Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Weigh In: Social Credit System, Red Flags and how to identify the trouble makers amongst us

Recommended Posts

@Hua GuofangCaspian Report is a a pretty interesting "high production value" (relatively speaking) youtube channel. Subscribed this summer. No idea who's behind it, but I found this topic fairly interesting since I'd never imagine China ever running out of people. They seem to have a different perspective on topics outside of the realm of what's normally discussed at least here in the U.S. Being "alternative" I usually take it with a grain of salt, but also value it because it's not the mainstream American perspective. One of the reasons I love conspiracy theories regardless of if they're accurate or not.

Link to post
Share on other sites
This forum is supported by the 12ozProphet Shop, so go buy a shirt and help support!
This forum is brought to you by the 12ozProphet Shop.
This forum is brought to you by the 12oz Shop.
  • Replies 60
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Oh, and yes, they are exporting this to other authoritarian and autocratic countries as well as encouraging borderline authoritarians to take it up, because "look how stable China is, even when the US

Wow I’m a hot mess I meant to post that in the nonsense thread, I’m still trying to decipher what drunk me meant, but I really appreciate the dialogue and people’s perspectives. 

LOL, there is no reward. Reward is you dont get fucked for being bad.

Posted Images

Both China and Russia have horrendous demographics (as does Japan, Australia, etc. then compare to South Asia and Africa and you can see where the future is). Google image China demographic forecast and you’ll get some great graphs that visualize how bad things are. 

Link to post
Share on other sites

Surveillance States: Which countries best protect privacy of their citizens?

@pabischoff October 15, 2019


Comparitech has assessed privacy protection and the state of surveillance in 47 countries to see where governments are failing to protect privacy and/or are creating surveillance states.

To do this we looked at a number of categories, from the use of biometrics and CCTV to data sharing and retention laws.

What did we find?

Not one country is consistent in protecting the privacy of its citizens, most are actively surveilling their citizens, and only five could be deemed to have “adequate safeguards.”

Are things improving or getting worse?

In the EU, the General Data Protection Regulation (GDPR) is helping improve privacy laws, on the whole. However, it doesn’t prevent some countries from entering into agreements that encroach on residents’ privacy through data sharing with other countries, e.g. the Treaty of Prüm. It doesn’t stop some countries from increasing their use of biometric surveillance, either.

Outside of the EU, several countries are creating what can only be described as surveillance states, with privacy rights seemingly taking a serious back seat. Perhaps unsurprisingly, China and Russia are the biggest culprits.

How do countries like the UK and US fare?

We’ll find out below.

Key findings

Here are some notable findings from the study:

  • China’s government not only fails to protect citizens’ privacy, but actively invades it
  • Collection and retention of biometric data—fingerprints and faces—is ramping up worldwide
  • EU countries tend to share a large amount of their citizens’ data with fellow member states
  • Immigrants are often most impacted by government surveillance, particularly when they enter or leave a country
  • Only five countries have adequate privacy safeguards according to our scoring system, and all of them are in Europe. The GDPR plays a large role in this, but does not account for everything
  • No countries earned a perfect score, or even a near-perfect score
  • Enforcement varies widely even among those countries with good privacy laws

Scoring system (for each category and overall)

