Search
Content type: Press release
The Irish Data Protection Commission has today launched an inquiry into the data practices of ad-tech company Quantcast, a major player in the online tracking industry. PI's 2018 investigation and subsequent submission to the Irish DPC showed how the company is systematically collecting and exploiting people's data in ways people are unaware of. PI also investigated and complained about Acxiom, Criteo, Experian, Equifax, Oracle, and Tapad.
PI welcomes this announcement and its focus on…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: Long Read
This image was found here.
Spain is holding a national general election on April 28 (its third in four years). Four weeks later Spaniards will again go to the polls to vote in the European Parliament elections. At Privacy International we are working to investigate and challenge the exploitation of people’s data in the electoral cycle including in political campaigns. This includes looking at the legal frameworks governing the use of data by political parties and their…
Content type: News & Analysis
At the beginning of November 2018, the first GDPR-related privacy and freedom of expression case arose in Romania in connection to the publication by the RISE Project of several articles about a corruption investigation. The articles reported a close relationship between a road construction company that is currently under investigation for fraud, European funds, and a high-profile politician.
Shortly after the first article was published, the Romanian data protection authority (“ANSPDCP”) sent…
Content type: Press release
Consumer groups, NGOs and industry call jointly for the Council of the EU to advance ePrivacy reform
On Monday 3 December, a coalition of more than 30 consumer groups, NGOs and industry representatives sent a letter to EU Ministers and the Council of the EU calling for the conclusion of the negotiations on the reform of the ePrivacy legislation.
The letter was sent prior to yesterday's (4 December) meeting in the TTE Council, with signatories sharing concerns over the slow progress of the negotiations in the Council of the EU despite the repeated scandals that demonstrate the clear and…
Content type: News & Analysis
Our team wanted to see how data companies that are not used to being in the public spotlight would respond to people exercising their data rights. You have the right under the EU General Data Protection Regulation ("GDPR") to demand that companies operating in the European Union (either because they are based here or target their products or services to individuals in the EU) delete your data within one month. We wrote to seven companies and requested that they delete our data, and we've made…
Content type: News & Analysis
This piece originally appeared here.
The tech industry is ramping up its attack and promulgation of myths around the ePrivacy regulation, as shown by Julia Apostle’s op-ed “We survived GDPR, but now another EU privacy law looms” (June 14). Let’s set the record straight.
Myth #1: the ePrivacy regulation will be detrimental for innovation. This predictable and tired argument is made anytime companies face regulation. It is particularly fallacious in this case. The aim of the ePrivacy regulation…
Content type: News & Analysis
7 July 2016
It has been said is that we pay for free services with our personal data. Now, the Privacy Shield exponentially expands this truth and we are paying for the cost of U.S. political dysfunction combined with EU complacency with our privacy. More than four months after the first EU-US Privacy Shield was published on 29 February 2016, a new version has been leaked. Remarkably, it is expected to be adopted.
Four months, two opinions by group of EU data protection…
Content type: News & Analysis
We found this image here.
On 11 October, the LIBE Committee of the European Parliament votes on the draft e-privacy regulation. As the landscape of generation, collection, and other processing of data in the digital sphere evolves, the proposal seeks to update the rules on confidentiality and security of electronic communications and online activities.
Unsurprisingly, companies whose business models rely on tracking individuals online have been busy lobbying against the new regulation. The…
Content type: News & Analysis
After the adoption of the EU General Data Protection Regulation, the Data Protection Directive for Law Enforcement Agencies, the EU-US Privacy Shield, your understandable EU privacy policy fatigue is excused.
But when a coalition of tech and telecom industries calls for a relatively obscure EU directive to be repealed, it may unintentionally trigger an atypical Streisand effect: if companies, which often so cavalier to individuals’ privacy, want to get rid of the EU e-privacy…
Content type: Press release
The committee of data protection regulators across Europe, the Working Party 29, announced today its opinion on the current “Privacy Shield”. The Opinion is expected shortly, and based on the statements made by the Working Party chair in a press conference, we understand that the Working Party, while noting improvements from the annulled “Safe Harbor” agreement, has serious concerns about a range of aspects of the current "Privacy Shield" agreement with the U.S.
