By Robert Bateman

Facebook has released a “Corporate Human Rights Policy” on how the company manages privacy, freedom of expression, discrimination and other matters across its platforms. 

But experts told Digital Privacy News that the policy failed to address core issues with Facebook’s business model, such as targeted advertising and algorithmic decision-making.

For instance, Facebook promises in the policy — published in March — to commit to U.N. human rights standards, “protect privacy” and publish annual reports on its human rights impact.

“The new Corporate Human Rights Policy, which Facebook promises to continually build as a living document, lacks discussion of the company’s primary profit center — advertising — or its business development plans,” said Peter Micek, general counsel at the global human rights organization Access Now.

Continue reading “Experts: Facebook’s Human Rights Policy Lacks Key Commitments” →

By Robert Bateman

A U.K. court has ruled that prosecutors may submit evidence gathered by French and Dutch police through hacking defendants’ phones, in a judgment that has critical implications for the interpretation of the country’s surveillance laws.

The Court of Appeal’s judgment, delivered in February, related to data exfiltrated from EncroChat devices — subscription-only mobile phones used for encrypted communications.

The Feb. 5 ruling could open the door to more trials based on evidence obtained from EncroChat devices. But some legal experts told Digital Privacy News that the case had implications for the privacy of lawful EncroChat users.

Anthony Eskander, a lawyer with U.K. law firm Church Court Chambers, said it was necessary to consider “both sides of the argument.”

“On the one hand, certain characters use advanced technological developments to facilitate the conduct of criminal activity, with the primary objective of reducing the chance of discovery by law enforcement,” Eskander said.

Continue reading “UK Court Allows Hacked Phone Messages to Be Used as Evidence” →

By Robert Bateman

U.K. children’s rights advocates have written to Facebook CEO Mark Zuckerberg, urging him to scrap a version of Instagram that reportedly is in development for children under 13.

The letter, dated April 15, was signed by children’s safety and privacy experts, claiming Instagram “exploits young people’s fear of missing out and desire for peer approval” and challenges children’s “privacy and wellbeing.”

Facebook’s plans were first revealed in an internal memo disclosed last month by Buzzfeed News.

“Instagram has, over and again, proved that it makes improvements only when the public clamor reaches a level that seriously damages trust in the company, after a tragic incident, or to stave off threatened regulation,” said Sonia Livingstone, professor of social psychology at the London School of Economics and Political Science.

Continue reading “Experts Condemn Facebook’s Under-13 Instagram Plan” →

By Robert Bateman

A government-sponsored plan in the U.K. could allow pubs and other venues to identify customers using facial-recognition technology — and some academics and advocates are worried about the implications for privacy and civil liberties.

The proposed scheme, which is being developed by British tech companies iProov and Mvine using a $103,000 government grant, has been touted as a means to ease COVID-19 restrictions without the use of so-called “vaccine passports.”

But iProov assured Digital Privacy News that subjects’ privacy would be protected. Still, the plans have drawn the ire of privacy advocates, who say it would violate individual privacy and other civil rights.

“There is no legitimate justification for including facial recognition or any other biometric applications in vaccine passport schemes,” said Ella Jakubowska, policy officer at European Digital Rights (EDRi), based in Brussels.

Continue reading “UK Considering Face-Data Scheme for Pubs, Raising Privacy Fears” →

UK Data-Law Plans Draw Advocates’ Ire

By Robert Bateman

The U.K. government has signaled its intention to diverge from the EU standards on data-protection and privacy law, claiming that a “less-European approach” could help drive economic growth.

But some experts told Digital Privacy News that the government’s proposals could weaken individual rights and could put EU trade at risk.

Since the U.K. fully transitioned out of the EU in January, it has been able to make changes to EU law, including the General Data Protection Regulation (GDPR), which passed in 2016.

According to Reuters, U.K. Culture Secretary Oliver Dowden said he hoped the country could “hold on to many of the strengths of GDPR in terms of giving people security about their data,” but focus “less on the burdens of the rules imposed on individual businesses.”

Continue reading “‘Gutting Privacy Rights’” →

By Robert Bateman

The U.K. is denying thousands of migrants access to their personal information using a controversial exemption to the country’s data-protection law, in a move that advocates say violates human rights.

The U.K.’s Home Office, which handles visas and immigration issues, relied on the controversial “immigration exemption” in as many as 72% of requests for personal information it received last year, according to a report released this month by the Open Rights Group (ORG).

Under U.K. law, individuals can make a “subject access request” to see what personal information an organization has about them. 

The immigration exemption, which forms part of the U.K.’s Data Protection Act of 2018, allows an organization to reject an access request if granting so will be “likely to prejudice … the effective maintenance of immigration control.”