4.1-5.0 = Upholding privacy standards on a consistent basis

3.6-4.0 = Significant safeguards and protections

3.1-3.5 = Adequate safeguards against abuse

2.6-3.0 = Some safeguards but weakened protections

2.1-2.5 = Systemic failure to maintain safeguards

1.6-2.0 = Extensive surveillance

1.1-1.5 = Endemic surveillance

EU and non-EU privacy ranking

  Total Score Card Constitutional Protection Statutory Protection Privacy Enforcement Identity Cards and Biometrics Data-sharing Visual Surveillance Communication Interception Workplace Monitoring Government Access to Data Communication Data Retention Surveillance of Medical, Financial and Movement Border and Trans-Border Issues Leadership Democratic Safeguards
Ireland 3.2 Adequate Safeguards 3.3 3.2 3.1 3.3 3.7 3.0 2.9 3.2 3.1 3.1 2.6 3.2 3.5 3.2
France 3.1 Adequate Safeguards 2.9 3.4 3.4 3.4 2.7 3.1 3.1 3.3 3.1 2.8 3.2 3.1 2.7 3.1
Portugal 3.1 Adequate Safeguards 3.1 2.8 3.4 3.6 3.3 3.2 2.8 3.3 3.1 2.9 2.8 3.1 2.7 2.9
Denmark 3.1 Adequate Safeguards 2.9 3.3 3.0 2.9 3.4 3.2 3.2 3.1 3.1 2.6 2.7 3.1 3.3 3.1
Malta 3.0 Some Safeguards/Weakened Protection 3.1 3.5 3.8 2.9 2.8 3.2 2.7 3.3 3.1 3.4 2.7 2.9 2.8 2.2
Lithuania 3.0 Some Safeguards/Weakened Protection 3.3 3.1 3.3 2.6 2.9 3.3 3.1 3.2 3.0 3.2 2.7 2.8 2.9 3.0
Cyprus 3.0 Some Safeguards/Weakened Protection 3.1 3.1 3.2 2.3 3.1 3.6 3.1 3.1 3.0 2.9 3.2 2.7 2.8 3.1
UK 3.0 Some Safeguards/Weakened Protection 2.9 3.4 3.4 3.2 2.9 3.1 3.1 2.8 3.1 2.8 2.7 3.2 2.7 2.6
Netherlands 3.0 Some Safeguards/Weakened Protection 2.7 3.3 3.8 2.6 2.9 3.1 2.9 3.1 3.2 2.9 2.6 2.7 2.7 3.3
Greece 3.0 Some Safeguards/Weakened Protection 3.2 2.5 3.3 2.8 2.8 2.9 2.9 3.8 2.9 3.4 2.5 3.0 2.8 2.9
Czech Republic 3.0 Some Safeguards/Weakened Protection 3.1 3.2 2.9 3.0 3.1 3.1 3.1 3.4 2.8 2.8 2.9 2.6 2.8 2.6
Bulgaria 3.0 Some Safeguards/Weakened Protection 3.3 3.2 3.3 2.8 3.0 3.1 3.2 3.4 2.8 2.6 2.8 2.8 2.8 2.2
Poland 2.9 Some Safeguards/Weakened Protection 3.1 3.2 3.4 3.1 2.7 2.8 3.1 3.2 2.3 2.6 3.3 2.9 2.7 2.6
Slovakia 2.9 Some Safeguards/Weakened Protection 3.1 3.3 2.6 2.9 2.7 3.1 2.6 3.2 3.2 2.9 3.1 3.2 2.9 2.1
Latvia 2.9 Some Safeguards/Weakened Protection 3.1 3.2 3.3 2.9 2.7 2.9 2.8 3.2 2.9 2.7 2.7 2.8 2.7 2.8
Sweden 2.9 Some Safeguards/Weakened Protection 2.6 3.1 2.8 2.7 3.0 2.7 3.4 3.1 3.1 2.8 2.3 3.1 2.2 3.7
Estonia 2.9 Some Safeguards/Weakened Protection 2.9 2.7 3.1 2.4 2.7 3.2 2.8 2.9 2.8 2.2 3.6 2.9 3.1 3.3
Romania 2.9 Some Safeguards/Weakened Protection 3.4 3.1 2.8 2.9 2.8 3.2 3.3 2.8 2.5 3.1 3.0 2.6 2.2 2.7
Austria 2.9 Some Safeguards/Weakened Protection 2.9 3.3 3.3 2.8 2.7 3.3 3.1 3.2 2.9 2.6 3.1 2.9 2.2 2.1
Showing 1 to 20 of 49 entries

Bottom 5 non-EU countries

  1. China – 1.8 – Extensive surveillance
  2. Russia – 2.1 – Systemic failure to maintain safeguards
  3. India – 2.4 – Systemic failure to maintain safeguards
  4. Thailand – 2.6 – Some safeguards but weakened protections
  5. Malaysia – 2.6 – Some safeguards but weakened protections


China’s ranking isn’t much of a surprise but where does its extensive surveillance arise from?

  • Privacy laws lack clear guidelines, which makes them difficult to enforce
  • ID cards are mandatory in China for anyone over the age of 16
  • China is heavily reliant on biometrics and artificial intelligence (AI). For example, facial recognition cameras are now catching jaywalkers, triggering a text message, and sending their image to large screens to publicly shame them. China also uses these types of cameras to track and monitor Uighurs, the country’s Muslim minority
  • Data is frequently shared among agencies and state intelligence has a green light to request data from any organization or citizen
  • Surveillance cameras with facial recognition are now the “norm” in China and there are few limitations in place on CCTV as a whole
  • Intelligence services and law enforcement can intercept communications without a court order – and how they perform these interceptions is still largely unknown
  • Employees aren’t protected when it comes to their communications, despite the data subject needing to give their consent for data collection. Courts have been known to rule in favor of the employer (where an employee didn’t give their consent for email monitoring) and employees’ brainwaves have even been monitored to “aid productivity”
  • There are no time limits on data retention but there are specific requirements on what data needs retaining. For example, text message service providers have to store various information for a minimum of five months
  • Medical data is frequently used for research or as “public interest records”
  • All financial transactions over a certain amount have to be reported to a government agency
  • Extreme surveillance is being implemented at China’s borders with apps being installed on people’s phones (without consent) to scan for “inappropriate content”
  • China is a member of Interpol but many countries are wary of sharing data with China due to how it may use it
  • The government controls most media sources

It is difficult to draw any positives from China’s privacy rights. Even if they are mentioned in law, the reality is often very different.


