42
A Democratic Licence to Operate
data privacy and was in violation of European privacy law.45 A follow-up report46 found
that Facebook could track users across the Internet without their consent, even if they
were not logged into Facebook at the time.47
2.45
In May 2015 the ICO announced a review of websites and apps used by children into
the type of personal information that may be collected, and will consider whether legal
action should be brought against any website or app found to be breaking the DPA
1998.48 The use of online services and apps by children is often unsupervised by adults
and therefore they may be particularly vulnerable to inadvertent data collection.
Public- and Private-Sector Transparency
2.46
While there have been calls demanding greater levels of government and agency
transparency – directly or via the commissioners and ISC – there have also been calls for
industry to be more transparent in how and when they collect and share data. Periodic
transparency reports, such as those published by Google,49 Vodafone50 and Facebook51
illustrate the response of private-sector companies to these calls.
2.47
Public understanding of surveillance for law-enforcement and intelligence purposes, and
the way in which personal data is processed, must therefore involve a certain degree of
organisational transparency. This transparency must apply at every stage of the process,
from the early stage of government setting its priorities for intelligence collection, to
information from the SIAs on the ways in which they acquire and retain information,
through to the audit processes implemented by the ISC and the commissioners.
2.48
That is not to say that all intelligence activity by the police and SIAs should be transparent.
Revealing sources and methods simply enables criminals and adversaries to evade
attention, impairing intelligence operations. In an area such as national security, where
there are obvious sensitivities around revealing capability gaps, there is understandable
hesitation from government and the agencies to provide information on capabilities and
45. Stephen Fidler, ‘Facebook Policies Taken to Task in Report for Data-Privacy Issues’, Wall
Street Journal, 23 February 2015.
46. Güneş Acar et al., ‘Facebook Tracking Through Social Plug-ins’, version 1.1, 2015, <https://
securehomes.esat.kuleuven.be/~gacar/fb_tracking/fb_plugins.pdf>.
47. Samuel Gibbs, ‘Facebook “Tracks All Visitors, Breaching EU law”’, Guardian, 31 March
2015.
48. ICO, ‘ICO Launches Review of Children’s Websites and Apps’, News, 11 May 2015, <https://
ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2015/05/ico-launches-reviewof-childrens-websites-and-apps/>.
49. Google, ‘Access to Information’, Transparency Reports, <http://www.google.com/
transparencyreport/>.
50. Vodafone, ‘Sustainability Report 2013/14’, <http://www.vodafone.com/content/dam/
sustainability/2014/pdf/vodafone_full_report_2014.pdf>.
51. Facebook, ‘Global Government Requests Report’, <https://www.facebook.com/about/
government_requests>.