|Type||Human rights charity|
|Registration no.||Charity: 1147471 (E&W); company: 04354366 (E&W)|
|Focus||Surveillance and privacy watchdog|
Privacy International (PI) is a UK-based registered charity that defends and promotes the right to privacy across the world. First formed in 1990, registered as a non-profit company in 2002 and as a charity in 2012, PI is based in London, UK. Its current executive director, since 2012, is Dr Gus Hosein.
Formation, background and objectives
During 1990, in response to increasing awareness about the globalisation of surveillance, more than a hundred privacy experts and human rights organizations from forty countries took steps to form an international organization for the protection of privacy.
Members of the new body, including computer professionals, academics, lawyers, journalists, jurists and activists, had a common interest in promoting an international understanding of the importance of privacy and data protection. Meetings of the group, which took the name Privacy International (PI), were held throughout that year in North America, Europe, Asia, and the South Pacific, and members agreed to work toward the establishment of new forms of privacy advocacy at the international level. The initiative was convened and personally funded by British privacy activist Simon Davies who served as director of the organisation until June 2012.
At the time, privacy advocacy within the non-government sector was fragmented and regionalised, while at the regulatory level there was little communication between privacy officials outside the European Union. Awareness of privacy issues at the international level was generated primarily through academic publications and international news reports but privacy campaigning at an international level until that time had not been feasible.
While there had for some years existed an annual international meeting of privacy regulators, the formation of Privacy International was the first successful attempt to establish a global focus on this emerging area of human rights. PI evolved as an independent, non-government network with the primary role of advocacy and support, but largely failed in its first decade to become a major international player. Most of its early campaigns were focused on Southeast Asia.
From 2011, Privacy International began to formalise and condense its operations. It is now a UK-registered charity (number 1147471) with eight full-time members of staff and an office in Central London. The wider network is now represented by an international Advisory Board comprising members in 47 countries. The charity is managed by a nine-member board of trustees, including investigative journalist Heather Brooke and technologist Jerry Fishenden.
Privacy International's Articles of Association state that the charity's objective is to promote the human right of privacy throughout the world, as set out in the Universal Declaration of Human Rights and subsequent United Nations conventions and declarations; specifically:
- To raise awareness of, to conduct research about, and to provide educational materials regarding threats to personal privacy;
- To monitor and report on surveillance methods and tactics employed against individuals and groups;
- To work at national and international levels toward the provision of strong and effective privacy protections;
- To monitor the nature, effectiveness and extent of measures to protect privacy, and to seek ways through information technology to protect personal information;
- To seek ways through which information technology can be used in the protection of privacy.
Privacy International has been funded and supported by a variety of foundations, academic establishments, and non-government organisations, including the Adessium Foundation, the Open Society Foundations, the International Research Development Centre, the European Parliament, the European Commission, the Joseph Rowntree Reform Trust, the Esmée Fairbairn Foundation, the University of Toronto's Canada Centre for Global Security Studies in the Munk School of Global Affairs, the American Civil Liberties Union, the Electronic Privacy Information Center, The Fund for Constitutional Government, the Stern Foundation, the Privacy Foundation, the German Marshall Fund, and the University of New South Wales. It also receives a small amount of finance via contributions.
Campaigns, networking and research
Throughout the 1990s Privacy International was active in North America, Europe and Southeast Asia, where it liaised with local human rights organisations to raise awareness about the development of national surveillance systems. In more recent times the organisation has shifted much of its focus to issues concerning the EU and the United States and has adopted a more aggressive program of legal action.
Since the late 1990s the organization's campaigns, media activity and projects have focused on a wide spectrum of issues, including Internet privacy, international government cooperation, passenger name record transfers, data protection law, anti-terrorism developments, freedom of information, Internet censorship, identity systems, corporate governance, the appointment of privacy regulators, cross-border data flows, data retention, judicial process, government consultation procedures, information security, national security, cybercrime and aspects of around a hundred technologies and technology applications ranging from video surveillance to DNA profiling.
The PI network has also been used by law reform and human rights organisations in more than forty countries to campaign on local privacy issues. In Thailand and the Philippines, for example, Privacy International worked with local human rights bodies to develop national campaigns against the establishment of government identity card systems. In Canada, New Zealand, the United States, Hungary, Australia, and the United Kingdom it has promoted privacy issues through national media and through public campaigns. In Central and Eastern Europe, PI has been active in promoting government accountability through Freedom of information legislation.
