Privacy and data protection


A US federal grand jury in Indianapolis has charged two Chinese nationals with conspiring to commit fraud, wire fraud, and intentional damage to a protected computer, in the 2014 case of data breach of Anthem, a health insurance company, as well as at least three other companies. The Anthem breach exposed 80 million records, including social security numbers, birth dates, addresses, and other information of Anthem customers and employees. The hacks were described as not state sponsored.

After Google announced new privacy tools at its annual developers conference, some experts have indicated that these updates sidestep more substantial changes that could have threatened the company's ad-driven business model. In the Time, a number of experts suggest these updates do not reflect privacy leadership, but ‘privacy theater’. Marc Rotenberg, from the Electronic Privacy Information Center, argues that ‘unless the Federal Trade Commission is prepared to bring enforcement actions against companies, these promises to protect privacy matter very little’.

Recent investigative work from Reuters into the work of an Indian company subcontracted by Facebook to label posts indicates potential breach of EU data protection rules. Workers of this company could access content posted, even with their names, by Facebook users without their explicit consent.

The Irish Data Protection Commission (DPC) has launched an investigation into ad tech giant Quantcast following a complaint from Privacy International. TechCrunch indicates that in cases where data controllers are found to have breached the GDPR, they can face financial penalties which can scale as high as 4% of their annual global turnover.


Concerns have been raised by experts on how online baby care product retailers and e-commerce companies such as Amazon, FirstCry, parentlane, and Johnson & Johnson’s BabyCenter are offering services such as age-based content, recommendations or discount coupons to parents who share specific information about their children. ‘Children are particularly vulnerable and require heightened privacy protection. Amazon, Parentlane and FirstCry must clarify and inform parents what (they) intend to do with the data being gathered,’ said Director of the Internet Freedom Foundation, Apar Gupta.

India is currently in the process of coming up with a law on data protection. The draft legislation bars companies from profiling, tracking or targeting children with advertisements and proposes strict restrictions on guardian data fiduciaries or companies that operate commercial websites or online services directed at children or process large volumes of personal data related to children.


Human Rights Watch published a report giving new insights on the surveillance conducted by the Chinese government in Xinjiang, through its Integrated Joint Operations Platform (IJOP). IJOP is a system of systems, gathering information from gas stations, checkpoints on the street, and access-controlled areas such as communities and schools. According to HRW, IJOP pulls information from these facilities, as well as CCTV cameras, integrates them, and monitors them for “unusual” activity or behavior that triggers alerts that authorities then investigate.



The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top