Search
Content type: News & Analysis
Photo by Jake Hills on UnsplashOur research has shown how some apps like Maya by Plackal Tech and MIA by Mobbap Development Limited were – at the time of the research – sharing your most intimate data about your sexual life and medical history with Facebook.Other apps like Mi Calendario, Ovulation Calculator by Pinkbird and Linchpin Health were letting Facebook know every time you open the app.We think companies like theses should do better and we are pleased to see some of them have already…
Content type: Long Read
In December 2018, Privacy international exposed the dubious practices of some of the most popular apps in the world.
Out of the 36 apps we tested, we found that 61% automatically transfer data to Facebook the moment a user opens the app. This happens whether the user has a Facebook account or not, and whether they are logged into Facebook or not. We also found that some of those apps routinely send Facebook incredibly detailed and sometimes sensitive personal data. Again, it didn’t matter if…
Content type: Long Read
A new study by Privacy International reveals how popular websites about depression in France, Germany and the UK share user data with advertisers, data brokers and large tech companies, while some depression test websites leak answers and test results with third parties. The findings raise serious concerns about compliance with European data protection and privacy laws.
This article is part of a research led by Privacy International on mental health websites and tracking. Read our…
Content type: News & Analysis
This article is part of a research led by Privacy International on mental health websites and tracking. Read our full report.
According to the World Health Organisation (WHO), 25 percent of the European population suffers from depression or anxiety each year, yet about 50% of major depressions remain untreated. This means that everyday thousands of people are looking for information about depression online. They take tests to find out how serious their symptoms are, they try to access…
Content type: Advocacy
On 28 August 2019 PI joined International Privacy Network partner Asociación por los Derechos Civiles and others in writing to the Directors of Public Policy for Latin America at Facebook, Google, and Twitter. The letters outline what steps are needed to make the social media giants' ad archives effective. Earlier this year organisations across Europe, led by the Mozilla, wrote to the companies with similar guidelines - the letters sent today say that equivalent steps should be taken for ad…
Content type: Examples
After four years of negotiation, in 2017 Google began paying Mastercard millions of dollars for access to the latter's piles of transaction data as part of its "Stores Sales Measurement" service. Google, which claimed to have access to 70% of US credit and debit cards through partners, said that double-blind encryption prevents both partners from seeing the other's users' personally identifiable information. Mastercard said the company shares transaction trends with merchants and their service…
Content type: Explainer
Recently the role of social media and search platforms in political campaigning and elections has come under scrutiny. Concerns range from the spread of disinformation, to profiling of users without their knowledge, to micro-targeting of users with tailored messages, to interference by foreign entities, and more. Significant attention has been paid to the transparency of political ads - what are companies doing to provide their users globally with meaningful transparency into how they…
Content type: Examples
French website IVG.net, first Google result when typing IVG (Interuption Volontaire de Grossesse or abortion in french), has been exposed as being anti-abortion website spreading misinformation. Offering an official looking "Numero vert" (free to call phone number number), IVG.net attempts to convince pregnant women calling the service that abortion is a high risk operation which will have terrible impact on their health and personal life, pressuring women to not undertake such operation. The…
Content type: Long Read
Photo by David Werbrouck on Unsplash
This is an ongoing series about the ways in which those searching for abortion information and procedures are being traced and tracked online. This work is part of a broader programme of work aimed at safeguarding the dignity of people by challenging current power dynamics, and redefining our relationship with governments, companies, and within our own communities. As an enabling right, privacy plays an important role in supporting the exercise of…
Content type: Long Read
By Valentina Pavel, PI Mozilla-Ford Fellow, 2018-2019
Our digital environment is changing, fast. Nobody knows exactly what it’ll look like in five to ten years’ time, but we know that how we produce and share our data will change where we end up. We have to decide how to protect, enhance, and preserve our rights in a world where technology is everywhere and data is generated by every action. Key battles will be fought over who can access our data and how they may use it. It’s time to take…
Content type: Examples
Absher, an online platform and mobile phone app created by the Saudi Arabian government, can allow men to restrict women’s ability to travel, live in Saudi Arabia, or access government services. This app, which is available in the Google and Apple app stores, supports and enables the discriminatory male guardianship system in Saudi Arabia and violations of womens’ rights, including the right to leave and return to one’s own country. Because women in Saudi Arabia are required to have a male…
Content type: Long Read
Everyday objects and devices that can connect to the Internet -- known as the Internet of Things (IoT) or connected devices -- play an increasing role in crime scenes and are a target for law enforcement. Exploiting new technologies that are in our homes and on our bodies as part of criminal investigations and for use as evidence, raises new challenges and risks that have not been sufficiently explored.
We believe that a discussion on the exploitation of IoT by law enforcement would…
Content type: Long Read
When you go abroad, you expect to show your passport right? But what if immigration authorities wanted access to your Facebook, Instagram and Twitter accounts before they let you enter a country? What if they wanted to vet you based on your updates, photos, likes, retweets and even your DMs?
We think social media companies, who make literally billions of dollars out of you, and wield massive power and influence, should challenge governments on YOUR behalf. They should be protecting their users…
Content type: Case Study
In this next leap to year 2030, Amtis lives the life of a data labourer, being paid wages for data inputs. Here’s how Amtis begins the story:
I am in my green pyjamas, but I can’t say for sure if it’s morning or evening. My eyes are red from staring at screens. I am discouraged and very tired. Of course, all these emotions and reactions are registered by my Playbour – my pocket-sized smart console that has basically become my entire life. It’s my connection to family, friends and the world; my…
Content type: Case Study
In 2030 Amtis finds a future where property rights for data were adopted. Here’s how this future plays out:
My data, my turf. This was the first graffiti I saw as I was walking down the street and I said to myself, “Yeah, big corp, we’re going to get you good!”. I am fed up with companies making insane amounts of money from my data. If this is the game we’re playing, I want my fair share.