PI monitors the activities of international organisations, including the European Union, the Council of Europe, and United Nations agencies. It has conducted numerous studies and reports, and provides commentary and analysis of contemporary policy and technology issues.
The charity is relatively small, comprising eight full-time staff and a number of volunteers and interns. However the core team is supported in its project work by a collaborative network of around a hundred organisations in the fields of civil liberties, academia, technology assessment and human rights. These include, or have included, the American Civil Liberties Union, the Australian Privacy Foundation, the Electronic Privacy Information Center (US), Statewatch (UK), the Electronic Frontier Foundation (US), European Digital Rights, Consumers International, the Foundation for Information Policy Research (UK), Liberty (UK), the Hungarian Civil Liberties Union, the Moscow Human Rights Network, Amnesty International, Privacy Ukraine, Quintessenz (Austria), Human Rights Watch, Bits of Freedom (Netherlands), freedominfo.org, Index on Censorship, the Association for Progressive Communications, the Global Internet Liberty Campaign, Charter88 (UK), the Philippine Alliance of Human Rights Advocates and the Thai Civil Liberties Union.
PI also has partners that it supports financially in 20 developing countries in Africa, Asia and Latin America, under the auspices of the Privacy in the Developing World project. This project is funded by the International Development Research Centre in Canada. The partners are:
- Africa Platform for Social Protection, Kenya
- Asociación por los Derechos Civiles, Argentina
- Autonomous University of Mexico State, Mexico
- Bytes for All, Pakistan
- Centre for Internet and Society, India
- Centre for Social Sciences Research, University of Cape Town, South Africa
- Centro de Tecnologia y Sociedad, University of San Andrés, Argentina
- Centro de Tecnologia e Sociedade da Escola de Direito da Fundação Getulio Vargas, Brazil
- Centre for Cyber Law Studies, Padjadjaran University, Bandung, Indonesia
- Thai Media Policy Center, Chulalongkorn University, Thailand
- Derechos Digitales, Chile
- Dejusticia, Colombia
- Instituto Nupef, Brazil
- Kenyan Ethical and Legal Issues Network, Kenya
- Mauritania and Senegal Research Network
- Media Institute of Southern Africa (MISA), Namibia
- Thai Netizen Network, Thailand
- University of Hong Kong, Hong Kong
- Voices for Interactive Choice and Empowerment, Bangladesh
- Zimbabwe Human Rights Forum, Zimbabwe.
Big Brother Incorporated
In 1995, PI published a report on the international trade in surveillance technology, entitled Big Brother Incorporated and focusing on the sale of technologies by companies in Western countries to repressive regimes intent on using them as tools of political control. However, governments and regulators did not intervene and regulate the surveillance industry, the value of which is now estimated at around $5 billion a year. Exports of surveillance technology to foreign regimes are still wholly at the discretion of the exporter.
PI therefore commenced a second investigation in June 2011. The project, also called Big Brother Incorporated, uses a blend of research and investigation, public campaigning, political engagement and strategic litigation to bring to light the abuses of the surveillance industry and to campaign for proper government regulation, specifically export control regimes.
In December 2011, Privacy International released documents collected from a number of surveillance trade shows and conferences (most prominently the ISS World conference in Washington DC) in collaboration with WikiLeaks, BuggedPlanet, The Bureau of Investigative Journalism, The Washington Post, l'espresso, The Hindu, ARD and OWNI. The Spy Files included brochures, catalogues, technical specifications, contracts and pricelists for the products of around 160 companies.
During 2012, there was growing international awareness of the problems inherent in the rise of the surveillance industry and increasing momentum towards stricter regulation of surveillance technology exports. In March 2012, the EU banned the export of monitoring equipment to the Iranian authorities. The following month, a European Parliament resolution calling for stricter oversight of companies selling equipment to countries such as Syria or China was passed overwhelmingly, with 580 votes for, 28 against, and 74 abstentions. In July 2012, the French Minister for the Digital Economy, Fleur Pellerin, announced her opposition to exports of surveillance technology to repressive regimes during a radio show hosted by Le Monde and public broadcaster France Culture. In September 2012, comments made by the German Foreign Minister at an Internet and Human Rights conference in Berlin were interpreted by the German media as a clear statement of intent to push for tighter controls of EU surveillance technology exports at a national and European level.
