OpenCharities

This text was generated using OCR and may contain errors. Check the original PDF to see the document submitted to the regulator.

2023-01-31-accounts

Company number: 4354366 Charity number: 1147471

Privacy International

Report and financial statements For the year ended 31 January 2023

Privacy International

Contents

For the year ended 31 January 2023

Reference and administrative information ...................................................................................... 1 Trustees’ annual report .................................................................................................................. 2 Independent auditor’s report ....................................................................................................... 21 Statement of financial activities (incorporating an income and expenditure account) ................... 26 Balance sheet ............................................................................................................................... 27 Statement of cash flows ................................................................................................................ 28 Notes to the financial statements ................................................................................................. 29

Privacy International

Reference and administrative information

For the year ended 31 January 2023

Company number 4354366 Country of incorporation United Kingdom Charity number 1147471 Country of registration England & Wales

Registered office and operational address 62 Britton Street, London, EC1M 5UY

Trustees Trustees, who are also directors under company law, who served during the year and up to the date of this report were as follows:

Eve Salomon Resigned 30 June 2022 Peter Noorlander Resigned 30 June 2022 Benjamin Elihu Wizner Susan Gardner Holly Marie Ruthrauff Stephen Josef Tibbett Antonio Michaelides Ahana Datta Werbayne Ruthven McIntyre Resigned 17 July 2023 Joshua Castellino Amanda Borton Bankers Barclays Bank 1 Churchill Place London E14 5HP Solicitors Covington & Burling 22 Bishopsgate London EC2N 4BQ Auditor Sayer Vincent LLP Chartered Accountants and Statutory Auditor Invicta House 108-114 Golden Lane LONDON EC1Y 0TL

1

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

The trustees present their report and the audited financial statements for the year ended 31 January 2023.

Reference and administrative information set out on page 1 forms part of this report. The financial statements comply with current statutory requirements, the memorandum and articles of association, the requirements of a directors’ report as required under company law, and the Statement of Recommended Practice - Accounting and Reporting by Charities: SORP applicable to charities preparing their accounts in accordance with FRS 102.

Objectives and activities

Purposes and aims

Privacy International's objects are to promote privacy as a human right (as set out in the Universal Declaration of Human Rights) throughout the world, specifically:

d) To monitor the nature, effectiveness and extent of measures to protect privacy, and to seek ways through information technology to protect personal information.

Mission

We campaign for legal and technological solutions to protect people and their data from exploitation. We expose harm and abuses, mobilise allies globally, campaign with the public for solutions, and pressure companies and governments to change.

Vision

Freedom and privacy will be the foundations of tomorrow’s societies. People are enabled by technology to explore their identities, speak their minds, and live with dignity. They will be free from exploitation and in control of their lives.

Governance of Privacy International (PI)’s activities

Privacy International’s trustees review the aims, objectives and activities of the charity each year. This review also looks at what the charity has achieved and the outcomes of its work in the reporting period. The review also helps the trustees ensure the charity's aims, objectives and activities remained focused on its stated purposes.

The trustees have referred to the guidance contained in the Charity Commission's general guidance on public benefit when reviewing the charity's aims and objectives and in planning its future activities. In particular, the trustees consider how planned activities will contribute to the aims and objectives that have been set.

2

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Privacy International sets multi-year strategies that the Trustees expect the organisation to deliver upon. Through annual planning of projects that contribute towards multi-year outcomes, the Trustees are able to monitor PI’s delivery of its strategic priorities.

PI’s strategy for 2019-2022 came to an end at the end of FY2022. The priority for this strategy was for PI to become more resilient and impact-oriented in pressing domains across the world. Those domains were identified as i) elections and civic spaces, ii) economic and social rights, iii) government exploitation of systems and data, and iv) corporate exploitation of people’s data. The new strategy and strategic plan for 2023-2026 was approved by the Board of Trustees in September 2022 and December 2022 respectively. The new strategy states that we must build a sustainable PI that is capable of creating meaningful system change, genuinely engaging and protecting people, and openly amplifying and scaling impact; by staff who are supported to learn and grow to become effective advocates.

Every December PI establishes an annual plan that prescribes how we will organise our work to achieve change. By March every year we establish indicators for monitoring whether we are achieving results in accordance with our Monitoring & Evaluation framework. These indicators are reviewed at every Trustee meeting, alongside the organisation’s risk matrix.

In setting the annual workplan, the Board of Trustees have regard to both the Charity Commission's guidance on public benefit, and the promotion of human rights for the public benefit. The Trustees confirm that they have complied with section 17 of the Charities Act 2011 and are satisfied that the aims and objects of the charity, and the activities reported on to achieve those aims, meet these principles.

What Privacy International worked toward in FY2022– our strategic programmes

PI’s Defending of Democracy and Dissent programme investigates the role technology plays in facilitating and/or hindering everyone’s participation in civic society. We advocate for limits on data exploitation throughout the election cycle. We challenge the ability of police forces and intelligence agencies to monitor people in increasingly intrusive ways. Ultimately, we fight to preserve the privacy, dignity, and autonomy of individuals so that they can exercise and defend their own rights and freedoms.

In FY2022 we focused on:

Protecting The Election Cycle

Resisting Civic Dystopias

3

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Protecting Civic Spaces, opposing mass surveillance

Our Safeguarding People’s Dignity programme explores how access to services with governments and industry are increasingly dependent on us providing more and more data about ourselves. This puts people and communities who are inherently disadvantaged within our socioeconomic and political ecosystems at risk. We believe that innovative solutions can be designed to empower and serve individuals and communities, rather than entrenching state and corporate power.

