Search
Content type: News & Analysis
By Ailidh Callander, Legal Officer
This piece first appeared in the 500th edition of the Scottish Legal Action Group Journal (2019 SCOLAG (500, June) 124
Political scandal, stronger regulation on privacy but what about social protection?
In an increasingly digitalised and data driven world, an era of government and corporate mass data exploitation, the right to privacy and data protection and what this means in practice is more important than ever. Surveillance is a power generator and…
Content type: News & Analysis
The first half of 2018 saw two major privacy moments: in March, the Facebook/ Cambridge Analytica scandal broke, followed in May by the EU General Data Protection Regulation ("GDPR") taking effect. The Cambridge Analytica scandal, as it has become known, grabbed the attention and outrage of the media, the public, parliamentarians and regulators around the world - demonstrating that yes, people do care about violations of their privacy and abuse of power. This scandal has been one of…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: News & Analysis
Privacy International welcomes the focus on data and privacy contained in the final report by the UK House of Commons Digital, Culture, Media and Sport Committee (DCMS) on Disinformation and ‘fake news’. Beyond our control, companies and political parties have banded together to exploit our data. This report establishes essential steps to remedying this downward spiral. An important part of the democratic process is freedom of expression and right to political participation, including the right…
Content type: News & Analysis
Email addresses
Acxiom: dataprotection@acxiom.com
Criteo: dpo@criteo.com
Equifax: complaints@equifax.com
Experian: customerservices@uk.experian.com
Oracle: https://oracle.ethicspointvp.com/custom/oracle/dp/en/form_data.asp
Quantcast: privacy.qil@quantcast.com cc: dpo@quantcast.com
Tapad: privacy@tapad.com
Letter for Acxiom and Oracle
subject line: Right to Erasure Request
I am concerned your company exploits my data.
In accordance with my right[s] under the General Data…
Content type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: Press release
Today, Privacy International has filed complaints against seven data brokers (Acxiom, Oracle), ad-tech companies (Criteo, Quantcast, Tapad), and credit referencing agencies (Equifax, Experian) with data protection authorities in France, Ireland, and the UK. Privacy International urges the data protection authorities to investigate these companies and to protect individuals from the mass exploitation of their data.
Our complaints target companies that, despite exploiting the data of millions of…
Content type: News & Analysis
While the worlds’ attention, the world’s humour, including a dedicated playlist of 89 songs on Spotify, were on the coming into force of EU’s General Data Protection Regulation (GDPR) on 25th May, the UK’s Data Protection Act 2018 (DPA 2018) that received Royal Assent only two days previously had barely received a few column inches in the mainstream press.
However, the substance of the debates in parliament during the passage of this Act has received wide…
Content type: Press release
Tomaso Falchetta, PI's Head of Advocacy and Policy team said:
"The adoption of the Data Protection Act represents an important reform which strengthens the rights of individuals and increases obligations for the industry. The Act opens the way for the application of the EU General Data Protection Regulation in the UK, and regulates the processing of personal data by companies, public authorities, law enforcement, and intelligence agencies. PI particularly welcome increased powers for the…
Content type: Press release
Today, as the Data Protection Bill reaches its final stages, Privacy International has written to the leaders of the main UK political parties asking for public commitment to not use the exemption provided in the Bill to target voters - both online and offline - in all local and national forthcoming elections or by-elections.
Privacy International has long been concerned about the exploitation of peoples’ data and the opaque data ecosystem, and the impact of such practices on the democratic…
Content type: News & Analysis
This post was written by Chair Emeritus of PI’s Board of Trustees, Anna Fielder.
The UK Data Protection Bill is currently making its way through the genteel debates of the House of Lords. We at Privacy International welcome its stated intent to provide a holistic regime for the protection of personal information and to set the “gold standard on data protection”. To make that promise a reality, one of the commitments in this government’s ‘statement of intent’ was to enhance…
Content type: News & Analysis
This piece was written by PI Legal Office Millie Graham Wood.
“The UK is leading the way on modern data protection laws and we have worked closely with our EU partners to develop world leading data protection standards”[1] according to, Matt Hancock MP, Minister of State for Digital. However, the proposals in the UK Data Protection Bill continue and expand a highly secretive system which allows processing of personal data to be exempt from key safeguards and fundamental protections on…
Content type: Report
This report sheds light on the current state of affairs in data retention regulation across the EU post the Tele-2/Watson judgment. Privacy International has consulted with digital rights NGOs and industry from across the European Union to survey 21 national jurisdictions (Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, France, Germany, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom).…
Content type: Press release
Key points
Privacy International surveyed 21 EU member states' legislation on data retention and examined their compliance with fundamental human rights standards
0 out of the 21 States examined by PI are currently in compliance with these standards (as interpreted in two landmark judgements by the Court of Justice of the European Union: Tele-2/Watson and Digital Rights Ireland)
Privacy International is calling for:
EU member states to review their legislation on data retention…
Content type: Press release
While welcoming the objective of the Bill, Privacy International has sent a briefing to the House of Lords and a letter to Minister of State for Digital, Matt Hancock MP, outlining key concerns and recommendations. The Bill's stated aim is “to create a clear and coherent data protection regime”, and to update the UK data protection law, including by bringing the EU General Data Protection Regulation (GDPR) and the Data Protection Law Enforcement Directive (DPLED) - into the UK domestic system.…
Content type: News & Analysis
Big data consists mainly of data that is openly available, created and stored. It includes public sector data such as national health statistics, procurement and budgetary information, and transport and infrastructure data. While big data may carry benefits for development initiatives, it also carries serious risks, which are often ignored. In pursuit of the promised social benefits that big data may bring, it is critical that fundamental human rights and ethical values are not cast aside.…
Content type: News & Analysis
It is a long-standing privacy principle that an individual should have access to their personal information. This is particularly necessary in healthcare - after all there is nothing more personal than health information.