PI has published around thirty major research reports. These include studies on Internet censorship, communications data retention, counter-terrorism policies in the EU and the US, SWIFT auditing processes, travel surveillance, secrecy provisions and protection of sources, Internet privacy, policy laundering, free-expression and privacy, the US-VISIT program, and identity cards and counter-terrorism.
The SWIFT affair
In June 2006, The New York Times and the Los Angeles Times published details of a private arrangement between Society for Worldwide Interbank Financial Telecommunication (SWIFT) and the United States Government that involved the mass covert disclosure to the US of customer financial data. SWIFT is a cooperative involving around 8,000 financial institutions. It handles the secure messaging process at the heart of the majority of financial transfers worldwide, amounting to around $2,000 trillion per year.
The following week PI filed simultaneous complaints with Data Protection and Privacy regulators in 38 countries concerning the secret disclosures of records. The complaints alleged that the transfers violated EU law.
The PI complaints sparked a series of regulatory and legal actions that have ultimately forced SWIFT to re-evaluate its practices. The organisation has now agreed to move its data operations to Switzerland where US authorities have no jurisdiction.
The Big Brother Awards
In 1998 Privacy International took the decision to start an international gong called the Big Brother Awards to be given to the most influential and persistent privacy invaders, as well as to people and organisations who have excelled in defending privacy. To date, 75 awards ceremonies have been held as annual events in 17 countries including Japan, Bulgaria, Ukraine, Australia. France, Germany, Austria, Switzerland, the Netherlands, New Zealand, Denmark, the United States, Spain, Finland and the United Kingdom.
The Stupid Security competition
In January 2003, PI launched an international competition to discover the world's "most pointless, intrusive and self-serving security initiatives". The "Stupid Security" award highlighted measures which are pointless and illusory, and which cause unnecessary distress, annoyance and unintended danger to the public. The competition resulted in over five thousand nominations from around the world. The winners were announced at the Computers, Freedom and Privacy Conference in New York on 3 April that year.
Google Street View
In March 2009, following the addition of 25 UK cities to Google's Street View service, Privacy International sent a formal complaint about the service to the UK Information Commissioner's Office (ICO). The complaint cited more than 200 reports from members of the public who were identifiable on images hosted by the service. Privacy International director Simon Davies said that the organisation had filed the complaint due to the "clear embarrassment and damage" Street View had caused to many Britons. He said that Street View fell short of the assurances given to the ICO that had enabled its UK launch and asked for the system to be "switched off" while an investigation was completed.
The ICO had given permission for the launch of the service in July 2008 based partly on Google's assurances that it would blur faces and vehicle licence plates to protect privacy. In its complaint, PI said that Google's claim that its face blurring system would result in a few misses was a "gross underestimation" and meant that the data used by Street View would fall under the UK's Data Protection Act 1998, which requires that subjects give permission for the use of information concerning them. However, the ICO rejected PI's complaint, noting that removing the service would be "disproportionate to the relatively small risk of privacy detriment" and that "Google Street View does not contravene the Data Protection Act and, in any case, it is not in the public interest to turn the digital clock back"
NSA-GCHQ Tribunal Case
In February 2015 PI and other claimants won a judgment from the UK Tribunal that the mass surveillance conducted by the GCHQ with data from the NSA was illegal up to December 2014, being in violation of the European Convention on Human Rights and lacking the necessary legal framework, whereupon PI launched a campaign enabling anyone in the world to ascertain (eventually) if the GCHQ illegally had their data from the NSA.
PI and public controversy
Privacy International's unconventional and sometimes aggressive approach to privacy advocacy has at times resulted in controversy and a questioning of its motives.