In FY2022 we focused on:

Challenging and holding to account proponents of Digital ID

Our Government Exploitation programme challenges how unprecedented surveillance capabilities of governments outstrip the safeguards for our rights. We are exposing, advocating, and litigating for stronger protections. We are shining a light on the surveillance trade, exposing the companies, the buyers, and the impacts on human rights. We advocate for good practices and strong laws that protect human rights worldwide.

In FY2022 we focused on:

Drivers of surveillance

4

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Securing our Digital Life

PI’s Corporate Exploitation programme challenges how companies are innovating on surveillance capitalism, reducing people to data for exploitation. At PI, we are investigating how our data is generated and exploited, engaging the public through awareness-raising campaigns, and exploring the necessary legal and technological frameworks to protect against data exploitation.

In FY2022 we focused on:

AdTech

Working for the algorithm

Our Network and Change

In 2022, PI provided direct support to 18 partner organisations from 13 countries, to deepen their privacy-related work and enable them to effectively challenge governments and companies involved in abusing people’s data. As a result, partners in our Network have a greater capacity to achieve specific outcomes at the national level.

We strengthened their organisational capacities and the Network’s collective approach to advocacy and campaigning, as well as communicating results and impact. We further explored work with organisations in new geographic areas (with a focus on Eurasia) and areas where the Network could use more diversity and reach.

5

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Beneficiaries of our services

Changes in practices and policies by governments and companies as a result of our work have benefited people globally, including as national publics and consumers. Direct beneficiaries of our work are i) the general public across the world through our advocacy, public engagement, and educational work, and ii) public interest civil society organisations across the world through our capacity-building and support.

To ensure that we are achieving change that helps our beneficiaries, we track our activities through to results. Our activities include uncovering technological risks, leading global campaigns, intervening in courts, and motivating regulatory reform to prevent misuse of technology and consequent abuses. Through extensive outreach and media engagement, we ensure our work reaches expanded audiences across the world. These activities create pressure on governments and companies to improve their safeguards for people’s benefit.

Core PI values include being good partner and leading by example. We believe a capable and informed global civil society is a core safeguard against transgressions by governments and companies. PI continuously develops partners’ capacity to research, communicate and advocate on the privacy-related issues, and improve their expertise in Monitoring and Evaluation, policy and advocacy, external communication, risk modelling, and technical research.

Achievements and performance

The charity's charitable activities focus on achieving change by strategically targeting our tech, legal and policy advocacy at governments and companies who are vying for power to determine the future to their advantage and to the detriment of people’s privacy. We track results on an annual basis; knowing that impact often takes longer.

Results and Impact in 2022

We leverage systemic pressure points

By informing how democratic, regulatory, and judicial institutions carry out their duties, we can enhance the protection of privacy. We define a result as a specific instance when we our advocacy is heard by key institutions. We define impact as when these institutions use their powers to advance the protection of privacy.

Related Results

6

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Related Impact stories

Current draft of the pandemic treaty includes clear data protection principles.

International entities proposed a treaty “WHO Convention, Agreement or Other International Instrument on Pandemic Prevention, Preparedness and Response” (WHO CA+) that might give to World Health Organisation a regulatory power to enact international health policies. As a result of PI’s advocacy, the zero draft of the convention include a stand-alone article on confidentiality/data protection we advocated for. The article clearly articulates that “any exchange of data or information by the Parties pursuant to the WHO CA+ shall respect the right to privacy”.

Regulators in France, Italy, Greece, and the UK fined and restricted leading AI facial recognition provider.

In partnership with organisations from Austria, Greece, and Italy, we filed complaints against Clearview AI with national data protection regulators. After provisional decisions announced in 2021, in 2022 regulators imposed significant fines and ordered the company to delete and stop collecting and processing people’s data. Specifically: the UK ICO issued its final decision, imposing a fine of £7,552,800 on the company and ordering it to delete and stop further processing of UK residents’ data; Italy’s Garante also found Clearview’s data processing illegal, and imposed a €20 million (the maximum fine amount under the EU GDPR) fine on the company; Greece’s Hellenic data protection authority also fined the company €20 million, and ordered it to delete and stop collecting data of data subjects located in Greece; France’s CNIL fined the company €20 million as it had failed to comply with a prior order.

Formal recognition of the Europe Union’s failure to protect human rights while providing surveillance aid to African countries.

Following our complaint, the European Ombudsman concluded that the European Commission failed to take necessary measures to ensure the protection of human rights in the transfers of technology with potential surveillance capacity supported by its multi-billion Emergency Trust Fund for Africa (EUTF). The Ombudsman recommended that “EUTF projects, both in Africa and elsewhere, should require an assessment of the potential human rights impact of projects” with “corresponding mitigation measures”. This decision sets up new human rights standards for EU programmes that might undermine people’s rights and freedoms. The European Ombudsman further has launched new investigations into the European Border and Coast Guard Agency (Frontex) and the European External Action Service (EEAS), the EU’s diplomatic agency.

7

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

UK High Court ruled that seizing mobile phones from asylum seekers was unlawful.

Early in 2022, PI intervened in a case against mobile phone seizures and data extraction applied to asylum seekers arriving by small boats in the UK. On 25 March 2022, the High Court ruled that the UK Home Office blanket policy of seizing mobile phones from asylum seekers was unlawful, and found that migrants shouldn’t have been compelled to provide their passcodes that protect access to the phones. On 14 October 2022, the UK High Court ruled on the Government breaching a duty of candour in the case by denying the existence of a blanket policy to seize migrant’s mobile phones. The court ordered the UK Home Office to provide remedy to the thousands of migrants affected by its unlawful policy and practice of seizing mobile phones from people arriving by small boats to UK.

