Abbreviation | PI |
---|---|
Founded | 1990 |
Founder | Simon Davies |
Type | Human rights charity |
Registration no. | Charity: 1147471 (E&W); company: 04354366 (E&W) |
Focus | Surveillance and privacy watchdog |
Headquarters | London, United Kingdom |
Area served | International |
Executive Director | Gus Hosein |
Board Chair | Joshua Castellino |
Main organ | Board |
Staff (2023) | 25 [1] |
Website | privacyinternational |
Privacy International (PI) is a UK-based registered charity [2] that defends and promotes the right to privacy across the world. First formed in 1990, registered as a non-profit company in 2002 and as a charity in 2012, PI is based in London. Its current executive director, since 2012, is Dr Gus Hosein.
During 1990, in response to increasing awareness about the globalization of surveillance, more than a hundred privacy experts and human rights organizations from forty countries took steps to form an international organization for the protection of privacy. [3]
Members of the new body, including computer professionals, academics, lawyers, journalists, jurists, and activists, had a common interest in promoting an international understanding of the importance of privacy and data protection. [4] Meetings of the group, which took the name Privacy International (PI), were held throughout that year in North America, Europe, Asia, and the South Pacific, and members agreed to work toward the establishment of new forms of privacy advocacy at the international level. The initiative was convened and personally funded by British privacy activist Simon Davies who served as director of the organization until June 2012. [5]
At the time, privacy advocacy within the non-government sector was fragmented and regionalized, while at the regulatory level there was little communication between privacy officials outside the European Union. Awareness of privacy issues at the international level was generated primarily through academic publications and international news reports but privacy campaigning at an international level until that time had not been feasible. [6]
While there had for some years existed an annual international meeting of privacy regulators, the formation of Privacy International was the first successful attempt to establish a global focus on this emerging area of human rights. PI evolved as an independent, non-government network with the primary role of advocacy and support, but largely failed in its first decade to become a major international player. Most of its early campaigns were focused on Southeast Asia. [7]
From 2011, Privacy International began to formalize and condense its operations. It is now a UK-registered charity (number 1147471) [2] with twenty full-time members of staff [8] and an office in Central London. As part of restructuring, an informal advisory board was replaced in 2012 by a managing 9 member board of trustees, [9] including investigative journalist Heather Brooke and technologist Jerry Fishenden. The restructuring also established three major program areas: contesting surveillance, challenging data exploitation, and building a global privacy movement. [10]
Privacy International's Articles of Association state that the charity's objective is to promote the human right of privacy throughout the world, as set out in the Universal Declaration of Human Rights and subsequent United Nations conventions and declarations; specifically: [11]
Privacy International has been funded and supported by a variety of foundations, academic establishments, and non-government organizations, including the Adessium Foundation, [12] the Open Society Foundations, the International Research Development Centre, [13] the European Parliament, the European Commission, the Joseph Rowntree Reform Trust, the Esmée Fairbairn Foundation, the University of Toronto's Canada Centre for Global Security Studies in the Munk School of Global Affairs, the American Civil Liberties Union, the Electronic Privacy Information Center, The Fund for Constitutional Government, the Stern Foundation, the Privacy Foundation, the German Marshall Fund, the University of New South Wales, the German Permanent Mission to the UN, the Oak Foundation, the Renewable Freedom Foundation, the Omidyar Network, the Roughley Charitable Trust, the Swedish International Development Agency, and the Street Foundation. [14] It also receives a small amount of finance via contributions. [15]
Throughout the 1990s, Privacy International was active in North America, Europe, and Southeast Asia, where it liaised with local human rights organizations to raise awareness about the development of national surveillance systems. From 2001 to 2010, the organization shifted much of its focus to issues concerning the EU and the United States. From 2011 onward, activities expanded to include a more aggressive program of legal action and international advocacy, particularly in the global south. [16]
Since the late 1990s, the organization's campaigns, media activities and projects have focused on a wide spectrum of issues, including Internet privacy, international government cooperation, passenger name record transfers, data protection law, anti-terrorism developments, freedom of information, Internet censorship, identity systems, corporate governance, the appointment of privacy regulators, cross-border data flows, data retention, judicial process, government consultation procedures, information security, national security, cybercrime, and aspects of around a hundred technologies and technology applications ranging from video surveillance to DNA profiling.
The PI network has also been used by law reform and human rights organizations in more than forty countries to campaign on local privacy issues. In Thailand and the Philippines, for example, Privacy International worked with local human rights bodies to develop national campaigns against the establishment of government identity card systems. In Canada, New Zealand, the United States, Hungary, Australia, and the United Kingdom it has promoted privacy issues through national media and through public campaigns. In Central and Eastern Europe, PI has been active in promoting government accountability through Freedom of information legislation.