The most notable political controversy surrounding the organisation was sparked in 2005 when British Prime Minister Tony Blair and Home Secretary Charles Clarke publicly accused PI's director and founder Simon Davies of covertly using his academic affiliation with the London School of Economics (LSE) to undermine the government's plans for a national identity card. The LSE Director Sir Howard Davies strongly rebutted this charge. The government's intent was apparently to raise doubts about the accuracy of the report in several areas and in particular, the manner in which projected cost estimates had been calculated (based on figures developed by the independent IT analysis company, Kable), and what it called "selective and misleading use of evidence regarding biometrics and a failure to include any natural scientists to inform the report despite the significant claims made about biometrics and the accuracy of biometric technologies". Rather than address the issues raised by the report, several government politicians and their biometric experts instead chose to criticise the accuracy of the report, questioning whether the involvement of leading PI campaigners and well known opponents of identity cards meant that it could be considered unbiased. The episode is notable for the nature of its overtly political attack on an academic report from a leading UK university and its personalisation of criticisms of Simon Davies. Even MPs who supported identity cards recognised that the government had entered new territory by undermining independent academic work on issues of legitimate contemporary interest.
The government's claims of bias were strenuously denied by Simon Davies and resulted in heated debate between Government and Opposition parties both in the House of Commons and the House of Lords. The coverage led Davies to draw comparisons of the argument with former government scientific advisor David Kelly who took his life following an allegedly similar campaign.
In his 2006 autobiography, another former Home Secretary David Blunkett wrote "I am really sorry that the London School of Economics have allowed him (Davies) to even hint that he has any connection with them". Davies has lectured at the LSE since 1997 and continues to do so both as Visiting Fellow and as co-director of the LSE's Policy Engagement Network.
Simon Davies drew criticism for his apparent enthusiasm for aspects of Phorm's model of operation, stating that "[PI] DOES NOT endorse Phorm, though we do applaud a number of developments in its process." PI as a group has not published any analysis or comment concerning Phorm products.
In March 2009, following PI's criticism of Google Street View service, Davies sent an open letter to Google chief executive Eric Schmidt, accusing the company of briefing journalists against him, by claiming Davies was biased in favor of Microsoft. Google pointed to connections between Microsoft and data protection consultancy 80/20 Thinking, run by Davies, and said that Davies's connections to Microsoft should be made clear in public, as the credibility of his criticisms was undermined by the fact that he acted as a consultant to companies who are direct rivals and critics of Google; a fact Davies rarely disclosed in press releases or comments. 80/20 Thinking ceased operations in 2009.
Since 1997 Privacy International, in cooperation with the Electronic Privacy Information Center (EPIC), has conducted annual surveys in order to assess how much privacy nations' populations have from both corporative and government surveillance. The last global report was in 2007.
In January 2011, Privacy International, in cooperation with EPIC and the Center for Media and Communications Studies (CMCS) published the European Privacy and Human Rights 2010 report, funded by the European Commission's Special Programme "Fundamental Rights and Citizenship," 2007–13. This was an investigation of the European landscape of national privacy and data protection laws and regulations, as well as other laws, jurisprudence and recent factual developments with an impact on privacy. The study consisted of 33 targeted reports, an overview presenting a comparative legal and policy analysis of main privacy topics and a privacy ranking for all the countries surveyed.
- "Our people". Privacy International. Archived from the original on 2 December 2012. Retrieved 21 December 2012.
- "1147471 — Privacy International". Charity Commission for England and Wales. 28 May 2012. Retrieved 21 December 2012.
- Colin J. Bennett (1992). Regulating privacy: data protection & public policy in Europe and the United States. Cornell University Press. p. 248.
- "Interim report to members, 1990–1991". Privacy International. Archived from the original on 10 September 2012. Retrieved 31 July 2012.
- "Simon Davies". Privacy International. Archived from the original on 3 December 2012. Retrieved 21 December 2012.
- For a comprehensive analysis of the international privacy regulatory environment of that era see David H Flaherty, Protecting privacy in surveillance societies; University of North Carolina Press, 1989
- "Peddling Big Brother". Time. 24 June 1991. Retrieved 31 July 2012.
- "Financials". Privacy International. 2012. Retrieved 22 December 2012.
- "Big Brother Incorporated 1995". 22 November 1995. Retrieved 21 December 2012.
- "The Spyfiles". WikiLeaks. Retrieved 21 December 2012.
- "EU prohibits Iranian sales of equipment and technology that can be used to monitor and intercept communications". Bird & Bird. April 2012. Retrieved 21 December 2012.