The European Court of Human Rights confirmed that bulk interception violates fundamental rights. On 10 March 2022, the European Court of Human Rights issued a decision, in relation to HRW and Ball case. This was a result of our campaign, and was a case we supported. The decision confirmed the UK government’s admission that its bulk interception regime was not compliant with Article 8 (right to privacy) and Article 10 (freedom of expression) of the European Convention on Human Rights, with regard to the treatment of confidential journalistic material. The UK government acknowledged that parts of its historic mass investigatory powers regime violated these human rights. The government also agreed to pay compensation to the applicants.

Tribunal condemned long-term rule breaking by UK intelligence agency.

Privacy International and Liberty won a landmark case against the unlawful handling of millions of people’s data by the UK’s Security Service (MI5). The Investigatory Powers Tribunal found that MI5 unlawfully held large amounts of data because of the lack of the necessary safeguards over retention, review and deletion, as imposed by the law. This conduct, the Tribunal concluded, was tolerated by the Home Secretary who issued warrants unlawfully despite knowing about signs of MI5’s breaches.

Regulators forced de-merger in Big Tech.

The UK Competition and Markets Authority’s (CMA) confirmed its decision to order Meta to sell Giphy, citing concerns over users’ data. This resulted from the Competition Appeal Tribunal (CAT)'s judgment confirming that the completed merger between Meta and GIPHY will give rise to a substantial lessening of competition. PI intervened in both: the initial CMA investigation, and in the appeal before CAT. Both decisions reflected the position we advocated for in our interventions.

We change companies’ and governments’ behaviours

Through strategic advocacy that targets the specific behaviours of companies and governments that we believe threaten people’s privacy, we confront them with our specific demands. We define a result as when we are able to get stakeholders to make similar demands. We define impact as when the companies and governments change their behaviours in ways that we sought.

Related Results

8

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Related Impact stories

UN Security Council accepts language on human rights in counter-terrorism. The Delhi Declaration on countering the use of new and emerging technologies for terrorist purposes adopted by the UN Security Council Counter Terrorism Committee on 29 October 2022 contained some references to human rights issues we advocated for with the UN Security Council’s members and at the preparatory technical sessions and at the special session in New Delhi.

Diet app Noom we investigated changed its data sharing practices . Following our research, the popular diet app implemented a series of changes on their website and in their data sharing practices. One important change was that Noom introduced a cookie consent banner, and stopped sharing personal data with some of the identified third parties. Although we don’t have concrete proofs of causality, the fact that Noom adjusted problematic aspects flagged in our research, after publication and dissemination of the research about them, allows us to state the contribution to the produced change.

Google gave power to people to opt-out of weight-related apps.

Google added “weight loss” as a sensitive Ad category that users can opt-out of. The settings will apply on all Google services in Google’s Display network which includes more than 2 million

9

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

websites, videos, and apps. This was one of the main demands PI advocated for following our Diet Ads research and allows users to avoid being targeted with these types of advertisements.

Better regulation of Mobile Phone Extraction in the UK. The UK Government’s code of practice on Extraction of Information from electronic devices includes recommendations from our response to the consultation on the Code. The new Code of Practice makes clear that regardless of the purpose, there must be no presumption that information will be extracted from a device. Further, the code states that other less intrusive means of obtaining information must be considered. It also includes a set of additional documents to be provided in the written notice to the person who is the subject of extraction for increased transparency.

We engage to amplify change

Through strategic engagement with over 100 stakeholders across the world, including civil society organisations, development organisations, academics, journalists, and special rapporteurs, we expand the reach of our advocacy. We define a result as when another actor engages on our issues; and an impact is when coordinated action leads to a scalable result in the field (against a target, a system, or to assist affected people).

Related Results

10

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Related Impact stories

Data protection and privacy are recognised as part of the election observation process. Following PI’s collaboration with the Carter Center, data protection and privacy observations were officially integrated into the Carter Center’s Preliminary report on the Presidential elections in Kenya. PI joined the Carter Center in Kenya as part of a pre-election assessment team in July 2022 to identify and explore data protection issues around the elections. This was one of the first substantial analyses of data protection and privacy legislation and the use of technology in the Kenyan election.

PI’s contribution towards protection of elections was recognised by key players in the field . Following our work on protection against use of technology in the elections, PI was invited and attended the Declaration of Principles for International Election Observation Implementation Meeting held at the European Parliament in December 2022. PI was the only CSO not directly connected with the area invited to the meeting, where electoral observers from across the world and representatives of international organisations discussed the crucial role of election observation in defending democracy and best practices on elections observation. We presented our work as part of the panel “Implementing Observation Principles for Online Campaigns, Navigating Ongoing Threats, and Protecting Fundamental Freedoms”, presenting various aspects of our work including an overview of the Technology and Elections Checklist and overview of International Election Monitoring Standards. The panel was attended by 50 people from 15 international and regional electoral observation organisations. As a result, PI was approached by various participants expressing interest in our work and collaboration - for example, we were approached by the Election Observation and Democracy Support to organise a training for election observers.

We strengthen the field

The global protection of privacy relies on effective and sustained national, regional and international advocacy. We define a result as when there is recognition of the value of our capacitation and knowledge-sharing. An impact is defined as when the field is directly strengthened by PI and partners, seeding the grounds for future action and protection.

Related Results

11

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Related Impact stories

PI demands for human rights provisions are reflected in the UN cybercrime treaty. The UN started negotiations of the international Cybercrime Treaty – a comprehensive international convention on countering the use of information and communications technologies for criminal purposes. As many current cybercrime laws, policies and practices can undermine human rights, we’ve been actively advocating for appropriate human rights safeguards in the cybercrime regulations. As a result of our advocacy, the UN cybercrime treaty incorporates clear human rights provisions.