I was not the only one thinking like this. A few years back there was a strong push towards adopting…
Content type: Advocacy
Privacy International has today sent letters to leading social media platforms to ask what they're doing to protect their users' from dangerous surveillance by government immigration authorities.
The letter comes following the implementation of plans by US authorities to require nearly all visa applicants to hand over identifiers of all social media accounts they have used in the previous five years, or face “serious immigration consequences”.
The move not only represents…
Content type: News & Analysis
Privacy International has joined a global coalition of privacy campaigners, tech companies, and technology experts to respond to proposals by British intelligence chiefs aimed at allowing them access to encrypted messaging apps such as WhatsApp or Signal.
If implemented, the proposals would allow government authorities to force messaging platforms to silently add a law enforcement participant to a group chat or call.
Such a capability poses serious threats to…
Content type: Examples
GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech” industry. This week marks one year since the introduction of the GDPR.
The new complaints have been filed by Gemma Galdon Clavell (Eticas Foundation) and Diego Fanjul (Finch), David Korteweg (…
Content type: Examples
In an effort to improve political advertising transparency, Canada drafted a Bill that requires companies to develop ad libraries, to which ads are added immediately in order for researchers, journalists, and other people to be able to search and understand how political actors are targeting ads. In response, Google announced that it would blanket-ban all political ads in Canada, saying the company was unable to comply with the new law. Google’s decision shows both that the current state of…
Content type: Examples
The two leading Presidential candidates in Ukraine's 2019 elections have expressed frustration at major social media platform's seemingly lack of assistance combatting disinformation and bots. Bots flood social media networks and can promote content or flood platforms with pull requests to have a piece of content taken down. Campaigns are unable to directly contact Google, YouTube, and Facebook for assistance directly and waste resources constantly fighting against bot armies.
https://www.…
Content type: Examples
Simultaneous complaints have been filed with European data protection authorities against Google and other ad tech firms. The complainants are being made by Dr Johnny Ryan of Brave, the private web browser, Jim Killock, Executive Director of the Open Rights Group, and Michael Veale of University College London. The complaint notifies European regulators of a massive and ongoing data breach that affects virtually every user on the web.
Content type: Examples
Panoptykon Foundation, the Warsaw based digital rights organization, has joined in the complaints filed in the UK and Ireland in September by Jim Killock of the Open Rights Group, Michael Veale of University College London, and Dr Johnny Ryan of Brave, by filing a new complaint in Poland. Together, the complainants in Ireland, Poland, and the UK, have also filed new evidence today with the national data protection authorities of Ireland, Poland, and the United Kingdom, that reveals how ad…
Content type: Examples
Dr Johnny Ryan filed a formal complaint with the Irish Data Protection Commission against IAB Europe, the tracking industry’s primary lobbying organization. The complaint was filed against IAB Europe’s use of an unlawful “cookie wall” on its website. Visitors to IAB Europe’s website, www.iabeurope.eu, are forced to accept tracking by Google, Facebook, and others, which may then monitor them.
Content type: Examples
In August 2018, Apple forced Facebook to remove its Onava VPN from the App Store because the Facebook had been using it to harvest data across multiple apps and track user activity. In January 2019, a TechCrunch investigation revealed that in a separate part of the same programme Facebook had been paying users aged 13 to 35 to download a "Facebook Research" VPN and give it root access to their devices to enable it to collect data on their usage habits. The programmed, known as "Project Atlas",…
Content type: Examples
In February 2019 Google engineers announced that they had created faster, more efficient encryption system that could function on less-expensive Android phones that were too low-powered to implement existing full-device encryption. The scheme, known as Adiantum, uses established and well-vetted encryption tools and principles. Android has required smartphones to support encryption since 2015's version 6, but low-end devices were exempt because of the performance hit. It will now be up to device…
Content type: Examples
In October 2018, Google developers announced Manifest V3, a new standard for developing extensions for its Chrome web browser. One of the modifications included replacing the API used by extensions that need to intercept and work with network requests. The new API, DeclarativeNetRequest, limits the number of network requests an extension can access; the result was to muzzle third-party adblockers but not the new one Google was building in. Google claimed that implementing a maximum value was…
Content type: Examples
In November 2018 Bidooh announced it was developing an intelligent and automated digital billboard advertising platform that it said would leverage facial recognition and blockchain technology to track engagement. Billboard advertising is valued globally at almost $34.8 billion a year. Bidooh has said it considers itself the "Google Adwords" for digital billboard advertising; it intends the new system to be able to target passers-by based on criteria such as age, gender, facial hair, and…
Content type: Long Read
CEOs of the big tech companies have all recently discovered the value of privacy. On Tuesday, 30 April 2019, Mark Zuckerberg, announced his future plans to make Facebook a "privacy-focused social platform". This was followed by Google's Sundar Pichai demand that “privacy must be equally available to everyone in the world.” Meanwhile, Twitter's Jack Dorsey, has described the General Data Protection Regulation (GDPR) as "net-positive", while Apple had already positioned itself as the champion of…
Content type: Examples
In February 2019, the cybersecurity company Trend Micro found that at least 29 beauty and photo editing apps that had been downloaded more than 4 million times from Google's Play Store included code that pushed full-screen ads for fraudulent or pornography content or that directed users to phishing sites by making them believe they had won a contest. A second group of camera apps that claimed to improve photos actually uploaded them to a remote server controlled by the app developer and then…