Category: UK

Privacy Advocates Outraged by UK Supermarket’s Face Cameras

By Robert Bateman

U.K. supermarket chain the Southern Co-op is using facial-recognition technology to address shoplifting, a move that privacy advocates argued violated shoppers’ privacy rights.

The supermarket has been using facial-recognition cameras, provided by the security firm Facewatch, in 18 of its stores across the south of England since 2018, a company spokesperson told Digital Privacy News.

The cameras scan the faces of anyone walking into the store and retains biometric data derived from the facial images of people suspected of having committed a crime.

“To see a supposedly ethical company secretly using rights-abusive tech like facial recognition on its customers in the U.K. is deeply chilling,” said Silkie Carlo, director of U.K. privacy advocacy group Big Brother Watch.

Continue reading “Privacy Advocates Outraged by UK Supermarket’s Face Cameras”

UK Girl, 12, Sues TikTok Over Claims of Breaching Her Privacy

By Robert Bateman

Social media app TikTok is facing a class-action lawsuit in the U.K., led by an unnamed 12-year-old girl who claims the app breached her privacy.

The High Court of England and Wales allowed the plaintiff, known only as “SMO,” permission to proceed anonymously in a hearing conducted last month.

Court documents revealed that the plaintiff was citing the General Data Protection Regulation (GDPR), an EU law adopted into U.K. law before Brexit. The law, passed in 2016, restricts how apps and other online services use children’s personal information. 

Under the GDPR, if online service providers want consent to process a child’s personal information, they must request it from a parent or guardian.

Continue reading “UK Girl, 12, Sues TikTok Over Claims of Breaching Her Privacy”

Oracle and Salesforce Face Huge Lawsuits in UK, Netherlands

By Robert Bateman

Tech giants Oracle and Salesforce are facing class-action lawsuits in the U.K. and the Netherlands over allegations that they are “misusing the personal data” of millions of people.

The legal claims relate to how the companies contribute to “real-time bidding” (RTB), a controversial advertising practice that involves the auctioning of personal data collected via web cookies and other tracking technologies.

The U.K. suit, led by privacy advocate Rebecca Rumbul, is seeking damages of approximately $13 billion, which would amount to about $650 for every U.K. internet user.

The parallel Netherlands case, led by the nonprofit Privacy Collective, is seeking approximately $19.5 billion.

Continue reading “Oracle and Salesforce Face Huge Lawsuits in UK, Netherlands”

UK Sets Up Regulator to Take On Big Tech

By Robert Bateman 

The U.K. is establishing a new competition authority to regulate digital markets and improve consumer choice.  

The new Digital Markets Unit (DMU) will be established next April, following a report in July about online platforms by the U.K.’s Competition and Markets Authority (CMA). 

The unit will “introduce and enforce a new code to govern the behavior of platforms… such as Google and Facebook,” according to a government news release last month. 

But with a handful of firms increasingly dominating the market, some experts told Digital Privacy News that they were concerned that the new regime could struggle to take on the tech giants. 

Continue reading “UK Sets Up Regulator to Take On Big Tech”

UK Police Targeting Black People With Fingerprint Scanners

By Robert Bateman

Police forces across England and Wales have increased their use of mobile fingerprint scanning — and Black people are disproportionately targeted with this biometric technology, according to recent news reports analyzing police statistics.

But privacy advocates and civil rights groups told Digital Privacy News that the practice was damaging trust in the police and could hamper efforts to fight crime.

“Black communities are much more likely to be surveilled and treated as potential criminals, despite a lack of reasonable suspicion,” said Ella Jakubowska, policy officer for European Digital Rights (EDRi) in Brussels, which campaigns against biometric surveillance.

“Why would we even think about bringing in new biometric technology — which civil society groups have shown can pose an enormous threat to people’s rights and liberties — when we already have so much underlying bias and discrimination in how police forces engage with racialized and minoritized communities?”

Continue reading “UK Police Targeting Black People With Fingerprint Scanners”

Rights Group Sues UK Privacy Regulator in Landmark Case

By Robert Bateman

A digital-rights organization, the Open Rights Group (ORG), is taking the U.K.’s privacy regulator to court over allegations that it has failed to address illegal practices in the digital advertising technology — adtech — industry.