EU asks for sustainable security of mobile devices.

The European Commission’s proposal for the Cyber Resilience Act included a provision on 5-year support duration standard for support duration of devices. This largely reflects PI’s comments to the consultations and demands articulated during the meetings with the Commission officials emphasising the need for long term software support.

Financial review

Results for the year

The results of the period and financial position of the charity are shown in the annexed financial statements.

Expenditure for the year increased slightly to £2.1m (2021/2022: £1.9m) mostly as a result of changes to staff costs and a very slow return to more regular level of activities, as the organisation and its allies kept recovering and re-adjusting the intensity of work in the ongoing global health emergency.

12

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

The incoming resources for the year were £2.02m (2021/2022: £2.28m) – the income in 2022/2023 reflects ongoing multi-year grant agreements in support of the current organisational strategy (2018-2022).

The total funds of the charity at the end of the year were £2.8m. This included £481k in project and other restricted funds and £2.3m in unrestricted funds. The trustees have set aside £1.61m of unrestricted funds as designated funds for delivery of current strategic objectives, projects and activities. The Trustees expect this designated fund to be fully utilised by January 2024. There is also £34k of designated fixed assets funds. The remaining £694k are general funds held for operational working capital requirements to address financial risks surrounding income and expenditure in line with the reserves policy set out below.

Principal risks and uncertainties

Changes in funding environment and shifts due to ongoing multiple global crises and economic uncertainties have potentially positive and negative consequences for PI: while the funding space is shrinking, PI's relevance and expertise continues to be very valued by existing institutional funders. PI recognises the ongoing global crises could cause funders to divert funding to other causes, and we are monitoring these shifts closely. See risk statement below for further information.

Reserves policy and going concern

Taking into account the risks, funding sources, and complexity of Privacy International, the Board of Trustees has set a reserves policy for Privacy International aiming for unrestricted and undesignated reserves equivalent to 6 months’ running costs – resulting in a target of £750k (currently: £694k, constituting 5.2 months of operational costs, representing the amount of general reserves not designated or otherwise committed to activity expenditure in FY 2023/2024).

The Executive Director and Resources Director continue to work with the Board of Trustees to maintain a policy of increasing unrestricted reserves until they are built to a level that ensures that core activity could continue during a period of unforeseen financial difficulty.

After making appropriate enquiries, the Trustees have a reasonable expectation that the company has adequate resources to continue in operational existence for the foreseeable future. For this reason, they continue to adopt the going concern basis in preparing the financial statements.

Fundraising

PI is working hard to ensure that PI's work is independent, cutting-edge and can be sustained for years to come. As a result, PI's work is funded by a variety of different sources. We do not accept funding from corporations because we believe that it would jeopardise the independence of our activities. We do not work with specialist fundraising service providers and fundraising is conducted by PI staff to maintain our high standards. We have also developed a due diligence process to investigate suspect donations and deal with them accordingly.

13

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Main sources of funding for PI are multi-year grants (core support and project support alike) from a small number of big institutional donors. Public donations remain around 1% of overall annual income, which Privacy International continues to work to change with the goal of diversifying the funding to move away from high dependency on limited number of donors.

In our public fundraising we strive for the highest standards. We do not participate in fundraising and marketing tactics that we see as privacy intrusive, such as highly targeted behavioural advertising. Furthermore, we go beyond the minimum standards laid out in GDPR and have our supporter platform set up so supporters have control over their data, including being able to stop communications and withdraw consent whenever they want.

In 2022/2023 we did not receive any complaints.

The staff and Board of Trustees of Privacy International are extremely grateful to the following organisations for their support over the past year:

Ford Foundation Luminate Oak Foundation Open Society Foundations Paul Hamlyn Foundation Swedish International Development Cooperation Agency.

Volunteers and pro bono support

The Trustees also wish to record their appreciation to the many eminent lawyers who have contributed their expertise to our legal work. We hugely appreciate the support received from Blackstone Chambers, Brick Court Chambers, Garden Court Chambers, Doughty Street Chambers, Bhatt Murphy, Liberty, Hausfeld & Co LLP, Linklaters, Leigh Day, Covington & Burling LLP, independent counsel, and various university departments, law clinics and legal experts at the Harvard Law School Cyberlaw Clinic and the University of Buffalo Law School Clinic.

We also remain extremely grateful to Covington & Burling LLP for their continued support for Privacy International’s organisational development, including pro bono support for the further professionalization of our systems and processes for staffing and governance.

Plans for the future

2022 is the last year of PI’s current strategic plan. PI Board and staff spent 2022 developing a new multi-year strategy and strategic plan, which was reviewed and approved by the Board in December 2022.

The Strategy 2023-2026 recognises:

14

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

The new strategy states that we must build a sustainable PI that is capable of creating meaningful system change, genuinely engaging and protecting people, and openly amplifying and scaling impact; by staff who are supported to learn and grow to become effective advocates.

Structure, governance and management

The organisation is a charitable company limited by guarantee, incorporated on 16 January 2002 and registered as a charity on 26 May 2012.

The company was established under a memorandum of association which established the objects and powers of the charitable company and is governed under its articles of association.

All trustees give their time voluntarily and receive no benefits from the charity. Any expenses reclaimed from the charity are set out in note 6 to the accounts.

Privacy International’s governing body is the Board of Trustees, which meets up to five times a year. The primary responsibility of the Board is to provide strategic leadership by formulating and reviewing Privacy International's strategic aims in consultation with staff, setting overall policy, regularly evaluating the charity's performance and risk management, and ensuring compliance with UK law. The Board of Trustees delegates day-to-day management of the charity to the Executive Director.

