Search
Content type: Examples
12th August 2019
In February 2019, the World Food Programme, a United Nations aid agency, announced a five-year, $45 million partnership with the data analytics company Palantir. WFP, the world's largest humanitarian organisation focusing on hunger and food security, hoped that Palantir, better known for partnering with police and surveillance agencies, could help analyse large amounts of data to create new insights from the data WFP collects from the 90 million people in 80 countries to whom it distributes 3…
Content type: Examples
12th August 2019
As early as 2008, the Chinese telecommunications giant ZTE began helping Venezuela develop a system similar to the identity system used in China to track social, political, and economic behaviour. By 2018, Venezuela was rolling out its "carnet de la patria", a smart-card "fatherland" ID card that was being increasingly linked to the government-subsidised health, food, and other social programmes most Venezuelans relied on for survival. In 2017, Venezuela hired ZTE to build a comprehensive…
Content type: Examples
3rd May 2019
Research from the Brennan Center shows minorities are primarily affected by new laws that restrict citizens access to voting through ID requirement, increased distance to polling station, inconvenient opening hours and hidden costs.
https://www.theguardian.com/world/2012/jul/18/voter-id-poor-black-americans
Writer: Ed Pilkington
Publication: The Guardian
Content type: Examples
5th May 2018
In February 2018 the Home Office gave the Yorkshire Police 250 scanners that use a smartphone app to run mobile fingerprint checks against the UK's criminal fingerprint and biometrics database (IDENT1) and the Immigration and Asylum Biometrics System (IABS). The app was simultaneously made available to all 5,500 frontline Yorkshire Police officers, with a plan to roll the service out to another 20 forces by the end of 2018. Police are able to use the scanners when people they stop on the street…
Content type: Examples
12th August 2019
The Home Office Christmas 2018 announcement of the post-Brexit registration scheme for EU citizens resident in the UK included the note that the data applicants supplied might be shared with other public and private organisations "in the UK and overseas". Basing the refusal on Section 31 of the Freedom of Information Act, the Home Office refused to answer The3Million's FOI request for the identity of those organisations. A clause in the Data Protection Act 2018 exempts the Home Office from…
Content type: Examples
13th August 2019
In February 2019 Gemalto announced it would supply the Uganda Police Force with its Cogent Automated Biometric Identification System and LiveScan technology in order to improve crime-solving. LiveScan enables police to capture biometric data alongside mugshots and biographical data. CABIS speeds up the biometric matching process by mapping distinctive characteristics in fingerprints, palm prints, and facial images. The Ugandan police will also pilot Gemalto's Mobile Biometric Identification…
Content type: Examples
2nd May 2018
In 2012, London Royal Free, Barnet, and Chase Farm hospitals agreed to provide Google's DeepMind subsidiary with access to an estimated 1.6 million NHS patient records, including full names and medical histories. The company claimed the information, which would remain encrypted so that employees could not identify individual patients, would be used to develop a system for flagging patients at risk of acute kidney injuries, a major reason why people need emergency care. Privacy campaigners…
Content type: Examples
7th May 2019
In Ireland benefits claimants are expected to register for a Public Services Card (PSC) in order to access benefits. PSC users are expected to have their photographs taken in department offices, which is then digitally captured along with their signature. While this card was originally created to prevent benefits fraud – by insuring someone could not register twice to claim benefits – it is increasingly being used as a de facto form of ID and citizens have been apply for PSC even when they do…
Content type: Examples
1st December 2017
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content type: Examples
17th May 2019
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content type: Examples
12th August 2019
After an 18-month investigation involving interviews with 160 life insurance companies, in January 2019 New York Financial Services, the state's top financial regulator, announced it would allow life insurers to use data from social media and other non-traditional sources to set premium rates for its customers. Insurers will be required to demonstrate that their use of the information doesn't unfairly discriminate against specific customers. New York is the first state to issue specific…
Content type: Examples
26th September 2018
In December 2017, it was revealed that the large telco Bharti Airtel made use of Aadhaar-linked eKYC (electronic Know Your Customer) to open bank accounts for their customers without their knowledge or consent. eKYC is a way of using data in the UIDAI database as part of the verification process, which Airtel made use of for the issuing of SIM cards, and also secretly opened bank accounts with their Airtel Payments Bank. More than 2 million accounts could have been opened, receiving more than…
Content type: Examples
1st December 2017
In 2017, a website run by the Jharkhand Directorate of Social Security leaked the personal details of over.1 million Aadhaar subscribers, most of them old age pensioners who had enabled automatic benefits payment into their bank accounts. Aadhaar is a 12-digit unique identification number issued to all Indian residents based on their biometric and demographic data. Both cyber security agencies and the Supreme Court have expressed concerns over its security, especially in view of the government'…
Content type: Examples
13th August 2019
In November 2018, Italy's Data Protection Authority advised against a proposal from the country's Interior Minister, Matteo Salvini, to replace "parent 1 and parent 2" on children's national ID cards with "mother and father". Salvini, who campaigned for election earlier in 2018 on a socially conservative platform, also called for gender-specific terms throughout the application and for applications submitted on behalf of under-14s to include permission from both parents. The DPA argued that the…
Content type: Explainer
21st July 2020
Definition
An immunity passport (also known as a 'risk-free certificate' or 'immunity certificate') is a credential given to a person who is assumed to be immune from COVID-19 and so protected against re-infection. This 'passport' would give them rights and privileges that other members of the community do not have such as to work or travel.