Closely following China is Russia, with its poor score coming from:

  • Its regulatory body, the Federal Service for Supervision of Communications, Information Technologies and Mass Media (Roskomnadzor), is incredibly active but often in cases of censorship rather than privacy
  • It is in the process of creating an eGovernment framework which will allow for inter-agency data sharing but will also grant the general public access to government-held information
  • Companies are often required to hand over data to the government with the most recent example being Tinder. If they fail to comply, they are blocked
  • Started to build its own “sovereign internet” with fears that this will remove its need for the world wide web and will create a highly-censored internet that’s used for surveillance
  • Facial recognition is already being used in cameras to track down debtors
  • Despite clear safeguards to protect against communication interception (i.e. a court order is required in most cases), there were 540,000 approved interceptions in 2012, showing little limitation on what is and isn’t granted
  • Intercept capability need not be offered by service providers as the System of Operative-Search Measures (SORM) enables the Federal Security Service (FSB) to eavesdrop on communications via a direct line from internet service providers. In most cases, operators and ISPs aren’t even aware this is happening
  • Telecom service providers have to store call and message records for a minimum of six months
  • All transactions over the value of 600,000 roubles have to be reported to the relevant agency
  • AI technology is being implemented at Russia’s borders to collect data
  • Member of Interpol and various tax agreements that involve the sharing of data
  • Laws against “fake news” were recently passed but many believe this is just a bid to aid censorship. Furthermore, independent media outlets are being squeezed out or “brought under control” and TV channels are known for showing propaganda, highlighting some of the reasons why Russia is ranked 149th in the world in the World Press Freedom Index

Again, it’s hard to find anything constructive within Russia’s “privacy policies.” On the same day that the European Court of Human Rights (ECHR) ruled against Russia, Russia introduced a new law that allows it to overrule decisions made by the ECHR. And although Russia has fined Facebook because it failed to comply with its local data privacy law (which requires all foreign and domestic companies that are processing, storing, or accumulating data of Russian citizens to store this data on a server within Russia), it is questionable as to how much this relates to privacy and how much this relates to control over data.

We have marked Russia relatively well for workplace monitoring because there are safeguards in place and Russia should, in theory, apply the case of Barbulescu v. Romania (employees should always be notified of monitoring) because it’s a member of the ECHR. However, as noted above, there are no guarantees this will happen.


A number of concerning aspects of India’s laws and regulations threaten citizens’ privacy, including:

  • Its Data Protection Bill is yet to take effect and there isn’t a data protection authority in place, meaning privacy protections are weak at present
  • The Aadhaar Identification Scheme gives citizens a unique ID number and is also home to the largest biometric database, which contains 1.23 billion people
  • This database also contains information such as purchases, bank accounts, and insurance
  • Trying to get WhatsApp to make messages traceable by adding a digital fingerprint to every message sent
  • CCTV isn’t regulated and any privacy laws relating to it are very vague and open to interpretation
  • 10 government agencies have recently been given the authorization to decrypt, monitor, and intercept data on any computer (but this must be approved by the Home Secretary)
  • Should service providers fail to offer intercept capabilities, they could face prison for up to seven years
  • Looking to install hi-tech border surveillance at certain borders
  • Frequently shares information with the US and has multiple Mutual Legal Assistance Treaties with different countries
  • Ranks 140th in the world for the Press Freedom Index with 6 journalists (at least) being killed in 2018

What is clear is that the laws and courts of India are starting to protect data privacy. For example, the courts changed the law so private companies did not have the right to request ID numbers, and government agencies’ access to the Aadhaar database has been recently withdrawn. Covert surveillance will also be banned when the new data protection law comes into power. However, with surveillance tactics and biometrics already going incredibly far, it’s questionable as to how much a law will change things.


  • National ID card with fingerprints
  • Biometrics are heavily used and are a requirement for many day-to-day things. For example, a biometric check must be performed to buy a SIM card
  • CCTV is widely used and accepted in Thailand. But a new law does require a data owner to be informed that they’re being monitored
  • Although the Special Case Investigation Act states a chief judge must grant permission for communication interception to occur, a military coup in 2014 enabled the military to intercept any messages under Martial Law
  • The Computer Crimes Act allows officers of the Ministry of Digital Economy and Society (MDES) to request documents and computer data from service providers. This is all done without a warrant. With a warrant, they are able to request much more information
  • Thai police have a technology that can gain access to chat room messages, emails, and text messages – but this should be conducted under a court order
  • Fingerprints are collected when people enter the country
  • Part of numerous international data-sharing agreements
  • New laws and the Junta do impose restrictions on the freedom of speech in Thailand, with many believing that the new cybersecurity law will be used by the government to silence critics

Thailand recently implemented the Personal Data Protection Act (PDPA) on May 28 2019. It is hoped this will create Thailand’s very first consolidated data protection act but people are being given a one-year grace period to adjust to these new laws. Workplace monitoring and data retention policies should improve. A recent development (which happened post-study) also means Thai cafes are being forced to create a log of customers’ browsing data for 90 days – at least. The government has suggested that this is to help identify users who are violating Thai law and are creating “fake news.”