Financial controls

Privacy International continues to strengthen its financial management systems. As the organisation grows, we work hard to ensure that PI is accountable to the public, our partners, and our funders.

All expenditure is carried out with reference to Privacy International’s multi-year strategic plan and annual workplan, as approved by the Board prior to the start of each fiscal year. Financial procedures have been developed to monitor and evaluate the charity’s finances, including quarterly management accounts, which are prepared for review by Trustees, prior to each meeting of the Board.

The Board is assisted in taking decisions relating to budgeting and forecasting by the Finance and Audit Committee, which consists of three Trustees including the Treasurer. The Committee is responsible for recommending finance management policy to the Board and ensuring that existing policies are implemented. The audit function of the Committee is to consider the adequacy of risk management, internal controls, and governance.

Risk statement

Privacy International takes the safety, security and wellbeing of its staff, consultants, partners and contracted sources and researchers very seriously and fully accepts our duty to provide a reasonable standard of care to those performing activities on our behalf. Our mission and operating locations inherently mean that our staff, consultants, partners, contracted sources and

15

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

researchers are exposed to safety and security risks. Our approach to managing risk is one of risk management rather than risk aversion; however, we do not seek to engage in high-risk activities.

PI reviews and updates its risk framework and risk register on a regular basis from which the Board considers the following risks with the greatest overall potential impact on PI as at the date of signing the Accounts.

  1. Ongoing multiple global crises might make PI’s work seem less relevant to stakeholders and beneficiaries.

This is not a period of institutional stability. Ensuring our work is relevant and effective amidst tumults was and continues to be essential, particularly as we develop and implement a new strategy. A badly designed strategy and poor planning mean PI could get distracted by other developments in the world and not deliver on the achievable strategy and meaningful change. We are already seeing a shift of focus for policy makers and funders to meet emerging challenges, fund specific urgent interventions and to ‘work with affected populations/communities’. With many new actors entering the sector, there is a risk that attention and resources move away from existing commitments and effective tactics. Whilst we do not want to undermine more pressing sectoral work by prioritising our own topics, we have to ensure our work is focused on our strategic aims, we remain relevant and our methodologies remain robust and impact driven. Finally, creating meaningful change in this environment is getting harder. Companies and government agencies are increasingly ignoring attempts to engage and we are worried that public pressure is insufficient. Our latest experiences seem to confirm that only substantially grounded legal tools and interventions appear to compel the desired changes of behaviours. This is

hazardous for future advocacy, as legal interventions, when possible, are resource intensive. Such interventions also require institutions such as regulatory and judicial bodies to exist, prioritise our concerns, and for rulings to be heeded.

What is PI doing about it?

The Executive Director, with the support of the strategy team, engages regularly with current PI funders to make sure they have in-depth understanding of and commitment to issues the sector is tackling and facing. PI also regularly reviews the strategic developments of current and potential funders and keeps exploring other funders in the domain.

An independent external evaluation in 2022 confirmed that our careful and flexible selection of achievable interventions are relevant and achieve impact. While this supports the continuation of this approach into our new strategic plan, more contextual analyses and systems-thinking will inform our future planning processes. We also continue to actively engage with donors on why PI’s careful methods and tactics are more effective at achieving results, rather than than ad hoc tactics used by others.

We continue to innovate and explore areas of work in pioneering ways in consultative manners. Our approach is to cooperate (not compete) with and support other actors. As we plan our interventions we consult beneficiaries and stakeholders to understand and incorporate their perspectives. We also constantly monitor how PI work responds to beneficiaries’ needs, meeting our commitments and progress towards agreed vision and change. The 2022 evaluation confirmed that we have a positive track record; we continue to learn how to do this meaningfully.

16

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

2. Adversarial action by state and other actors against civil society (PI and partners)

As a result of our work, or work of our partners in cooperation with us, another entity (state, corporate or other actors) could take legal action against PI, e.g. challenging claims we make in public statements. This could expose PI to significant litigation and financial costs (in forms of legal costs and potential damages). Not being able to protect the organisation’s reputation and integrity could cause loss of trust by the public, our supporters and funders and subsequent loss of significant resources.

The current climate against involving “foreign agents” in the US and other jurisdictions, creates onerous regulations for NGOs like PI who seek to do international work. The growing body of foreign agent and national security legislation makes working in certain environments more difficult and risky (US, UK, EU, Russia, China, Kenya, India, MENA/Gulf countries). Actions taken against PI’s partners can also have a significant negative impact on delivery of project activities and on meeting our commitments to beneficiaries and donors.

What is PI doing about it?

PI regularly reviews our internal processes in the form of consolidated guidance on research protocols, which are now deployed and staff instructed - the robust risk handbook and assessment is in place for all various stages of research process and project management. All staff also receive annual training in legal and research-related risks. As an organisation, we also assure legal capacity is available across organisation to assist with risk assessment on all projects, including pro-bono and paid for external legal counsel.

We also regularly monitor new and planned foreign agent laws and in-depth risk assessment is required prior to potential engagement in any country with such laws. PI’s partner organisations are also required to undergo a risk assessment and thorough due diligence process, to assess and assure their preparedness to undertaking activities in cooperation with PI.

3. Insufficiently diverse or unsustainable sources of funding

While cash-secure at the end of the fiscal year, PI remains highly reliant on limited number of funders - our most substantive long-term support comes from 2-3 institutional funders, and PI is vulnerable to their internal politics and strategic changes. The board recognised the lack of flexibility in funding might result in limited resources to respond to unexpected project developments and/or crisis situations. As mentioned above, the global situation continues to deteriorate and donors’ attention and their resources could be easily re-directed to other pressing topics and matters.