Continue reading “UK Denying Migrants Access to Personal Data, Report Finds” →

By Robert Bateman

Local government bodies across the U.K. are using surveillance equipment supplied by Chinese companies that are involved in suppressing the Uighur people in Xianjing province, research has revealed.

Researchers sent 52 freedom of information (FOI) requests to councils — local government authorities — across the U.K., with 65% of respondents disclosing that they owned surveillance technology supplied by Hikvision. Seven councils disclosed that they owned technology made by Dahua.

Both companies have been accused of helping to suppress the Uighurs and other minority groups in the Xianjing region in southeastern China. 

“The U.K. needs to reconsider whether it is justifiable to use public funds to invest in surveillance equipment manufactured by companies linked to human-rights abuses,” said Samuel Woodhams, digital rights lead at the security research website Top10VPN, who conducted the research.

Continue reading “Local UK Governments Using Chinese CCTV Linked to Uighurs” →

By Robert Bateman

Google is planning substantial changes to its Chrome browser that it claims will benefit user privacy.

But the U.K.’s antitrust regulator is investigating the plans over concerns that they will harm competition and further consolidate Google’s market dominance.

Google’s ongoing “Privacy Sandbox” project could lead to a radical overhaul of online advertising.

The company plans to block third-party cookies, which allow marketers to target ads based on people’s individual browsing habits, behavior and inferred characteristics. 

Google plans to gradually replace third-party cookies with application programming interfaces (APIs). The company said the plans would improve user privacy by storing personal information on-device and blocking fingerprinting.

Continue reading “Google’s ‘Privacy Sandbox’ Probed by UK Antitrust Regulator” →

By Robert Bateman

Facebook faces a class-action lawsuit in the U.K. over allegations that it allowed a third-party app to “harvest personal information” from its users without consent.

The app, “This Is Your Digital Life,” collected the personal information of as many as 87 million Facebook users worldwide between November 2013 and May 2015, according to Facebook’s estimates.

The breach affected not only users of the app, but also their Facebook friends, whose data was shared with the controversial political consulting firm Cambridge Analytica.

A 2018 investigation by The New York Times and the Guardian revealed that Cambridge Analytica used data to provide ad-targeting services for Republican Donald Trump’s presidential campaign.

Continue reading “Facebook Sued in UK Class Action Over ‘Data Harvesting’ App” →

By Robert Bateman

U.K. supermarket chain the Southern Co-op is using facial-recognition technology to address shoplifting, a move that privacy advocates argued violated shoppers’ privacy rights.

The supermarket has been using facial-recognition cameras, provided by the security firm Facewatch, in 18 of its stores across the south of England since 2018, a company spokesperson told Digital Privacy News.

The cameras scan the faces of anyone walking into the store and retains biometric data derived from the facial images of people suspected of having committed a crime.

“To see a supposedly ethical company secretly using rights-abusive tech like facial recognition on its customers in the U.K. is deeply chilling,” said Silkie Carlo, director of U.K. privacy advocacy group Big Brother Watch.

Continue reading “Privacy Advocates Outraged by UK Supermarket’s Face Cameras” →

By Robert Bateman

Social media app TikTok is facing a class-action lawsuit in the U.K., led by an unnamed 12-year-old girl who claims the app breached her privacy.

The High Court of England and Wales allowed the plaintiff, known only as “SMO,” permission to proceed anonymously in a hearing conducted last month.

Court documents revealed that the plaintiff was citing the General Data Protection Regulation (GDPR), an EU law adopted into U.K. law before Brexit. The law, passed in 2016, restricts how apps and other online services use children’s personal information. 

Under the GDPR, if online service providers want consent to process a child’s personal information, they must request it from a parent or guardian.

Continue reading “UK Girl, 12, Sues TikTok Over Claims of Breaching Her Privacy” →

By Robert Bateman

Tech giants Oracle and Salesforce are facing class-action lawsuits in the U.K. and the Netherlands over allegations that they are “misusing the personal data” of millions of people.

The legal claims relate to how the companies contribute to “real-time bidding” (RTB), a controversial advertising practice that involves the auctioning of personal data collected via web cookies and other tracking technologies.

The U.K. suit, led by privacy advocate Rebecca Rumbul, is seeking damages of approximately $13 billion, which would amount to about $650 for every U.K. internet user.

The parallel Netherlands case, led by the nonprofit Privacy Collective, is seeking approximately $19.5 billion.

Continue reading “Oracle and Salesforce Face Huge Lawsuits in UK, Netherlands” →

By Robert Bateman 

The U.K. is establishing a new competition authority to regulate digital markets and improve consumer choice.  

The new Digital Markets Unit (DMU) will be established next April, following a report in July about online platforms by the U.K.’s Competition and Markets Authority (CMA). 