Overall they note the…
Content type: News & Analysis
Should the European Union agree to legitimise trade with a country that refuses to adhere to European legal standards? This is the fundamental question that will be addressed at tomorrow’s meeting among European privacy regulators when they publish their opinion on the data-sharing agreement known as the ‘Privacy Shield’, the replacement to the failed ‘Safe Harbour’ agreement.
Background
Many of the world’s largest companies, such as Google and Facebook, store their customers’ data in…
Content type: News & Analysis
PI's full analysis can be read here
On 29 February 2016, the European Commission and the US government released the details of the proposed EU-U.S. “Privacy Shield”. The “Privacy Shield” replaces the now defunct so-called “Safe Harbor”.
The Privacy Shield is in fact a significant number of documents from various parts of the U.S. administration, which merely outline the existing, weak U.S. safeguards applicable to personal data of EU citizens. These documents are…
Content type: News & Analysis
The major overhaul of data protection laws in Europe is finally over, after three years of arduous and sustained political and lobbying activity by all those with a major stake and interest, including us at Privacy International (See our initial analysis of the two laws in 2012). We welcome this long overdue closure, but is this 91-articled, 200-paged piece of legislation been worth the enormous effort and no doubt millions of euros, dollars and pounds spent on it?
The legislative package…
Content type: News & Analysis
Privacy laws around the world are under threat by ambitious governments and voracious industry. Sixty-six privacy, digital rights and consumer rights organisations from around the world have joined forces to push back against attempts to weaken European privacy legislation. The coalition today wrote to the President of the European Commission (the civil service of the European Union) to demand that high levels of privacy protections must be respected in Europe's ongoing revision of its data…
Content type: News & Analysis
To read Privacy International's take on the ruling, go here.
What does the decision actually say?
The primary question that the Court was asked to consider was whether Google Search has obligations under the Data Protection Directive 1995, the EU legal framework regulating how public bodies and businesses deal with individuals’ personal data.
There were three primary issues at hand: the first was whether Google Inc., the international entity which operates Google Search, was under the…
Content type: News & Analysis
Since the European Court of Justice in May ruled in the “right to be forgotten” case, there has been a dizzying amount of debate about the decision, and its implications for privacy and free expression.
A main thread within these discussions is an old story that US Industry loves to tell and has told for some time: Europeans love privacy law, and Americans love free speech, and the twain shall never meet.
The Google Search case at the European Court of Justice has fuelled this view…
Content type: News & Analysis
We, and other privacy advocates, havecriticised the poor provisions of the so-called Safe Harbour agreement, which allows free transfers of personal information from European countries to companies in the United States that have signed up and promise to abide by its Principles. Now the European Commission, prompted by the recent mass surveillance scandals, has published an investigation into this agreement which provides overwhelming evidence that it is not fit for purpose. It…
Content type: News & Analysis
The European Parliament Committee that deals with civil liberties and justice issues will have a first vote this week on the revised European data protection framework after months and months of deliberations and negotiations over more than 4,000 amendments. The vote is the first on the framework, which will decide the future of privacy and data protection in Europe. The recent revelations surrounding government surveillance involving some of the Internet's biggest companies have highlighted…
Content type: News & Analysis
Just over a year ago, vitally important reforms to European privacy and data protection laws were proposed. Now these reforms, which will affect the rights of half a billion Europeans, are being watered down in their passage through various European parliamentary committees as MEPs succumb to an unprecedented industry lobbying onslaught. There is now irrefutable evidence of the impact of this lobbying, thanks to a technology-powered research method comparing corporate lobby documents…
Content type: Press release
A European privacy group claimed today that dozens of amendments to the new Data Protection Regulation being proposed by Members of the European Parliament (MEPs) are being copied word-for-word from corporate lobby papers, with MEPs frequently failing to even remember their own amendments. Max Schrems, of the website and campaign Europe v Facebook, noticed striking similarities between proposed amendments and lobby papers written by representatives of Amazon, eBay, the American Chamber of…
Content type: News & Analysis
Today is Data Privacy Day, which commemorates the 1981 signing of the Coucil of Europe's Convention 108, the first legally binding international treaty dealing with privacy and data protection. It is celebrated all over Europe, as well as in Canada and the United States since 2008. To mark the occasion, Privacy International, together with other prominent privacy and digital rights organisations, is launching the Brussels Declaration. It urges Brussels parliamentarians and European…
Content type: News & Analysis
Next week, the European Parliament will make an important decision affecting one of the world’s most vulnerable and stigmatised groups of people: asylum seekers. This decision is part of a larger debate about privacy and function creep, about authorities breaking promises that were made when personal information was collected and using it for new purposes.