The claim, filed Oct. 21 with the U.K.’s Information Rights Tribunal, follows a complaint first filed with the regulator, the Information Commissioner’s Office (ICO), by ORG Executive Director Jim Killock in September 2018.

The complaint alleged that Google and other tech companies were using people’s personal data illegally, via a process called “real-time bidding” (RTB).

Continue reading “Rights Group Sues UK Privacy Regulator in Landmark Case”

Officials Urge Tech Firms to Help Them Access User Data

By Robert Bateman

Governments across the world are calling on technology firms to allow agencies access to private communications, claiming that end-to-end encryption that shuts out law enforcement presents a “severe risk to public safety.”

In a statement, signed Oct. 11, the governments of the U.S., U.K., Australia, New Zealand, Canada, India and Japan argued that software developers should “engage in consultation with governments and other stakeholders” to “embed the safety of the public in system design.”

But experts told Digital Privacy News that the proposals presented an unacceptable risk to individual privacy.

Continue reading “Officials Urge Tech Firms to Help Them Access User Data”

‘Basis of a Lie’

Facebook Begins Controversial Integration of Messenger, Instagram

By Robert Bateman

Facebook has begun the long-planned integration of its Messenger and Instagram platforms, as governments and regulators show increasing concern about its market dominance.

The change will allow Facebook and Instagram users to send private messages to one another between platforms. Facebook also plans to include its WhatsApp platform in the integration.

Antitrust regulators in the U.S. and European Union have scrutinized Facebook’s acquisitions of Instagram and WhatsApp. Some experts told Digital Privacy News that Facebook’s plans might be designed to disrupt regulators’ activities.

Continue reading “‘Basis of a Lie’”

UK’s Privacy Law Overhaul Could Damage Post-Brexit Economy

By Robert Bateman

The U.K. government is planning a significant overhaul of its privacy laws in a move that experts told Digital Privacy News risked damaging the country’s economy and relations with the European Union.

The government’s national data strategy, published last month, says that the U.K. “will control its own data protection laws and regulations in line with its interests” after the country’s transition out of the EU.

Continue reading “UK’s Privacy Law Overhaul Could Damage Post-Brexit Economy”

European Court Spurns Challenge to UK Government Surveillance

By Robert Bateman

The European Court of Human Rights (ECHR) struck a severe blow to privacy advocates this month when it rejected a legal challenge to the U.K. government’s surveillance activities on procedural grounds.

The case was brought by advocacy groups, who argued that the government’s cellphone-hacking and surveillance violated European human-rights law.

The court ruled Sept. 3 that the case was inadmissible because the advocates had not exhausted the U.K.’s domestic legal procedures.

Continue reading “European Court Spurns Challenge to UK Government Surveillance”

Google Faces $2.5B Lawsuit Over YouTube and Children’s Data

By Robert Bateman

Google faces a $2.5 billion class-action lawsuit in the U.K., over allegations that its YouTube video-sharing platform is “breaching millions of young peoples’ privacy and data rights.” 

The case is on behalf of an estimated 5 million children under 13 across England and Wales, according to a Sept.14 news release from the case’s legal team.

If successful, it would be the first class-action lawsuit against a tech company in Europe. 

Google, which acquired YouTube in 2006, is accused of violating U.K. law, which states that children under 13 are unable to consent to the collection of their personal information.

“They’re using this data to capture the attention of our children,” Duncan McCann, the representative claimant in the case, told Digital Privacy News. 

He has three children aged 13 or under, and McCann said he was concerned about how Google used their personal information on YouTube.

Continue reading “Google Faces $2.5B Lawsuit Over YouTube and Children’s Data”

UK Officials Reveal Proposals for Digital Identity Framework

By Robert Bateman

The U.K. government is developing a nationwide “digital identity” framework that would enable it to identify individuals across various public services.

Several news outlets have characterized the scheme as a plan to assign a so-called “digital ID card” to every citizen, a move that would concern many privacy advocates.

The U.K.’s proposals are still unclear, but they do not appear to involve a physical ID card. The government claims the framework would reduce fraud and check individual identities more easily.

Continue reading “UK Officials Reveal Proposals for Digital Identity Framework”

UK Politicians Demand Privacy Regulator Enforce Law Against Government

By Robert Bateman

The U.K. government has shown “scant regard to both privacy concerns and data protection duties” — and the country’s privacy regulator has failed to protect the public’s personal information, according to a letter from 22 opposition politicians.