As the mass digitisation of health records increases, many issues arise about this access right. The right of 'subject access' comes with its own complexities. One challenge is that individuals can sometimes be compelled to conduct subject access requests in…
Content type: News & Analysis
Compulsory data on every state school pupil in the country can now be used for research “promoting the education or well-being of children in England”, according to UK Department for Education.
The Department’s response to the highly worrying National Pupil Database (NPD), released in late May, is far narrower than previously suggested late last year, with none of the deeply troubling aspects being included in the final proposals, and existing definitions of terms…
Content type: News & Analysis
Privacy International welcomes the absence of a Communications Data Bill in the Queen's Speech. The Communications Data bill was originally set to significantly expand the powers of communications surveillance in the UK and set another bad standard globally. Because of the work by Parliamentarians, a concerted effort by civil society groups and some within industry, this expansion was avoided, for now. However the Queen's Speech did include a mention of new proposals:
In relation…
Content type: News & Analysis
We very much welcome today's announcement by Health Secretary Jeremy Hunt that people will be allowed to opt out of having their medical records shared in the NHS England centralised information bank.
The move is an important one for data privacy and patient choice, and has been a key objective of Privacy International in our collaboration with the new medConfidential (which launched yesterday). A month ago, NHS England (and the Director of…
Content type: News & Analysis
Privacy International welcomes the news that the UK NHS Data Spine is being replaced. We have fundamental privacy concerns about the existing infrastructure, and the proposed changes have the potential to enable the necessary privacy protections to be implemented in a meaningful way.
Core elements of the NHS Spine, the technological infrastructure underpinning the Service that cost the Government over £12 billion pounds, will be have to be replaced after numerous failures. The…
Content type: News & Analysis
"This judgment exposes the widespread and sinister nature of police surveillance of ordinary members of the public in this country. It also acts as a safeguard against the creeping criminalisation of peaceful protest. The Association of Police Officers and Metropolitan Police Commissioner have sanctioned this unlawful conduct for almost a decade and must be made accountable”.
Last week three of the country’s most senior judges in the Court of Appeal found that the Association of Chief Police…
Content type: News & Analysis
Court Of Appeal Tells UK Government That Criminal Records Bureau Checks System Breaches Human Rights
Yesterday the Court of Appeal delivered its judgment in the case of R (on the application of T) v Chief Constable of Greater Manchester & Others concerning the operation of the criminal records check system. The court was considering three cases that hinged on the same question: whether or not the blanket requirement on those applying for jobs involving contact with children and vulnerable adults (approximately four million people each year) to disclose all past convictions,…
Content type: News & Analysis
A full analysis of the UK Information Commissioner's "Anonymisation code of practice: managing data protection risk" will take time and working knowledge of how the code is used in practice.
At the launch, the ICO signalled that while they believed the code was now up to scratch, they were open to additions and clarifications given that it is the first document of its kind in the world. We applaud them for this; the code is likely to be copied internationally, so it is particularly…
Content type: News & Analysis
We welcome the Informational Commissioner's intention to produce guidance for data controllers around the production of Open Data. Rigorous guidance is sorely needed in this area, with even large Government departments getting it dangerously wrong. Some data can be released safely in some circumstances; depending on the type and there has been sufficient consideration of the nuance of the situation. Adequate anonymisation is exceptionally difficult, and reidentification is possibly using…
Content type: News & Analysis
As part of the government’s ambitious Open Data programme, the Cabinet Office announced last year that data from the National Pupil Database (NPD) will be made freely available and accessible to all. The NPD, previously only available to researchers on an academic licence, contains a record for every single state school pupil in the country, covering educational attainment from reception to sixth form, as well as characteristics such as attendance, ethnic background and free…
Content type: News & Analysis
In the PI office, we have daily debates about which platforms to use for our organizational operations. As a privacy charity, we are naturally concerned about the integrity of our own information services and resources, but we frequently receive queries about the best technologies to use from a variety of other organizations, some with very complex threat models.
The sad fact is that we are all poorly served by the range of services currently available. We worry that there is a significant…
Content type: News & Analysis
News emerged today that the new National Crime Agency will be completely exempt from Freedom of Information laws, creating a ‘cloak of secrecy’ around the organization.
The National Crime Agency (NCA), the government’s proposed successor to the Serious and Organised Crime Agency (SOCA), will target organized crime, fraud, child exploitation and smuggling. Described in the media as an ‘FBI-style’ intelligence agency, the NCA is proposed to become fully operational in December 2013.
But…
Content type: News & Analysis
Prime Minister David Cameron may not be quite the “pitiless blank-eyed hell wraith” Charlie Brooker portrayed in yesterday’s Guardian, but he does have some pretty frightening ideas about the Internet. This morning the Prime Minister announced, at a meeting with the Christian charity Mother’s Union, that four of the UK’s biggest ISPs will henceforth require users to opt in if they want to view pornographic material – thereby creating a commercially-owned and controlled database of…
Content type: Press release
Privacy International today published documentation that establishes a deliberate cover-up by the UK Information Commissioner’s Office (ICO) of a failure to uphold its responsibility to enforce the Data Protection Act.
A request under the Freedom of Information Act by PI and No-CCTV has revealed a conflict of interest in the ICO’s mandate and a fundamental failure of process within the Office. The material disclosed proves that the ICO conspired to delay the FOIA request, and attempted to…