  • Calls for a more in-depth privacy law that covers all matters. At present, there is only the Personal Data Protection Act 2010 (PDPA) which protects the personal data of a data subject
  • However, the courts have been quite proactive in enforcing this law, and the data protection agency frequently inspects businesses and offers recommendations on their data practices
  • A national ID card (MyKad) is compulsory from the age of 12 and contains biometrics (thumbprints). It also stores bank details, certain health information, can be used to make purchases, and stores data for up to 20 years (the card’s only valid for 10, though)
  • For children up to the age of 12, MyKid carries parents’ religion details, birth data, health information, and education data
  • Face recognition technology is also on the rise with Grab Malaysia teaming up with the Ministry of Transport to improve driver safety and provide safeguards against crimes
  • Few laws surrounding the use of face recognition technology
  • Data sharing does require written consent in most cases, but the government does have a platform (MyGDX) which facilitates intergovernmental agency data sharing
  • CCTV is prevalent in Malaysia and there are few safeguards in place. However, a “CCTV Guide” that is yet to come into law will enforce a few more protections, e.g. notifying people of CCTV monitoring
  • Several large data breaches involve financial and medical details
  • Founder of the ASEAN Treaty on Mutual Legal Assistance in Criminal Matters

The introduction of the data protection law in 2010 did make some improvements to Malaysia’s data privacy – but, as technology advances and times change, these need updating to better protect all types of data, including biometrics.

Bottom 5 EU countries

  1. Italy – 2.7 – Some Safeguards/Weakened Protection
  2. Hungary – 2.7 – Some Safeguards/Weakened Protection
  3. Slovenia – 2.7 – Some Safeguards/Weakened Protection
  4. Germany – 2.8 – Some Safeguards/Weakened Protection
  5. Spain – 2.9 – Some Safeguards/Weakened Protection


Italy fails to uphold privacy protections in a number of areas. This includes:

  • An ID card that contains biometrics
  • Extensive use of biometrics, including facial recognition in airports, is causing concern among citizens
  • Data-sharing agreements as part of the Treaty of Prüm and Schengen Agreement
  • Extensive CCTV use (including with facial recognition)
  • Lengthy data retention periods (six years for internet and telephone traffic data)
  • It lacks freedom of the press

The Italian regulatory body in charge of enforcing the GDPR, Garante, hasn’t been very active. This could be due to there being a lack of data breaches or it may indicate a lack of implementation. However, Italy has made efforts to prohibit workplace monitoring.


  • Hasn’t always protected its people’s right to privacy, even ruling that police officers were not entitled to their right to privacy because their roles as agents of public power outweighed it
  • ID card contains owner’s fingerprint
  • Employers are also allowed to use biometrics in certain situations, i.e. to prevent unauthorized access to information
  • Building a facial recognition database from the identification photos of its citizens and tourists
  • Government agencies are able to take data from telecommunication companies without a warrant
  • Part of the Treaty of Prüm and the Schengen Agreement

GDPR is helping to make some improvements in Hungary, for example, helping enforce people’s rights when it comes to CCTV footage and protecting data as a whole through fines given by The Hungarian National Authority for Data Protection and Freedom of Information.


With the highest record of human rights violations per capita in Europe, Slovenia is constantly being monitored to see if and how it is improving the protection of its citizens. We’ve found:

  • Although Slovenia is part of the EU and the GDPR law applies, it hasn’t implemented it through its own legislation, leaving leaves large question marks over its data protection policies
  • This also removes some of the integrity and strength of its regulatory body, the Information Commissioner (IC)
  • It relies on biometrics in its passports
  • It’s part of the Treaty of Prüm and Schengen Agreement

Although the GDPR should, in theory, improve things in Slovenia, there are reports to suggest that it isn’t being properly implemented in many EU countries. And with Slovenia’s lack of laws, this is likely the case. Equally, the draft bill proposed by Slovenia has been criticized by many as “overstepping” the boundaries put in place by GDPR.


Despite privacy enforcement in a number of areas (sensitive data and the implementation of the data protection law, Bundesdatenschutzgesetz) and the active role of its Data Protection Conference, Germany is failing its citizens in a number of areas. These include:

  • Its extensive use of biometrics, including in a national ID card
  • Being a founding member of the Treaty of Prüm and Schengen Agreement
  • Its allowance of CCTV cameras with facial recognition
  • Controversial data retention directives
  • Lack of privacy protection for journalists
  • Heavy censorship of social media posts through “hate speech” laws


Again, Spain’s data protection authority, the Agencia Española de Protección de Datos (AEPD), has been effective in implementing the GDPR laws, fining La Liga €250,000 for privacy violations. However, the privacy rights of its citizens are significantly reduced due to:

  • Its increasing use of biometrics (and the general overall acceptance of this)
  • ID card that contains biometrics
  • It being a founding member of the Treaty of Prüm, the Schengen Agreement, and tax data-sharing agreements
  • Its communication data retention policies have been met with a lot of criticism (12 months after the communication but this can be extended to 2 years)
  • A gag law on journalists