The Aug. 21 letter, signed by 22 members of Parliament from four political parties, was addressed to the Information Commissioner’s Office (ICO) — the “data protection authority” responsible for enforcing privacy law in the U.K.

The office is headed by Information Commissioner Elizabeth Denham.

The government has been accused of breaching privacy law on numerous occasions throughout the COVID-19 pandemic, including in July, when it admitted that it had not assessed the privacy risks involved in its “test and trace” program properly.

Continue reading “UK Politicians Demand Privacy Regulator Enforce Law Against Government”

UK Pays AI Firm to Trawl Voters’ Twitter Data

By Robert Bateman

The U.K. government paid the artificial intelligence firm Faculty $524,000 to trawl and analyze the Twitter activity of the nation’s voters, according to an investigation by the campaign group Big Brother Watch.

The probe, disclosed by The Guardian on Aug. 10, revealed that Faculty was contracted to provide “topic analysis of social media” and gauge public response to the government’s handling of the COVID-19 crisis.

Continue reading “UK Pays AI Firm to Trawl Voters’ Twitter Data”

UK Court Spurns Police in First Legal Test of Face Recognition

By Robert Bateman

A landmark legal challenge to the use of facial-recognition technology has succeeded, with the U.K.’s Court of Appeal ruling this month that police in South Wales used automated facial recognition in violation of fundamental human rights.

Edward Bridges, a Cardiff resident supported by a human-rights group, Liberty, argued that the police had not adequately assessed how facial-recognition technology could violate individual “rights and freedoms” nor considered how the technology could be biased along racial and gender lines.

The Court of Appeal made its unanimous ruling Aug. 11. The South Wales Police has accepted the verdict and will not appeal to the Supreme Court.

Continue reading “UK Court Spurns Police in First Legal Test of Face Recognition”

UK Government Admits Failing to Assess ‘Test and Trace’ Privacy Risks Properly

By Robert Bateman

The U.K. government has admitted that its COVID-19 “test and trace” program was begun in May without an appropriate “data-protection impact assessment” (DPIA) in place, with experts telling Digital Privacy News that the omission represented a serious breach of privacy law.

The revelation came in a July 15 letter from the government’s legal department, shared with Digital Privacy News via a news release from U.K. campaigning organization the Open Rights Group.

A DPIA is required under U.K. law before commencing any project carrying a high risk to individual privacy. The government claimed to have conducted several DPIAs covering aspects of the program but admitted it should have completed an overarching assessment before it launched on May 28.

Continue reading “UK Government Admits Failing to Assess ‘Test and Trace’ Privacy Risks Properly”

EU Strikes Down Privacy Shield, With Major Implications for UK Economy

By Robert Bateman

The world of digital privacy was shaken this month, when the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield framework, which allows certain businesses to freely transfer personal information from the E.U. to the U.S.

The E.U. court ruled July 16 in Luxembourg that U.S. surveillance laws violated the privacy of European citizens. International data transfers to the U.S. can still take place, however, subject to standard contractual clauses to protect personal information, written by the European Commission.

Experts on both sides of the Atlantic told Digital Privacy News that the U.K., which has similarly intrusive surveillance laws to the United States, could be disproportionately affected by the decision.

Continue reading “EU Strikes Down Privacy Shield, With Major Implications for UK Economy”

Experts: UK’s 20-Year Retention of Health Data Violates Law

By Robert Bateman

The U.K.’s National Health Service (NHS) has set up a “Test and Trace” program to help track the spread of COVID-19. 

The program, rolled out May 28, involves “contact-tracing” — gathering information about COVID-19 patients and those with whom they have been in contact, with an aim to slow the spread of the virus.

Continue reading “Experts: UK’s 20-Year Retention of Health Data Violates Law”

U.K. Government Urged to Publish Details of COVID Datastore Contracts

By Robert Bateman

The U.K.’s National Health Service (NHS) is creating a “COVID-19 datastore” with the help of such tech firms as Google, Microsoft, Amazon, and Silicon Valley artificial intelligence company, Palantir.

In a March blog post detailing the project, Matt Gould, chief executive of government unit NHSX, said the goal was to provide “secure, reliable and timely data — in a way that protects the privacy of our citizens — in order to make informed, effective decisions.”

Continue reading “U.K. Government Urged to Publish Details of COVID Datastore Contracts”