PI monitors the activities of international organizations, including the European Union, the Council of Europe, and United Nations agencies. It has conducted numerous studies and reports, and provides commentary and analysis of contemporary policy and technology issues.
The charity is relatively small, comprising twenty full-time staff and a number of volunteers and interns. However the core team is supported in its project work by a collaborative network of around a hundred organizations in the fields of civil liberties, academia, technology assessment and human rights. These include, or have included, the American Civil Liberties Union, the Australian Privacy Foundation, the Electronic Privacy Information Center (US), Statewatch (UK), the Electronic Frontier Foundation (US), European Digital Rights, Consumers International, the Foundation for Information Policy Research (UK), Liberty (UK), the Hungarian Civil Liberties Union, the Moscow Human Rights Network, Amnesty International, Privacy Ukraine, Quintessenz (Austria), Human Rights Watch, Bits of Freedom (Netherlands), freedominfo.org, Index on Censorship, the Association for Progressive Communications, the Global Internet Liberty Campaign, Charter88 (UK), the Philippine Alliance of Human Rights Advocates, and the Thai Civil Liberties Union.
PI also has partners in developing countries in Africa, Asia, and Latin America, under the auspices of the Global South Program. The partners are:
Privacy International's legal actions against governments and companies include the following cases:
Privacy International has conducted investigations on Thailand, [28] Syria, [29] Egypt, [30] Uganda, [31] Colombia, [32] Pakistan, [33] and Central Asia. [34]
PI has published around forty major research reports. These include studies on Internet censorship, [35] communications data retention, [36] counter-terrorism policies in the EU and the US, [37] SWIFT auditing processes, [38] travel surveillance, [39] secrecy provisions and protection of sources, [40] Internet privacy, [41] policy laundering, [42] free expression and privacy, [43] the US-VISIT program, [44] identity cards and counter-terrorism, [45] encryption, [46] the global surveillance industry, [47] the UK's 2016 Investigatory Powers Bill, [48] gender issues and the right to privacy, [49] and medical privacy. [50]
In 2013, Privacy International publicized the links between several Swiss-based companies and the export of surveillance technologies to authoritarian regimes including Turkmenistan and Oman and called on the Swiss government to withdraw relevant export licenses. [51] The Swiss government later withdrew all export licenses for internet monitoring technology as well as several for mobile phone monitoring technology that were awaiting approval.
From 2012 to 2015, Privacy International lobbied for greater data protection laws in Europe during formation of the General Data Protection Regulation (GDPR). While praising certain provisions including the expansion of people's rights over personal data, Privacy International claims potential loop holes and vague language make the GDPR fall short of fully safeguarding against unique 21st century threats to data protection. [52]
In 2013, Privacy International together with Access Now and the Electronic Frontier Foundation launched the "International Principles on the Application of Human Rights to Communications Surveillance". These principles can provide civil society groups, industry, States, and others with a framework to evaluate whether current or proposed surveillance laws and practices are consistent with international human rights law. [53]
In 1995, PI published a report on the international trade in surveillance technology, entitled Big Brother Incorporated and focusing on the sale of technologies by companies in Western countries to repressive regimes intent on using them as tools of political control. However, governments and regulators did not intervene and regulate the surveillance industry, the value of which is now estimated at around $5 billion a year. Exports of surveillance technology to foreign regimes are still wholly at the discretion of the exporter. [54]
PI therefore commenced a second investigation in June 2011. The project, also called Big Brother Incorporated, uses a blend of research and investigation, public campaigning, political engagement, and strategic litigation to bring to light the abuses of the surveillance industry and to campaign for proper government regulation, specifically export control regimes.
In December 2011, Privacy International released documents collected from a number of surveillance trade shows and conferences (most prominently the ISS World conference in Washington DC) in collaboration with WikiLeaks, BuggedPlanet, The Bureau of Investigative Journalism, The Washington Post , l'espresso , The Hindu , ARD, and OWNI . [55] The Spy Files included brochures, catalogues, technical specifications, contracts, and price lists for the products of around 160 companies.