Top 5 non-EU countries

  • Norway – 3.1 – Adequate Safeguards
  • South Africa – 3.0 – Some Safeguards/Weakened Protection
  • Switzerland – 3.0 – Some Safeguards/Weakened Protection
  • Argentina – 3.0 – Some Safeguards/Weakened Protection
  • Canada – 3.0 – Some Safeguards/Weakened Protection


As the only non-EU country to be found to have “adequate safeguards,” Norway is succeeding at:

  • Implementing GDPR laws
  • Fining companies who are not protecting data (the municipality of Bergen was fined €170,000 for violating GDPR laws by leaving 35k usernames and passwords of primary school students and employees openly accessible)
  • Protecting freedom of speech (it’s ranked number one in the World Press Freedom Index and has been for the last three years)
  • Offering extra privacy protection for certain jobs, e.g. lawyers and medical practitioners

Biometrics do let Norway down. It is looking to introduce them into ID cards in 2020 and law enforcement does have access to biometric data. Norway is also a member of the Schengen Agreement and parts of the Treaty of Prüm.

South Africa

  • Privacy rights are protected through the constitutional court
  • Landmark case in which bulk interception by the National Communications Centre was declared unlawful by the High Court (amaBhungane Centre v Minister of Justice)
  • Limits on data sharing, even between agencies within the same sector
  • Not part of any invasive international treaties (but it is involved in tax-sharing agreements)

South Africa is in the process of introducing an Information Regulator and the Protection of Personal Information Act (POPIA) which will help to further enforce privacy rights. But as these aren’t yet fully in place, it does create some gray areas. Biometrics are also on the rise and the newly introduced South African ID card contains fingerprints.


  • Actively enforcing privacy rights with its Federal Act on Data Protection (due to be updated in 2020)
  • Its data protection agency, the Federal Data Protection and Information Commissioner (FDPIC), is rumored to be the regulator Facebook wants to manage its cryptocurrency, Libra
  • No mandatory ID card with biometrics
  • Freedom of speech and the media

Despite Switzerland being a “tax haven” for many years, it is now clamping down on this by sharing tax details with other countries. It is also part of the Schengen Agreement and has signed an agreement with member states of the Prüm Decision so they can share data. Switzerland also allows workplace monitoring without permission, so long as an employee is informed.


  • Actively trying to improve data privacy and keep up with other laws (i.e. the GDPR) and technological advancements
  • Adequate safeguards for areas of surveillance and workplace monitoring
  • Warrants are required for communications to be intercepted

Argentina’s mandatory ID card does contain biometrics. Biometrics are widely implemented and accepted on the whole. The Data Protection Act is in need of an update, particularly when it comes to data retention laws (there are no clear guidelines as such, leaving it very open to interpretation). Argentina also actively shares personal information with other countries


  • 28 different statutes protecting data privacy in the private, public, and health sectors
  • Adequate safeguards for areas of surveillance and workplace monitoring
  • Very similar data retention laws to the GDPR

Canada’s regulatory body, the Office of the Privacy Commissioner of Canada, is criticized as being lackluster in its authority but there are talks to improve its powers so it can levy fines. Biometrics are on the rise with fingerprints now being a requirement for people applying for certain kinds of visas. Data sharing is also an issue due to the agreements Canada has with other nations (approximately 17). And Canada recently ruled against a journalist, requiring him to disclose a source.

Top 5 EU countries

Due to the recent implementation of the GDPR laws, there isn’t much difference in the scores of EU countries. What tends to differentiate them is their data-sharing agreements with other countries, their freedom of speech, their use of biometrics, and other country-specific rules and regulations.

  1. Ireland – 3.2 – Adequate Safeguards
  2. France – 3.1 – Adequate Safeguards
  3. Portugal – 3.1 – Adequate Safeguards
  4. Denmark – 3.1 – Adequate Safeguards
  5. Malta – 3.0 – Some Safeguards/Weakened Protection


Ireland tops the list when it comes to privacy and surveillance protection due to:

  • The active role the Data Protection Commission of Ireland is playing in protecting privacy (18 ongoing investigations into US technology companies, for example)
  • Its resistance toward biometrics on ID cards, despite it being an EU regulation
  • It not being part of invasive data-sharing agreements, i.e. the Treaty of Prüm or the Schengen Agreement
  • An active role in overturning the EU’s data retention directive due to its breach of privacy and human rights
  • Its opt-out clause for EU laws

The categories that let Ireland down were its weakened protections for sensitive data (i.e. several data breaches in the medical industry), the subsidization of CCTV, and a threat to press freedom due to the concentrated ownership of media outlets.