The unit will “introduce and enforce a new code to govern the behavior of platforms… such as Google and Facebook,” according to a government news release last month. 

But with a handful of firms increasingly dominating the market, some experts told Digital Privacy News that they were concerned that the new regime could struggle to take on the tech giants. 

Continue reading “UK Sets Up Regulator to Take On Big Tech” →

By Robert Bateman

Police forces across England and Wales have increased their use of mobile fingerprint scanning — and Black people are disproportionately targeted with this biometric technology, according to recent news reports analyzing police statistics.

But privacy advocates and civil rights groups told Digital Privacy News that the practice was damaging trust in the police and could hamper efforts to fight crime.

“Black communities are much more likely to be surveilled and treated as potential criminals, despite a lack of reasonable suspicion,” said Ella Jakubowska, policy officer for European Digital Rights (EDRi) in Brussels, which campaigns against biometric surveillance.

“Why would we even think about bringing in new biometric technology — which civil society groups have shown can pose an enormous threat to people’s rights and liberties — when we already have so much underlying bias and discrimination in how police forces engage with racialized and minoritized communities?”

Continue reading “UK Police Targeting Black People With Fingerprint Scanners” →

By Robert Bateman

A digital-rights organization, the Open Rights Group (ORG), is taking the U.K.’s privacy regulator to court over allegations that it has failed to address illegal practices in the digital advertising technology — adtech — industry.

The claim, filed Oct. 21 with the U.K.’s Information Rights Tribunal, follows a complaint first filed with the regulator, the Information Commissioner’s Office (ICO), by ORG Executive Director Jim Killock in September 2018.

The complaint alleged that Google and other tech companies were using people’s personal data illegally, via a process called “real-time bidding” (RTB).

Continue reading “Rights Group Sues UK Privacy Regulator in Landmark Case” →

By Robert Bateman

Governments across the world are calling on technology firms to allow agencies access to private communications, claiming that end-to-end encryption that shuts out law enforcement presents a “severe risk to public safety.”

In a statement, signed Oct. 11, the governments of the U.S., U.K., Australia, New Zealand, Canada, India and Japan argued that software developers should “engage in consultation with governments and other stakeholders” to “embed the safety of the public in system design.”

But experts told Digital Privacy News that the proposals presented an unacceptable risk to individual privacy.

Continue reading “Officials Urge Tech Firms to Help Them Access User Data” →

Facebook Begins Controversial Integration of Messenger, Instagram

By Robert Bateman

Facebook has begun the long-planned integration of its Messenger and Instagram platforms, as governments and regulators show increasing concern about its market dominance.

The change will allow Facebook and Instagram users to send private messages to one another between platforms. Facebook also plans to include its WhatsApp platform in the integration.

Antitrust regulators in the U.S. and European Union have scrutinized Facebook’s acquisitions of Instagram and WhatsApp. Some experts told Digital Privacy News that Facebook’s plans might be designed to disrupt regulators’ activities.

Continue reading “‘Basis of a Lie’” →

By Robert Bateman

The U.K. government is planning a significant overhaul of its privacy laws in a move that experts told Digital Privacy News risked damaging the country’s economy and relations with the European Union.

The government’s national data strategy, published last month, says that the U.K. “will control its own data protection laws and regulations in line with its interests” after the country’s transition out of the EU.

Continue reading “UK’s Privacy Law Overhaul Could Damage Post-Brexit Economy” →

By Robert Bateman

The European Court of Human Rights (ECHR) struck a severe blow to privacy advocates this month when it rejected a legal challenge to the U.K. government’s surveillance activities on procedural grounds.

The case was brought by advocacy groups, who argued that the government’s cellphone-hacking and surveillance violated European human-rights law.

The court ruled Sept. 3 that the case was inadmissible because the advocates had not exhausted the U.K.’s domestic legal procedures.

Continue reading “European Court Spurns Challenge to UK Government Surveillance” →

By Robert Bateman

Google faces a $2.5 billion class-action lawsuit in the U.K., over allegations that its YouTube video-sharing platform is “breaching millions of young peoples’ privacy and data rights.” 

The case is on behalf of an estimated 5 million children under 13 across England and Wales, according to a Sept.14 news release from the case’s legal team.

If successful, it would be the first class-action lawsuit against a tech company in Europe. 

Google, which acquired YouTube in 2006, is accused of violating U.K. law, which states that children under 13 are unable to consent to the collection of their personal information.

“They’re using this data to capture the attention of our children,” Duncan McCann, the representative claimant in the case, told Digital Privacy News. 

He has three children aged 13 or under, and McCann said he was concerned about how Google used their personal information on YouTube.

Continue reading “Google Faces $2.5B Lawsuit Over YouTube and Children’s Data” →