakistan’s failure to investigate or remedy security flaws in the country’s recently-launched COVID-19 tracking technology, which partially depends on a system originally developed to combat terrorism. While there are no reported cases of harassment or targeting based on the leak online of the personal details of thousands of COVID-19 volunteers, the lack of response fails to boost citizens’…
Content type: Examples
24th July 2020
After ORG asked questions via its legal representative, AWO’s Ravi Naik, the UK’s Department of Health and Social Care agreed to change the period it would retain Test and Trace data from 20 years to eight. Public Health England manager Yvonne Doyle explained that the novelty of COVID-19 was the reason for keeping the data longer, in case PHE needed to get back in touch with those who had tested positive with additional information.
Publication: ZDNet
Writer: Daphne Leprince-Ringuet
Content type: Examples
12th April 2020
GDPRHub is collecting a list of projects around the world that are using personal data to combat the novel coronavirus. The list is divided into categories such as decentralised contact tracing apps and frameworks; centralised contact tracing systems; lockdown enforcement; self-assessment apps; mapping projects; and statistical analysis. The site also tracks COVID-19-releated data protection issues.
Source: https://gdprhub.eu/index.php?title=Projects_using_personal_data_to_combat_SARS-CoV-2…
Content type: Long Read
24th February 2020
In 2018, following the Cambridge Analytica scandal, Facebook announced the “Download Your Information” feature allowing users to download all the information that the company have on them since the creation of the account. All of it? It doesn’t seem so. Concerns were quickly raised when Facebook released the feature, that the information was inaccurate and incomplete.
Privacy International recently tested the feature to download all ‘Ads and Business’ related information (You can accessed it…
Content type: Call to Action
18th June 2020
Google wants to know everything about you.
It already holds a massive trove of data about you, but by announcing its plans to acquire the health and fitness tracker company Fitbit, it now clearly wants to get its hands on your health too. We don’t think any company should be allowed to accumulate this much intimate information about you. This is why we’re trying to stop its merger with Fitbit.
Google and Fitbit need the European Commission’s approval before they can merge. The merger would…
Content type: Examples
18th March 2020
A task force at the Italian Ministry of Innovation, in collaboration with the University of Pavia to leverage big data technologies to deal with COVID-19, after the WHO advised governments that lockdowns alone are not enough, and that testing, isolation, and contact tracing are crucial. The effort is beginning with anonymised data provided by Facebook; Italian telcos including Tim, Vodafone, Wind Tre, and FastWeb, via their Asstel trade association, have also offered anonymous datasets…
Content type: Explainer
30th July 2020
At first glance, infrared temperature checks would appear to provide much-needed reassurance for people concerned about their own health, as well as that of loved ones and colleagues, as the lockdown is lifted. More people are beginning to travel, and are re-entering offices, airports, and other contained public and private spaces. Thermal imaging cameras are presented as an effective way to detect if someone has one of the symptoms of the coronavirus - a temperature.
However, there is little…
Content type: Examples
26th March 2020
The Indonesian Doctors Association has asked the government to open up the identity of patients who have tested positive for the novel coronavirus in order to facilitate contact tracing and improve the efficiency of efforts to prevent further spread, arguing that in an emergency like this the public will support the disclosure in the interests of safety.
Source: https://mediaindonesia.com/read/detail/296992-permudah-kontak-tracing-idi-dorong-pemerintah-buka-data-pasien
Writer: Atalya Puspa…