Just behind Ireland is France, which scored reasonably well because of:

  • Its data regulator, the Commission Nationale de l’Informatique et des Libertés (CNIL), successfully enforcing GDPR laws by fining Google €50 million because it didn’t get proper consent from users for its ad personalization (it used pre-ticked boxes)
  • The CNIL being proactive before the implementation of GDPR, fining Uber €400,000 for its data breach
  • No biometrics required for the mandatory French ID card
  • The CNIL actively debating and preventing the use of biometrics in other areas, e.g. in the workplace
  • The requirement for a Data Protection Impact Assessment (DIPA) before surveillance is installed for large-scale public monitoring

However, France is a member of the Treaty of Prüm and the Schengen Agreement. There is active data sharing occurring within France, too. For example, suspicious transactions must be reported as part of anti-money laundering laws. Communication data is retained for one year.


Portugal also makes the top three due to:

  • Its regulator, the Comissão Nacional de Protecção de Dados (CNPD), actively enforcing the GDPR
  • Its recent €400,000 fine of a hospital for various data breaches – one of the largest GDPR fines to date
  • Biometric databases being forbidden
  • Its restriction and regulation of CCTV use
  • Has a history of protecting employees’ privacy through domestic legislation

Portugal was one of the last European countries to implement the GDPR law (one year and three months after it was enforced). It is also a member of the Treaty of Prüm but, due to its lacking DNA database (less than 0.1% of its citizens are on it), it doesn’t share much information and only shares data with select countries. That said, it is also a member of the Schengen Agreement and data is regularly shared internally, too, i.e. for anti-money laundering laws.


Denmark receives its score of “adequate safeguards” because of:

  • The active role of the Danish data protection agency, the Datatilsynet (DPA), since the implementation of the GDPR
  • Its general success at implementing GDPR across a range of categories
  • The Danish ID card not containing biometrics
  • Its opt-out agreement with EU laws
  • The protection of freedom of expression

Yet, there is a worrying acceptance of both biometrics and CCTV cameras within Denmark which may allow privacy controls to slip. The sharing of data, both within Denmark and with other countries (part of the Schengen Agreement) also lowers the score, as do the queries over data retention (location data from mobile phones).


Although Malta does make the top 5, it does also fall into a lower category than the other four EU countries. It received a “some safeguards but weakened protections” score due to:

  • Courts ruled in favor of privacy when it comes to short data retention periods (the case of Maltapost PLC Vs Kummissarju Ghall-Informazzjoni u l-Protezzjoni tadData)
  • Its data protection authority, the Information and Data Protection Commissioner (IDPC), works proactively to enforce the GDPR and fines
  • The Maltese ID card does not contain biometrics
  • The IDPC requires notification before CCTV is installed

Malta is, however, a member of the Treaty of Prüm and the Schengen Agreement and does have weakened protections when it comes to communication interception and sensitive data. It also has a systemic failure to uphold safeguards when it comes to democratic issues like freedom of the press (the majority of media sources are owned by politicians).

Where do the US and UK rank?

United States

The US is seventh from bottom in our non-EU rankings. This is due to:

  • Biometrics growing in use with the Biometric Exit Program predicted to be in place within four years, processing 97% of people who leave the US
  • Courts rule in different ways when it comes to biometrics. There are several debates over topics like whether the police could ask you to unlock your phone with your fingerprint
  • Building a database of biometric information containing digital facial images and the 10 fingerprints of over 200 million people who have tried to enter, have entered, or have exited the US
  • Private companies are able to set their own guidelines when it comes to processing personal data
  • There are no federal laws regarding the use of CCTV, meaning usage varies drastically on a state-by-state basis. For example, some states include a safeguard that prohibits CCTV use in areas where people expect privacy, e.g. changing rooms, but some do not
  • Only two states require companies to inform their employees of workplace monitoring
  • Numerous data breaches across all sectors
  • Part of numerous international data-sharing agreements
  • Recently created the Clarifying Lawful Overseas Use of Data (CLOUD) Act which allows law enforcement of cooperating countries to request data directly from service providers rather than having to go through the government

Data protection in the US is governed by multiple sectoral laws and laws also differ by state. This can cause some confusion and inconsistency, and it can leave some huge gaps in certain areas/states. Nevertheless, some of the governing bodies actively pursue data privacy. For example, the Federal Trade Commission (FTC) recently fined Facebook $5 billion for privacy violations.

United Kingdom

At present, the UK is governed by GDPR laws but has also implemented its own Data Protection Act, which will remain in place post-Brexit.

  • The governing body, the Information Commissioner’s Office (ICO), has already issued a number of fines, including one of £183 million to British Airways for breaching customer data and one of £99 million to hotel chain Marriott for exposing 399 million guest records
  • The UK is not part of the Prüm Decision (but has requested to be and is involved in parts of it – see below) or the Schengen Agreement
  • Certain safeguards are in place for CCTV usage (i.e. businesses must inform the ICO why they are using CCTV and must tell people they are being recorded), communication interception (warrants are required), and government access to data (again, warrants are often required)
  • Does have opt-out agreements with EU laws

Despite some of these safeguards, the UK is moving toward more biometrics, more CCTV, and could involve itself in further international treaties post-Brexit. It has recently joined the Prüm DNA framework, which allows law enforcement agencies to share DNA profiles and fingerprints, giving member states access to the UK’s database of over 5 million people. Workplace monitoring is also accepted (if employers can justify their reasons for doing so) and there have been cases of employees being fired for things they have said on social media.