What is PI doing about it?

The Executive Director, with the support of the strategy team, engages regularly with current PI funders, not only as it relates to financial support but also to make sure they have in-depth understanding of and commitment to issues the sector is tackling and facing. PI also regularly reviews the strategic developments of current and potential funders and keeps exploring other funders in the domain. The executive team also provides regular updates to the Finance and Audit Committee and Board of Trustees, and invites them to engage with donors, where needed. We also continue to build infrastructure and processes to increase income from the public.

17

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

4. Organisational health and staff wellbeing in post global pandemic environment

We are transitioning to our new strategic plan in a climate of significant external pressures. Economic pressures are affecting staff negatively. This poses risks to staff’s health and wellbeing; and PI’s ability to deliver.

Maintaining staff morale remains challenging. Introducing new human resources procedures and testing new work practices in this environment was hard but necessary. 2022 was the first year where we tested full cycle of the new performance management system, which was aligned with the revised competencies framework.

What is PI doing about it?

PI believes that supporting mental health is integral to building a more resilient organisation. Staff who feel supported will in return contribute to a balanced and healthy workplace. Wellbeing management is an integral part of Privacy International’s global risk framework.

We conducted extensive consultations with staff throughout the year, particularly as we developed the new strategic plan.

In order to most effectively support our staff as we change to deliver the next strategic plan, we are updating our HR policies and expanding our wellbeing and training programmes to include:

We will be conducting an audit of our wellbeing programme in 2023 to update it to best sector standards.

We are keeping a close eye on increasing concerns around recessions globally and cost of living crises, and the board is regularly updated by the executive team on how to respond.

Risk management

Risk management is an essential part of the operations of Privacy International and a key responsibility of the Board, with a Risk Management Policy and framework in place. Trustees review the major risks to which the organisation is exposed, and the measures taken to mitigate them, at each of their meetings. The executive team reviews these risks regularly during the year and risks are identified and monitored for each area of operation as well as for significant new activities.

The risk register has been developed with reference to the UK Charity Commission and National Audit Office guidance and UK Charity Law and is regularly updated and comprehensively reviewed annually by the Board.

18

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

Whistle-Blowing

Privacy International is committed to maintaining the highest standards of integrity, honesty and professionalism in the workplace and to complying with its legal obligations. Whilst Privacy International makes every effort to ensure that its business is conducted according to these standards, employees may be aware of, or suspect, certain failings or wrongdoings within the organisation and they are encouraged to alert the organisation to such concerns so that they can be remedied. Information from concerned third parties is a very important element in detection, especially of corruption where formal controls can be made ineffective by collusion. The whistle-blowing policy was approved by the Board in 2017 and revised in late 2021 and applies to all employees, volunteers and contractors, both in the UK and overseas.

Appointment of trustees

At any one time the number of Trustees shall not be less than five, and no more than twelve. New Trustees are recruited through an open application process. Appointments are made not only on the basis of individual merit, but also taking into consideration the existing expertise and experience of the Trustees.

Trustee induction and training

New Trustees receive information on Privacy International's work, their duties as Trustees, and take part in induction meetings with the Executive Director and other members of the Privacy International staff.

Remuneration policy for key management personnel

The remuneration of staff is guided by PI’s Values and Competency Framework as set out in the organisational Staff Handbook, outlining roles and responsibilities, ensuring that each employee is rewarded in line with the level of their role and our overall remuneration structure. The remuneration of the Executive Director is decided by the Board of Trustees.

Statement of responsibilities of the trustees

The trustees (who are also directors of Privacy International for the purposes of company law) are responsible for preparing the trustees’ annual report and the financial statements in accordance with applicable law and United Kingdom Accounting Standards (United Kingdom Generally Accepted Accounting Practice).

Company law requires the trustees to prepare financial statements for each financial year which give a true and fair view of the state of affairs of the charitable company and of the incoming resources and application of resources, including the income and expenditure, of the charitable company for that period. In preparing these financial statements, the trustees are required to:

19

Privacy International

Trustees’ annual report

For the year ended 31 January 2023

The trustees are responsible for keeping adequate accounting records that disclose with reasonable accuracy at any time the financial position of the charitable company and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the charitable company and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities.

In so far as the trustees are aware:

The trustees are responsible for the maintenance and integrity of the corporate and financial information included on the charitable company's website. Legislation in the United Kingdom governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.

Members of the charity guarantee to contribute an amount not exceeding £1 to the assets of the charity in the event of winding up. The total number of such guarantees at 31 January 2023 was 11 (2021/2022: 11). The trustees are members of the charity but this entitles them only to voting rights. The trustees have no beneficial interest in the charity.

Auditor

Sayer Vincent LLP was re-appointed as the charitable company's auditor during the year and has expressed its willingness to continue in that capacity.

The trustees’ annual report has been approved by the trustees on 27 September 2023 and signed on their behalf by:

Joshua Castellino Chair of the Board

20

Independent auditor’s report to the members of

Privacy International

For the year ended 31 January 2023

Opinion

We have audited the financial statements of Privacy International (the ‘charitable company’) for the year ended 31 January 2023 which comprise the statement of financial activities, balance sheet, statement of cash flows and notes to the financial statements, including significant accounting policies. The financial reporting framework that has been applied in their preparation is applicable law and United Kingdom Accounting Standards, including FRS 102 The Financial Reporting Standard applicable in the UK and Republic of Ireland (United Kingdom Generally Accepted Accounting Practice).

In our opinion, the financial statements:

Basis for opinion

We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the charitable company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Conclusions relating to going concern

In auditing the financial statements, we have concluded that the trustees' use of the going concern basis of accounting in the preparation of the financial statements is appropriate.

Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on Privacy International's ability to continue as a going concern for a period of at least twelve months from when the financial statements are authorised for issue.

Our responsibilities and the responsibilities of the trustees with respect to going concern are described in the relevant sections of this report.

21

Independent auditor’s report to the members of

Privacy International

For the year ended 31 January 2023

Other Information

The other information comprises the information included in the trustees’ annual report, other than the financial statements and our auditor’s report thereon. The trustees are responsible for the other information contained within the annual report. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact.

We have nothing to report in this regard.

Opinions on other matters prescribed by the Companies Act 2006

In our opinion, based on the work undertaken in the course of the audit:

Matters on which we are required to report by exception

In the light of the knowledge and understanding of the charitable company and its environment obtained in the course of the audit, we have not identified material misstatements in the trustees’ annual report. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion:

22

Independent auditor’s report to the members of

Privacy International

For the year ended 31 January 2023

in preparing the trustees’ annual report and from the requirement to prepare a strategic report.

Responsibilities of trustees

As explained more fully in the statement of trustees’ responsibilities set out in the trustees’ annual report, the trustees (who are also the directors of the charitable company for the purposes of company law) are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the trustees determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the trustees are responsible for assessing the charitable company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the trustees either intend to liquidate the charitable company or to cease operations, or have no realistic alternative but to do so.

Auditor’s responsibilities for the audit of the financial statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud are set out below.

Capability of the audit in detecting irregularities

In identifying and assessing risks of material misstatement in respect of irregularities, including fraud and non-compliance with laws and regulations, our procedures included the following:

23

Independent auditor’s report to the members of

Privacy International

For the year ended 31 January 2023

Because of the inherent limitations of an audit, there is a risk that we will not detect all irregularities, including those leading to a material misstatement in the financial statements or non-compliance with regulation. This risk increases the more that compliance with a law or regulation is removed from the events and transactions reflected in the financial statements, as we will be less likely to become aware of instances of non-compliance. The risk is also greater regarding irregularities occurring due to fraud rather than error, as fraud involves intentional concealment, forgery, collusion, omission or misrepresentation.

A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report.

24

Independent auditor’s report to the members of

Privacy International

For the year ended 31 January 2023

Use of our report

This report is made solely to the charitable company's members as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the charitable company's members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the charitable company and the charitable company's members as a body, for our audit work, for this report, or for the opinions we have formed.

Noelia Serrano (Senior statutory auditor)

9 October 2023

for and on behalf of Sayer Vincent LLP, Statutory Auditor Invicta House, 108-114 Golden Lane, LONDON, EC1Y 0TL

25

Privacy International

Statement of financial activities (incorporating an income and expenditure account)

For the year ended 31 January 2023

Note
Income from:
2
3
5
14
Reconciliation of funds:
Total funds carried forward
Transfers between funds
Net movement in funds
Total funds brought forward
Net income / (expenditure) for the year
Charitable activities
Total expenditure
Donations and legacies
Charitable activities
Investments
Total income
Expenditure on:
Other income		 Unrestricted
£
27,755
1,361,570
20,242
1,156		 Restricted
£
-
605,029
-
-		 2023
Total
£
27,755
1,966,599
20,242
1,156		 Unrestricted
£
18,088
1,437,843
12,709
152		 Restricted
£
-
808,924
-
-		 2022
Total
£
18,088
2,246,767
12,709
152
1,410,723 605,029 2,015,752 1,468,791 808,924 2,277,715
1,334,892 766,153 2,101,045 1,377,034 526,744 1,903,778
1,334,892 766,153 2,101,045 1,377,034 526,744 1,903,778
75,831
831		 (161,124)
(831)		 (85,293)
-		 91,757
11,212		 282,180
(11,212)		 373,937
-
76,662
2,258,310		 (161,955)
643,033		 (85,293)
2,901,343		 102,969
2,155,341		 270,968
372,065		 373,937
2,527,406
2,334,972 481,078 2,816,050 2,258,310 643,033 2,901,343

All of the above results are derived from continuing activities. There were no other recognised gains or losses other than those stated above. Movements in funds are disclosed in Note 14a to the financial statements.

26

Privacy International

Balance sheet

Balance sheet
As at 31 January 2023 Company no. 4354366
Note
Fixed assets:
10
Current assets:
11
Liabilities:
12
14a
Unrestricted general funds
Restricted income funds
Unrestricted income funds:
Designated funds
Debtors
The funds of the charity:
Creditors: amounts falling due within one year
Net current assets
Total net assets

Cash at bank and in hand
Tangible assets
General funds
Total charity funds		 £
98,230
2,800,469		 2023
£
33,516		 £
60,740
2,881,825		 2022
£
55,868
33,516
2,782,534		 55,868
2,845,475
2,898,699
(116,165)		 2,942,565
(97,090)
1,640,722
694,250		 1,635,444
622,866
2,816,050 2,901,343
481,078
2,334,972		 643,033
2,258,310
2,816,050 2,901,343