EURODAC, a transnational database containing the personal and biometric information of all asylum seekers and illegal immigrants found…
Content type: News & Analysis
Tuesday’s letter to Google CEO Larry Page, personally signed by 29 European data protection authorities, ordered the corporation (inter alia) to give users greater control over their personal information. The notions of trust and control are emphasised throughout the letter, and Google is urged to "…develop new tools to give users more control over their personal data" and "collect explicit consent for the combination of data for certain purposes". It is good news that the…
Content type: News & Analysis
APEC privacy activity has passed another milestone with the acceptance in July 2012 of the USA as the first economy to formally join the cross border privacy rules (CBPR) system. The CBPR Joint Oversight Panel (JOP), with the Canadian chair of the Data Privacy Subgroup (DPS) standing in for the US member in accordance with the ‘no conflict of interest’ provisions, accepted the US government application, which nominated the Federal Trade Commission (FTC) as the privacy enforcement authority…
Content type: News & Analysis
Privacy International welcomes the Select Committee Inquiry. We approach the proposed EU Data Protection Framework from the perspective of individual citizens and consumers.
We consider that this Inquiry and other consultations must take into account not just considerations of burdens to business and administrations, but also the fundamental rights of individuals to privacy and data protection that the UK has to comply with as a signatory to EU treaties and conventions.
The…
Content type: News & Analysis
On 25th January 2012, the European Commission published a proposal that would comprehensively reform the European data protection legal regime. One aspect of its proposal, a new Regulation (the “Proposed Regulation”),1 would modernise and further harmonise the data protection regime created by the Data Protection Directive (95/46/EC). Another aspect of the Commission’s proposal, a new Directive2 (the “Proposed Directive”), would set out new rules on “the protection of individuals with…
Content type: News & Analysis
On 25th January 2012, the European Commission published a proposal that would comprehensively reform the European data protection legal regime. One aspect of the proposal, a new Regulation (the “Proposed Regulation”),1 would modernise and further harmonise the data protection regime created by the Data Protection Directive (95/46/EC). Another aspect of the Commission’s proposal, a new Directive (the “Proposed Directive”), would set out new rules on “the protection of individuals with…
Content type: News & Analysis
A widely-leaked version of the first legislative proposal for a General Data Protection Regulation is making its way through Brussels and beyond. The purpose of this 'Regulation' is to provide a new tool for harmonising the protection of personal data across the European Union, and one that takes into consideration the current legislative and technological environment. The key point is that Europe's rules on privacy are often taken as an example to the world -- and provide a rare…
Content type: News & Analysis
The European Commission is about to announce the compulsory fingerprinting of all visitors to the EU, both visa holders and non-visa holders, along with automated border checks of EU nationals through the analysis of fingerprints and facial scans.
The Communication from December 2007, available here on the PI site, outlines the plans. Below we summarise the plans. Also see PI's commentary in the Guardian CommentisFree section from February 11, 2008.
Critical Analysis
The Communication does…