How things look overall

If we merged the rankings of both the EU and non-EU countries, the leaderboard wouldn’t look much different to the EU one. All that would change is Norway taking second place, pushing Malta out of the top five.

What is interesting about these top five (the only ones to receive an “adequate” score) is that they are all governed by the GDPR laws. So, while there is still huge room for improvement in all countries, the GDPR laws do seem to be encouraging them to move in the right direction.

Constitutional Protection Statutory Protection Privacy Enforcement Identity Cards and Biometrics Data-sharing Visual Surveillance Communication Interception Workplace Monitoring Government Access to Data Communication Data Retention Surveillance of Medical, Financial and Movement Border and Trans-Border Issues Leadership Democratic Safeguards
Slovenia, Australia, China, Sweden, Singapore, Netherlands, Luxembourg, Hungary, Italy, Malaysia China, Greece, Slovenia, Finland, Malaysia, Estonia, India, Hungary, Portugal, Russia India, Thailand, Brazil, Slovenia, Russia, Slovakia, China, Iceland, Japan, Finland China, India, Japan, Cyprus, Hungary, Germany, Malaysia, Estonia, Italy, Thailand Russia, China, Hungary, India, Luxembourg, Malaysia, Belgium, Spain, Slovenia, Canada China, Russia, Philippines, Brazil, India, Malaysia, Germany, Thailand, Italy, Hungary China, Russia, India, Thailand, Sinapore, Australia, Hungary, Finland, Germany, Luxembourg China, India, Taiwan, Thailand, Singapore, Australia, US, Philippines, Russia, Hungary Russia, China, Finland, Thailand, Poland, India, Luxembourg, Singapore, Romania, Australia China, Russia, Italy, Estonia, US, Germany, Taiwan, Slovenia, Poland, India US, Sweden, Malaysia, Greece, China, Russia, Singapore, Netherlands, Ireland, India China, Russia, Germany, Slovenia, Malaysia, Spain, New Zealand, Thailand, Canada, Israel China, Russia, Slovenia, Romania, Austria, Sweden, Italy, India, New Zealand, US China, Russia, Thailand, Brazil, Austria, India, Slovakia, Bulgaria, Malta, Israel


Each country was given a score per category based on a number of criteria (listed below). Then, to gain an overall score, we added up the total of these scores before dividing by 14 (the number of categories in total).

Constitutional Protection

  • Does a constitution exist and does it protect privacy?
  • Does the constitutional court have a ruling over privacy protection? If so, does it have a history of providing these protections?
  • Is the country a member of the EU (the GDPR plays a key role)?

Statutory Protection

  • Are there laws in place that protect people’s privacy against companies and governments?
  • Are there sectoral laws? E.g., anti-money laundering laws or medical laws.
  • Do these laws succeed in protecting privacy?

Privacy Enforcement

  • Is there a regulatory body, e.g. a Data Protection Authority, that has the power to investigate privacy cases?
  • Are they proactive at doing this? Are there any cases that have been taken through the courts/legal systems?

Identity Cards and Biometrics

  • Does the country have a national ID card? Does this have biometrics?
  • Are biometrics common? Are they used to aid privacy or are they used for surveillance?
  • Is there a privacy debate in the country about this use of biometrics? Or are most happy with the technology?

Data Sharing

  • Are there laws to prevent the secondary use of data?
  • Does the government share personal data between its agencies?
  • Do companies have to hand over personal data to the government?

Visual Surveillance

  • How prevalent is CCTV in the public and private sector?
  • Are CCTV cameras regulated?
  • Is there any debate surrounding the use of CCTV?

Communication Interception

  • Are there laws that prevent abuse?
  • When can law enforcement intercept communications, i.e. with a warrant, if they have reasonable doubt, etc.?
  • What types of investigations can result in communication interceptions?
  • Who authorizes their access, if anyone?
  • Are telecommunication providers expected to allow interception capabilities?

Workplace Monitoring

  • Are there laws that prevent abuse?
  • Are there legal avenues/cases?
  • Are companies given adequate guidelines to follow?

Government Access to Data

  • What are the warrant regimes? For example, can they enter a property without a warrant?
  • How does law enforcement gain access to private sector databases?
  • What powers do various agencies have to access data?

Communications Data Retention

  • Do telecommunication providers have to retain data for a specific period of time? If so, how long?
  • Are there considerations for different types of data and how the retention periods may differ?

Surveillance of Movement, Finances, and Medical Data

  • Although this data is sensitive, is it adequately protected?
  • Are there laws which allow for the monitoring of these types of data? E.g. anti-money laundering laws.
  • Have there been data breaches involving this type of data?

Border Issues

  • Does the country have biometrics at its borders?
  • Is the country cooperating with other countries when it comes to law enforcement and surveillance?