During 2012, there was growing international awareness of the problems inherent in the rise of the surveillance industry and increasing momentum towards stricter regulation of surveillance technology exports. In March 2012, the EU banned the export of monitoring equipment to the Iranian authorities. [56] The following month, a European Parliament resolution calling for stricter oversight of companies selling equipment to countries such as Syria or China was passed overwhelmingly, with 580 votes for, 28 against, and 74 abstentions. In July 2012, the French Minister for the Digital Economy, Fleur Pellerin, announced her opposition to exports of surveillance technology to repressive regimes during a radio show hosted by Le Monde and public broadcaster France Culture. [57] In September 2012, comments made by the German Foreign Minister at an Internet and Human Rights conference in Berlin were interpreted by the German media as a clear statement of intent to push for tighter controls of EU surveillance technology exports at a national and European level. [58]
In June 2006, The New York Times and the Los Angeles Times published details of a private arrangement between Society for Worldwide Interbank Financial Telecommunication (SWIFT) and the United States Government that involved the mass covert disclosure to the US of customer financial data. SWIFT is a cooperative involving around 8,000 financial institutions. It handles the secure messaging process at the heart of the majority of financial transfers worldwide, amounting to around $2,000 trillion per year.
The following week PI filed simultaneous complaints with Data Protection and Privacy regulators in 38 countries concerning the secret disclosures of records. The complaints alleged that the transfers violated EU law.
The PI complaints sparked a series of regulatory and legal actions that have ultimately forced SWIFT to re-evaluate its practices. The organisation has now agreed to move its data operations to Switzerland where US authorities have no jurisdiction.
In 1998, Privacy International took the decision to start an international gong called the Big Brother Awards to be given to the most influential and persistent privacy invaders, as well as to people and organizations who have excelled in defending privacy. To date, 75 awards ceremonies have been held as annual events in 17 countries including Japan, Bulgaria, Ukraine, Australia. France, Germany, Austria, Switzerland, the Netherlands, New Zealand, Denmark, the United States, Spain, Finland and the United Kingdom.
In January 2003, PI launched an international competition to discover the world's "most pointless, intrusive and self-serving security initiatives". The "Stupid Security" award highlighted measures which are pointless and illusory, and which cause unnecessary distress, annoyance and unintended danger to the public. The competition resulted in over five thousand nominations from around the world. The winners were announced at the Computers, Freedom and Privacy Conference in New York on 3 April that year.
In March 2009, following the addition of 25 UK cities to Google's Street View service, Privacy International sent a formal complaint about the service to the UK Information Commissioner's Office (ICO). The complaint cited more than 200 reports from members of the public who were identifiable on images hosted by the service. Privacy International director Simon Davies said that the organization had filed the complaint due to the "clear embarrassment and damage" Street View had caused on many Britons. He said that Street View fell short of the assurances given to the ICO that had enabled its UK launch and asked for the system to be "switched off" while an investigation was completed. [59]
The ICO had given permission for the launch of the service in July 2008 based partly on Google's assurances that it would blur faces and vehicle licence plates to protect privacy. In its complaint, PI said that Google's claim that its face blurring system would result in a few misses was a "gross underestimation" and meant that the data used by Street View would fall under the UK's Data Protection Act 1998, which requires that subjects give permission for the use of information concerning them. [60] However, the ICO rejected PI's complaint, noting that removing the service would be "disproportionate to the relatively small risk of privacy detriment" and that "Google Street View does not contravene the Data Protection Act and, in any case, it is not in the public interest to turn the digital clock back". [61]
In February 2015 PI and other claimants [62] won a judgment from the UK Tribunal that the mass surveillance conducted by the GCHQ with data from the NSA was illegal up to December 2014, being in violation of the European Convention on Human Rights and lacking the necessary legal framework, [63] [64] whereupon PI launched a campaign enabling anyone in the world to ascertain (eventually) if the GCHQ illegally had their data from the NSA. [65]
Privacy International's unconventional and sometimes aggressive approach to privacy advocacy has at times resulted in controversy and a questioning of its motives.
The most notable political controversy surrounding the organization was sparked in 2005 when British Prime Minister Tony Blair and Home Secretary Charles Clarke publicly accused PI's director and founder Simon Davies of covertly using his academic affiliation with the London School of Economics (LSE) to undermine the government's plans for a national identity card. [66] The LSE Director Sir Howard Davies strongly rebutted this charge. [67] The government's intent was apparently to raise doubts about the accuracy of the report in several areas and in particular, the manner in which projected cost estimates had been calculated (based on figures developed by the independent IT analysis company, Kable), and what it called "selective and misleading use of evidence regarding biometrics and a failure to include any natural scientists to inform the report despite the significant claims made about biometrics and the accuracy of biometric technologies". [68] [69] [70] Rather than address the issues raised by the report, several government politicians and their biometric experts instead chose to criticize the accuracy of the report, questioning whether the involvement of leading PI campaigners and well known opponents of identity cards meant that it could be considered unbiased. The episode is notable for the nature of its overtly political attack on an academic report from a leading UK university and its personalization of criticisms of Simon Davies. Even MPs who supported identity cards recognized that the government had entered new territory by undermining independent academic work on issues of legitimate contemporary interest. [71]
The government's claims of bias were strenuously denied by Simon Davies and resulted in heated debate between Government and Opposition parties both in the House of Commons [72] and the House of Lords. [73] The coverage led Davies to draw comparisons of the argument with former government scientific advisor David Kelly who took his life following an allegedly similar campaign. [74]
In his 2006 autobiography, [75] another former Home Secretary David Blunkett wrote "I am really sorry that the London School of Economics have allowed him (Davies) to even hint that he has any connection with them". Davies has lectured at the LSE since 1997 and continues to do so both as Visiting Fellow and as co-director of the LSE's Policy Engagement Network.