For Covid-19 this requires a process through which people are reliably tested for immunity and there is a secure process of issuing a document or other…
Content type: Examples
12th August 2019
In December 2018, Facebook provided an update on the civil rights audit it asked civil rights leader Laura Murphy to undertake in May. Based on advice Murphy culled from 90 civil society organisations, Facebook said it had expanded its policy prohibiting voter suppression, updated its policy to ban misrepresentation about how to vote, begun sending information about voting to third-party fact checkers for review, and was ramping up efforts to encourage voter registration and engagement.
https…
Content type: Examples
7th May 2019
In India, one of the reasons the Aadhaar ID system has been increasingly widely used is that it is mandatory for much India’s benefits system. Government subsidies are now processed through under the Direct Benefit Transfer scheme, which requires citizens to have a bank account and to insure that their Aadhaar number is linked to their bank account so they can receive subsidies.
https://www.paisabazaar.com/aadhar-card/want-to-avail-government-subsidies-provide-aadhaar-and-get-it-easily/…
Content type: Examples
7th May 2019
While not currently mandatory to access healthcare services, Aadhaar is however increasingly used in the health sector as well. In 2018, the health ministry had to issue a statement to clarify that Aadhaar was “desirable” but not a must to access a 5 rupee insurance cover for hospitalisation under the Ayushman Bharat scheme.
https://www.hindustantimes.com/india-news/aadhaar-desirable-not-must-for-rs-5-lakh-healthcare-scheme-says-centre/story-mvQwqSKzDFYE0rhxqLFbLO.html
Author: Rhythma Kaul…
Content type: Report
11th September 2020
A common theme of all major pieces of national jurisprudence analyzing the rights implications of national identity system is an analysis of the systems’ impacts on the right to privacy.
The use of any data by the State including the implementation of an ID system must be done against this backdrop with respect for all fundamental human rights. The collection of data to be used in the system and the storage of data can each independently implicate privacy rights and involve overlapping and…
Content type: Report
11th September 2020
Rather than providing a list of arguments, as is the case in the other sections of this guide, the fifth section provides a general overview describing the absence of consideration of these themes in existing jurisprudence and the reasons why these themes warrant future consideration including identity systems’ implications for the rule of law, the role of international human rights law, and considerations of gender identity.
Democracy, the Rule of Law and Access to Justice: This analysis of…
Content type: Report
11th September 2020
While identity systems pose grave dangers to the right to privacy, based on the particularities of the design and implementation of the ID system, they can also impact upon other fundamental rights and freedoms upheld by other international human rights instruments including the International Covenant on Civil and Political Right and the International Covenant on Economic, Social and Cultural Rights such as the right to be free from unlawful discrimination, the right to liberty, the right to…
Content type: Report
15th September 2020
Privacy International partnered with the International Human Rights Clinic at Harvard Law School to guide the reader through a simple presentation of the legal arguments explored by national courts around the world who have been tasked with national courts that discuss the negative implications of identity systems, particularly on human rights, and to present their judgement.
This argumentation guide seeks to fill that gap by providing a clear, centralised source of the arguments advanced in…
Content type: Report
11th September 2020
National identity systems naturally implicate data protection issues, given the high volume of data necessary for the systems’ functioning.
This wide range and high volume of data implicates raises the following issues:
consent as individuals should be aware and approve of their data’s collection, storage, and use if the system is to function lawfully. Despite this, identity systems often lack necessary safeguards requiring consent and the mandatory nature of systems ignores consent entirely…
Content type: Report
11th September 2020
Identity systems frequently rely on the collection and storage of biometric data during system registration, to be compared with biometric data collected at the point of a given transaction requiring identity system verification.
While courts have arguably overstated the effectiveness and necessity of biometric data for identity verification in the past, the frequency of biometric authentication failure is frequently overlooked. These failures have the potential to have profoundly negative…
Content type: Report
11th September 2020
Many countries in the world have existing ID cards - of varying types and prevalence - there has been a new wave in recent years of state “digital identity” initiatives.
The systems that states put in place to identify citizens and non-citizens bring with them a great deal of risks.
This is particularly the case when they involve biometrics - the physical characteristics of a person, like fingerprints, iris scans, and facial photographs.
Activists and civil society organisations around the…
Content type: Examples
7th May 2019
Cases of people being denied healthcare as they fail to provide an Aadhaar number have already started emerging. A 28-year old domestic worker, for instance, had to be hospitalised for a blood transfusion after she had an abortion with an unqualified local physician. She had been denied an abortion, to which she was legally entitled, from a reputable government hospital, as she did not have an Aadhaar card. Following this case, 52 public health organisations and individuals issued a statement…
Content type: Explainer
9th January 2019
Photo credit: warrenski
Mandatory SIM card registration eradicates the potential for anonymity of communications, enables location-tracking, and simplifies communications surveillance and interception. By facilitating the creation of an extensive database of user information, it places individuals at risk of being tracked or targeted, and having their private information misused. In the absence of comprehensive data protection legislation and judicial oversight, SIM users' information can be…