  • Is the government part of any anti-privacy treaties? E.g., Five Eyes or the Treaty of Prüm?
  • What data is the government sharing with other countries?

Democratic Safeguards

  • Is there freedom of speech in the country?
  • Are there protections in place for journalists?


For each country’s report, sources, and scores, please see this spreadsheet: https://docs.google.com/spreadsheets/d/1uPCfyzwT2b47oX0kcYg3kn3V4H6IWUikp4jMOVUWmJA/edit?usp=sharing



Link to post
Share on other sites

This is mainstream media from Japan.


Not sure what to make of the piece as it reads a little more like a scare campaign. The threat of China exporting authoritarianism is real, this piece just has very little detail on what/why/when/how/etc. And that likely says more about Japan, their sentiments and what they fear.



Beijing exports 'China-style' internet across Belt and Road

Xi pushes controlled ecosystem with assist from big business

SHUNSUKE TABETA, Nikkei staff writer October 21, 2019 04:50 JST





WUZHEN, China -- Chinese censorship has soared under President Xi Jinping through such measures as mandatory face scans and registration of phone numbers and bank account information for internet access.


Social media content is tightly policed, with material disfavored by the Communist Party removed. Now China is eager to export its model to countries across its Belt and Road Initiative -- a strategy clearly in evidence at the sixth annual World Internet Conference, which kicked off here Sunday.


It is the common responsibility of the international community to develop, use and govern the internet well so that it can better benefit mankind, Xi said in a message conveyed at the conference's opening ceremony.


China has many internet controls, such as a comprehensive cybersecurity law that took effect in 2017. In addition to the heightened scrutiny for internet access, foreign players including Google and Facebook are shut out, with the government pushing their domestic counterparts to monitor users and quash dissent.


Such moves have met with little resistance because the Chinese internet has also made life incredibly convenient. E-payment platforms operated by Alibaba Group Holding and Tencent Holdings protect businesses from counterfeit bills while letting users pay by smartphone in stores and online. Ride-hailing and other services are also easily accessible.


Xi now seeks to build a digital Silk Road, overlaying China's internet ecosystem on top of Belt and Road.


The BeiDou Navigation Satellite System -- China's answer to GPS -- went global near the end of 2018, mainly in Belt and Road countries. Huawei Technologies is helping Cambodia and the Philippines with 5G mobile networks. China Telecom has installed a fiber-optic connection between China and Pakistan, while China Mobile has launched its first overseas data center in Singapore.


Alibaba is also powering a blockchain remittance service for Pakistanis living in Malaysia. JD.com is incorporating drones into logistics chains in Indonesia.


Many Belt and Road countries see significant advantages to working with China. Many Chinese companies, like Huawei, offer cheaper products than Western rivals, enabling countries to cut costs for digital infrastructure.


"Some governments are also interested in stability for their regimes through Chinese-style censorship of public opinion," a telecommunications executive said.


The Xi leadership is redoubling efforts to push Chinese corporate interests through Belt and Road as the conflict with the U.S. drags on. With the rift in the high-tech sector in particular expected to continue, Xi sees the initiative as a way to leverage China's influence over a broader area.


These developments are altering American companies' strategies. In previous years, the World Internet Conference drew CEOs from Apple, Google and Qualcomm as speakers. This time, Western Digital CEO Stephen Milligan was the only top executive from an American technology company to speak.


But China, with more than 800 million internet users, is too big a market to ignore. Qualcomm and Microsoft opted to send lower-ranking executives to speak at the 2019 conference as they sought to strike a balance between Beijing and Washington.

Link to post
Share on other sites
11 hours ago, Hua Guofang said:

Facial recognition camera helmet. Lens is apparently in the crest, this guy is posted at the top of a subway escalator in Shanghai.




Minority Report. 

People are idiots. Always have to learn shit the hard way. 

Link to post
Share on other sites
4 hours ago, KILZ FILLZ said:

We have that at our airports in the US

So does Heathrow, Mascot and a bunch of other international airports. Whilst bio recognition will always make me nervous, I can understand why a nation would want to protect its borders. I can also why a state would also want to protect its citizens, as that's part of the social contract. However, deploying tech like this internally, like the CCP has, is a massive step too far for me. Not only is the CCP power crazy and their #1 goal is the Party interest, not the national interest, but it is placing too much power in the hands of the state and social control will always be a tool available to political actors and extreme elements in the national security community. At least in our countries, we can have free and open discussions about what we think of this kind of tech and stand in elections on a platfrom to tear it all down (theoretically at least, I know others here will have differing opinions on the finer points). But in China, they simply have these things foisted upon them by a state who's primary goal is their own survival and the collection of power to increase its position vis-a-vis its own citizens.

Link to post
Share on other sites
  • 2 weeks later...

I never really thought EMP's would be much of a threat in comparison to all the dumb things and natural events that could cripple a modern society but now wondering if we'll see something like that begin gaining credence in terms of both foreign and even domestic terrorism?

  • Truth 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...