In June 2007 PI released an assessment of the privacy practices of selected online services. [76]
Simon Davies drew criticism for his apparent enthusiasm for aspects of Phorm's model of operation, stating that "[PI] DOES NOT endorse Phorm, though we do applaud a number of developments in its process." [77] PI as a group has not published any analysis or comment concerning Phorm products.
In March 2009, following PI's criticism of Google Street View service, Davies sent an open letter to Google chief executive Eric Schmidt, accusing the company of briefing journalists against him, by claiming Davies was biased in favor of Microsoft. Google pointed to connections between Microsoft and data protection consultancy 80/20 Thinking, run by Davies, and said that Davies's connections to Microsoft should be made clear in public, as the credibility of his criticisms was undermined by the fact that he acted as a consultant to companies who are direct rivals and critics of Google; a fact Davies rarely disclosed in press releases or comments. [78] 80/20 Thinking ceased operations in 2009.
Since 1997, Privacy International, in cooperation with the Electronic Privacy Information Center (EPIC), has conducted annual surveys [79] in order to assess how much privacy nations' populations have from both corporative and government surveillance. [80] The last global report was in 2007. Currently PI publishes State of Privacy reports with its partners, researching the legal and political situation in each country, updated yearly. It also regularly submits country reports to the Universal Periodic Review and the Human Rights Council. [81]
In January 2011, Privacy International, in cooperation with EPIC and the Center for Media and Communications Studies (CMCS) published the European Privacy and Human Rights 2010 report, funded by the European Commission's Special Programme "Fundamental Rights and Citizenship", 2007–13. This was an investigation of the European landscape of national privacy and data protection laws and regulations, as well as other laws, jurisprudence, and recent factual developments with an impact on privacy. The study consisted of 33 targeted reports, an overview presenting a comparative legal and policy analysis of main privacy topics and a privacy ranking for all the countries surveyed. [82]
Government Communications Headquarters (GCHQ) is an intelligence and security organisation responsible for providing signals intelligence (SIGINT) and information assurance (IA) to the government and armed forces of the United Kingdom. Primarily based at "The Doughnut" in the suburbs of Cheltenham, GCHQ is the responsibility of the country's Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the Foreign Office and its director ranks as a Permanent Secretary.
The Electronic Privacy Information Center (EPIC) is an independent nonprofit research center established in 1994 to protect privacy, freedom of expression, and democratic values in the information age. Based in Washington, D.C., their mission is to "secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation." EPIC believes that privacy is a fundamental right, the internet belongs to people who use it, and there's a responsible way to use technology.
The right to privacy is an element of various legal traditions that intends to restrain governmental and private actions that threaten the privacy of individuals. Over 185 national constitutions mention the right to privacy. On 10 December 1948, the United Nations General Assembly adopted the Universal Declaration of Human Rights (UDHR); while the right to privacy does not appear in the document, many interpret this through Article 12, which states: "No one shall be subjected to arbitrary interference with their privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organizations, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is often distinguished from targeted surveillance.
Liberty, formerly, and still formally, called the National Council for Civil Liberties (NCCL), is an advocacy group and membership organisation based in the United Kingdom, which challenges unjust laws, protects civil liberties and promotes human rights. It does this through the courts, in Parliament and in the wider community. Liberty also aims to engender a "rights culture" within British society. The NCCL was founded in 1934 by Ronald Kidd and Sylvia Crowther-Smith, motivated by their humanist convictions.
Center for Democracy & Technology (CDT) is a Washington, D.C.-based 501(c)(3) nonprofit organisation that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the internet for purposes of well-intent, while at the same time reducing its potential for harm. It advocates for transparency, accountability, and limiting the collection of personal information.