- "Is France about to End Exporting Surveillance Technology?". Reflets.info. 24 July 2012. Retrieved 21 December 2012.
- "Rede von Außenminister Guido Westerwelle anlässlich der Konferenz" [Speech by Foreign Minister Guido Westerwelle at the conference "The Internet and Human Rights: Building a free, open and secure Internet"] (in German). German Federal Foreign Office. 14 September 2012. Retrieved 22 December 2012.
- Silenced: censorship and control of the Internet, 2003
- Briefing for Members of the European Parliament on Data Retention, September 2005
- Threatening the Open Society: Comparing Anti-terror Policies and Strategies in the U.S. and Europe, December 2005
- Booz Allen Not An Independent Check On SWIFT Surveillance: A Memo by the American Civil Liberties Union and Privacy International
- Regulatory challenges for the US and EU airlines and passengers: current & future challenges
- Legal Protections and Barriers on the Right to Information, State Secrets and Protection of Sources in OSCE Participating States
- A Race to the Bottom: Privacy Ranking of Internet Service Companies, June 2007
- Privacy and Cyberspace: Questioning the Need for Harmonisation, July 2005
- Politics of the Information Society: The Bordering and Restraining of Global Data Flows, UNESCO 2004
- The enhanced US border surveillance system: an assessment of the implications of US-VISIT, September 2004
- Mistaken Identity; Exploring the Relationship Between National Identity Cards & the Prevention of Terrorism, April 2004
- "Call to 'shut down' Street View". BBC News Online. 24 March 2009.
- "Privacy watchdog clears Google's Street View". ZDNet. 1 August 2008. Retrieved 22 December 2012.
- /Liberty_Ors_Judgment_6Feb15.pdf won a judgment in the UK Tribunal
- Victory! UK surveillance tribunal finds GCHQ-NSA intelligence sharing unlawful
- Did GCHQ illegally spy on you?
- "ID cards academic attacks Clarke". BBC News Online. 5 July 2005. Retrieved 31 July 2012.
- "Academics 'bullied' over ID cards". BBC News Online. 2 July 2005. Retrieved 31 July 2012.
- "ips.gov.uk" (PDF). Identity and Passport Service. Retrieved 31 July 2012.
- "ips.gov.uk" (PDF). Identity and Passport Service. 23 November 2005. Archived from the original (PDF) on 24 December 2007. Retrieved 31 July 2012.
- "Memorandum from Dr John Daugman, University of Cambridge". House of Commons Science and Technology Select Committee. January 2006. Retrieved 31 July 2012.
- "Identity Card Technologies: Scientific Advice, Risk and Evidence" (PDF). House of Commons Science and Technology Select Committee. 20 July 2006. Retrieved 31 July 2012.
- "David Davis MP (HC Deb, 28 June 2005, c1171)". Hansard. TheyWorkForYou. 28 June 2005. Retrieved 22 December 2012.
- "The Earl of Northesk (HL Deb, 6 February 2006, c448)". Hansard. TheyWorkForYou. 6 February 2006. Retrieved 22 December 2012.
- "'Hounding' could lead to another David Kelly case". Times Higher Education Supplement. 10 February 2006. Retrieved 31 July 2012.
- David Blunkett (15 October 2006). The Blunkett Tapes: My Life in the Bear Pit. Bloomsbury. p. 797. ISBN 978-0747-58821-4.
- "A Race to the Bottom: Privacy Ranking of Internet Service Companies". Privacy International. 9 June 2007. Retrieved 31 July 2012.
- Arthur, Charles (6 March 2008). "Your questions please for Kent Ertegrul, CEO of Phorm". The Guardian Technology Blog. London: The Guardian. Retrieved 30 May 2013.
- "Google 'trying to smear Street View critic'". The Belfast Telegraph. 28 March 2009.
- "National Privacy Ranking 2006 — European Union and Leading Surveillance Societies" (PDF). Privacy International. 2006. Archived from the original (PDF) on 10 January 2012.
- "Surveillance Monitor 2007: International country rankings". Privacy International. 31 December 2007. Retrieved 22 December 2012.
- "Surveillance Monitor 2011: Assessment of surveillance across Europe". Privacy International. 28 January 2011. Retrieved 22 December 2012.