Why is internet privacy important and how are people fighting for it?

Government surveillance and internet privacy

In 2013, whistleblower Edward Snowden revealed to the world the mass digital surveillance being undertaken by governments, in particular the US and UK. News coverage slowly ebbed away, but campaign groups like Amnesty and Liberty have not forgotten.

Amnesty is taking action against the UK government over concerns that their communications have been unlawfully accessed by the UK intelligence services.

Amnesty states:

“Because of the global nature of our work, and our sensitive communications with activists around the world, it is highly likely that our communications have been intercepted. It’s unclear what processes exist for deciding what is gathered or who it is shared with in the UK. Our right to privacy protects us so we’re not persecuted for our beliefs, lifestyle or sexual orientation. But it’s being heavily eroded without us really noticing ...

[A] wide net is being cast through our private lives. It’s not being done with any grounds for suspicion, it’s being done to find the grounds for suspicion. It’s a huge rollback of our liberty. At the moment, the justification is to stop terror attacks, but what happens when that justification widens – or when the technology is sold on to less ethical states who use it to root out political opponents and journalists, and to oppress peaceful protest?”

Don’t Spy on Us, a coalition of groups including the National Union of Journalists, believes these surveillance powers affect not only personal online privacy, but also investigative journalism and freedom of expression.

It has got worse, not better

The UK Government response to Snowden’s revelations, rather than restraining surveillance, has legitimised and extended it. In 2016, the UK Government voted in what Liberty called the “most intrusive mass surveillance regime ever introduced in a democracy”.

Its official name is the Investigatory Powers Act (IPA).

Liberty states that, “It gives the authorities the power to collect information about everything we do and say online – on our mobiles and computers – by tapping directly into communications channels, ordering companies to hold on to our data and hacking into people’s devices. It reveals our health problems, our political views, our religious beliefs, our sexual preferences, our daily habits and our every movement.”

Liberty continues to challenge the IPA and the powers the IPA gives to agencies to build ‘bulk personal datasets’ which could leave people open to abuse and discrimination.

Political manipulation and privacy

In 2018, there was another ‘great privacy awakening’. The Cambridge Analytica scandal erupted, and we heard that the personal data from millions of people’s Facebook profiles had been harvested and allegedly used to influence voting in the US presidential election and the EU Referendum. The Electoral Commission has been called on to reopen investigations, after the former head of business development at Cambridge Analytica said that Leave.EU used datasets created by her employer to target voters in the run up to what became the Brexit vote.

Ranking Digital Rights

The fourth Ranking Digital Rights (RDR) Index was published in 2019, ranking 24 of “the world’s most powerful Internet, and telecommunications companies” on their policies affecting the human rights of users.

RDR states that companies’ failure to respect the fundamental rights to privacy, and freedom of expression and information, both of which are included in the Universal Declaration of Human Rights (UDHR), can cause or contribute to the violation of further rights, specifically:

right to life, liberty and security of person (UDHR art. 3); non-discrimination (UDHR art. 7, art. 23); freedom of thought (UDHR art. 18); freedom of association (UDHR art.20); right to take part in the government of one’s country, directly or through freely chosen representatives (UDHR art. 21).

Companies were assessed on whether they met international standards, such as the International Principles on the Application of Human Rights to Communications Surveillance, which were drafted by a global coalition of civil society, privacy and technology experts in 2013 to show how existing human rights law applied to modern digital surveillance.

Although most companies had improved since the previous year, only one third scored a total of 50% or more.

The report found that “Companies still do not adequately inform people about all the ways user information is collected and shared, with whom, and why” (including how they respond to government demands for data). You can view the RDR report cards for individual companies, and adapted reports for various countries.

Digital rights ranking

Percentage score across governance, privacy and freedom of expression for companies in the ethical shopping guides to email and broadband. Companies scoring under 50% lost half a mark under Human Rights.

RDR is currently revising its methodology for its next report in 2021 to include human rights harms associated with targeted advertising, algorithms, and machine learning. For example, algorithms on video-sharing platforms can prioritise controversial and inflammatory videos simply because they have lots of views or comments.

When personal information collected for targeted advertising is shared, it can enable discrimination against groups and individuals for their particular traits.

Analysis of social media has even been used for police surveillance of people involved in the Black Lives Matter protests against police brutality.

Privacy is not a niche tech issue

One podcast likened threats to online privacy to the threat of climate change. Both are more distant, or more real, depending on who or where you are. As the examples above illustrate, real people’s lives are affected now, and some people are more at risk than others.

However, we can all help. The more we fight for and normalise Internet privacy, the more protected the most at-risk people are. See our links to Tips and Tools in our feature on digital rights, and help to diversify the market. See point 7 of Ethical Consumer’s Manifesto for more on breaking up tech monopolies.

What are Cookies, GDPR and ePrivacy

Cookies are small files placed on your computer or mobile phone when you browse websites. Some are simply there to remember your settings. However, many websites allow third-parties to place tracking cookies, which collect data that is then sold to companies for targeted advertising, a business model that has taken over the Internet.

Data harvesting could influence what terms insurance companies will offer you, or whether you receive ads for particular jobs or not. Read more about tracking cookies in our interview with the Open Rights Group.

Currently, it feels like almost every website you go to pops up with a cookie policy. Some you cannot make disappear without agreeing to, while others say that your continued use of their site amounts to consent, and slip away if you ignore them.

If you do click to see your options, you may be allowed to reject all but the essential cookies which the site needs to function properly, or you may be  presented with a very long list of third parties who will place tracking cookies on your computer unless you follow each individual link to state your preferences.

Usually, this is enough to make you give in and ‘accept’.

However, digital rights campaigner Johnny Ryan states that Article 7 (3) of the GDPR (the EU General Data Protection Regulation introduced in 2018) requires that consent given for cookies must be as easy to undo as it was to give in the first place, and that refusing should not mean you are restricted from access.

If and when the GDPR is enforced, “consent messages should become far less annoying in Europe – because if a company insists on harassing you to opt-in, and you finally click OK, it will be required to keep reminding you that you can opt back out again.” The GDPR has also inspired similar laws in countries around the world including Brazil, India and China.

While GDPR regulation is concerned with protecting our personal data, alongside it should be another directive called the ePrivacy regulation, to cover the general confidentiality of communications. The European Commission proposed this at the start of 2017, and it was quickly agreed by the European Parliament. It has since been blocked and stalled as a result of a huge amount of industry lobbying.

The Corporate Europe Observatory reported in 2017 on which individual companies and industry lobby groups were active around ePrivacy. This included Google, Microsoft, Vodafone, Telefonica, Apple, and lobby groups ETNO, DigitalEurope and AMCHAM that included BT, Verizon (as an observer), Samsung and Liberty Global (Virgin).