Digital rights are those human rights and legal rights that allow individuals to access, use, create, and publish digital media or to access and use computers, other electronic devices, and telecommunications networks. The concept is particularly related to the protection and realization of existing rights, such as the right to privacy and freedom of expression, in the context of digital technologies, especially the Internet. The laws of several countries recognize a right to Internet access.
Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.
The Computers, Freedom and Privacy Conference is an annual academic conference held in the United States or Canada about the intersection of computer technology, freedom, and privacy issues. The conference was founded in 1991, and since at least 1999, it has been organized under the aegis of the Association for Computing Machinery. It was originally sponsored by CPSR.
European Digital Rights is an international advocacy group headquartered in Brussels, Belgium. EDRi is a network collective of non-profit organizations (NGO), experts, advocates and academics working to defend and advance digital rights across the continent. As of October 2022, EDRi is made of more than 40 NGOs, as well as experts, advocates and academics from all across Europe.
Source protection, sometimes also referred to as source confidentiality or in the U.S. as the reporter's privilege, is a right accorded to journalists under the laws of many countries, as well as under international law. It prohibits authorities, including the courts, from compelling a journalist to reveal the identity of an anonymous source for a story. The right is based on a recognition that without a strong guarantee of anonymity, many would be deterred from coming forward and sharing information of public interests with journalists.
Douwe Korff has been professor of international law at London Metropolitan University since 2002. He is a Dutch comparative and international lawyer, specialising in human rights and data protection. In the 1970s, he graduated from the Free University in Amsterdam, Netherlands, and was researcher at the European University Institute in Florence, Italy. In the 1980s, he carried out human rights research at the Max Planck Institutes for comparative and international criminal law and for comparative and international public law in Freiburg im Breisgau and Heidelberg, Germany. In the 1990s, he taught international law and human rights at Maastricht University in the Netherlands, and the European Convention on Human Rights at the University of Essex, UK. In 2006, he was visiting professor at the Law faculty of the University of Rijeka, Croatia.
Homeland Security Group is an executive directorate of the UK government Home Office, created in 2007, responsible for leading the work on counter-terrorism in the UK, working closely with the police and security services. The office reports to the Home Secretary, and to the Minister of State for Security and Counter-Terrorism. Its current Director General is Chloe Squires, who is the senior government official responsible for counter-terrorist and organised crime strategy.
Big Brother Watch is a non-party British civil liberties and privacy campaigning organisation. It was launched in 2009 by founding director Alex Deane to campaign against state surveillance and threats to civil liberties. It was founded by Matthew Elliott. Since January 2018, Silkie Carlo is the Director.
The Investigatory Powers Tribunal (IPT) is a first-instance tribunal and superior court of record in the United Kingdom. It is primarily an inquisitorial court.
Tempora is the codeword for a formerly-secret computer system that is used by the British Government Communications Headquarters (GCHQ). This system is used to buffer most Internet communications that are extracted from fibre-optic cables, so these can be processed and searched at a later time. It was tested from 2008 and became operational in late 2011.
Caspar Pemberton Scott Bowden was a British privacy advocate, formerly a chief privacy adviser at Microsoft. Styled as "an independent advocate for information privacy rights, and public understanding of privacy research in computer science", he was on the board of the Tor anonymity service. and a fellow of the British Computer Society. Having predicted US mass surveillance programmes such as PRISM from open sources, he gathered renewed attention after the Snowden leaks vindicated his warnings.
The use of electronic surveillance by the United Kingdom grew from the development of signal intelligence and pioneering code breaking during World War II. In the post-war period, the Government Communications Headquarters (GCHQ) was formed and participated in programmes such as the Five Eyes collaboration of English-speaking nations. This focused on intercepting electronic communications, with substantial increases in surveillance capabilities over time. A series of media reports in 2013 revealed bulk collection and surveillance capabilities, including collection and sharing collaborations between GCHQ and the United States' National Security Agency. These were commonly described by the media and civil liberties groups as mass surveillance. Similar capabilities exist in other countries, including western European countries.
The Investigatory Powers Act 2016 is an Act of the Parliament of the United Kingdom which received royal assent on 29 November 2016. Its different parts came into force on various dates from 30 December 2016. The Act comprehensively sets out and in limited respects expands the electronic surveillance powers of the British intelligence agencies and police. It also claims to improve the safeguards on the exercise of those powers.
Targeted surveillance is a form of surveillance, such as wiretapping, that is directed towards specific persons of interest, and is distinguishable from mass surveillance. Both untargeted and targeted surveillance is routinely accused of treating innocent people as suspects in ways that are unfair, of violating human rights, international treaties and conventions as well as national laws, and of failing to pursue security effectively.
{{cite book}}
: CS1 maint: location (link)