Approved by the trustees on 27 September 2023 and signed on their behalf by

Professor Joshua Castellino Trustee

27

Privacy International

Statement of cash flows

For the year ended 31 January 2023

Cash flows from operating activities
(as per the statement of financial activities)
Depreciation charges
Dividends, interest and rent from investments
(Increase) in debtors
Increase in creditors
Cash at bank and in hand
Total cash and cash equivalents
Analysis of cash and cash equivalents and of net debt
Net income for the reporting period
Cash and cash equivalents at the end of the year
Change in cash and cash equivalents in the year
Cash and cash equivalents at the beginning of the year
Net cash (used in) investing activities
Cash flows from investing activities:
Dividends, interest and rents from investments
Purchase of fixed assets
Net cash provided by operating activities		 £
£
(85,293)
32,262
(1,156)
(37,490)
19,075
(72,602)
1,156
(9,910)
(8,754)
(81,356)
2,881,825
2,800,469
At 1 February
2022
Cash flows
£
£
2,881,825
(81,356)
2023		 £
£
(85,293)
32,262
(1,156)
(37,490)
19,075
(72,602)
1,156
(9,910)
(8,754)
(81,356)
2,881,825
2,800,469
At 1 February
2022
Cash flows
£
£
2,881,825
(81,356)
2023		 £
£
373,937
33,651
(152)
1,498
27,195
436,129
152
(11,161)
(11,009)
425,120
2,456,705
2,881,825
Other non-
cash changes
At 31 January
2023
£
£
-
2,800,469
2022		 £
£
373,937
33,651
(152)
1,498
27,195
436,129
152
(11,161)
(11,009)
425,120
2,456,705
2,881,825
Other non-
cash changes
At 31 January
2023
£
£
-
2,800,469
2022
(72,602)
(8,754)
(81,356)
2,881,825		 436,129
(11,009)
425,120
2,456,705
At 1 February
2022
£
2,881,825		 Other non-
cash changes
£
-
2,800,469 2,881,825

Cash flows
£
(81,356)		 At 31 January
2023
£
2,800,469
2,881,825 (81,356) - 2,800,469

28

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

Privacy International is a charitable company limited by guarantee and is incorporated in England & Wales. The registered office address and principal place of business is 62 Britton Street, London, EC1M 5UY.

The financial statements have been prepared in accordance with Accounting and Reporting by Charities: Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) - (Charities SORP FRS 102), The Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) and the Companies Act 2006/Charities Act 2011.

Assets and liabilities are initially recognised at historical cost or transaction value unless otherwise stated in the relevant accounting policy or note.

In applying the financial reporting framework, the trustees have made a number of subjective judgements, for example in respect of significant accounting estimates. Estimates and judgements are continually evaluated and are based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. The nature of the estimation means the actual outcomes could differ from those estimates. Any significant estimates and judgements affecting these financial statements are detailed within the relevant accounting policy below.

The charity meets the definition of a public benefit entity under FRS 102.

The charity's income is mainly derived from non self-generated sources, such as grants, service level agreements and other governmental or NGO sources. The trustees consider that there are no material uncertainties about the likelihood that this support will continue, and accordingly, the accounts have been prepared on a going concern basis.

e) Income

Income is recognised when the charity has entitlement to the funds, any performance conditions attached to the income have been met, it is probable that the income will be received and that the amount can be measured reliably.

Income from government and other grants, whether ‘capital’ grants or ‘revenue’ grants, is recognised when the charity has entitlement to the funds, any performance conditions attached to the grants have been met, it is probable that the income will be received and the amount can be measured reliably and is not deferred.

Donated professional services and donated facilities are recognised as income when the charity has control over the item or received the service, any conditions associated with the donation have been met, the receipt of economic benefit from the use by the charity of the item is probable and that economic benefit can be measured reliably. In accordance with the Charities SORP (FRS 102), volunteer time is not recognised so refer to the trustees’ annual report for more information about their contribution.

On receipt, donated gifts, professional services and donated facilities are recognised on the basis of the value of the gift to the charity which is the amount the charity would have been willing to pay to obtain services or facilities of equivalent economic benefit on the open market; a corresponding amount is then recognised in expenditure in the period of receipt.

29

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

Interest on funds held on deposit is included when receivable and the amount can be measured reliably by the charity; this is normally upon notification of the interest paid or payable by the bank.

Unrestricted funds are donations and other incoming resources received or generated for the charitable purposes.

Designated funds are unrestricted funds earmarked by the trustees for particular purposes.

Expenditure included in Raising Funds includes amounts incurred in obtaining grants and other donations.

Charitable expenditure includes those costs expended in fulfilling the charity's principal objects, as outlined in the Report of the Trustees. These include grants payable, governance costs and an apportionment of support costs.

Costs are allocated directly to projects where they can be identified as relating solely to that project. Other costs are allocated between the funds based on staff time spent on the fund activities or other appropriate criteria. Irrecoverable VAT is charged as a cost against the activity for which the expenditure was incurred.

Allocation of support costs

Support costs are allocated to the charity's charitable activities.

Governance costs are the costs associated with the governance arrangements of the charity. These costs are associated with constitutional and statutory requirements and include any costs associated with the strategic management of the charity’s activities.

30

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

j) Tangible fixed assets

Tangible fixed assets are stated at cost less depreciation. Depreciation is provided at the following annual rates in order to write off each asset over its estimated useful life.

Depreciation is provided at rates calculated to write down the cost of each asset to its estimated residual value over its expected useful life. The depreciation rates in use are as follows:

 Software 33% on cost  Computer equipment 50% on cost  Furniture & fixtures 25% on cost  Leasehold improvements 20% on cost

k) Debtors

Trade and other debtors are recognised at the settlement amount due after any trade discount offered. Prepayments are valued at the amount prepaid net of any trade discounts due.

l) Cash at bank and in hand

Cash at bank and cash in hand includes cash and short term highly liquid investments with a short maturity of three months or less from the date of acquisition or opening of the deposit or similar account.

m) Creditors and provisions

Creditors and provisions are recognised where the charity has a present obligation resulting from a past event that will probably result in the transfer of funds to a third party and the amount due to settle the obligation can be measured or estimated reliably. Creditors and provisions are normally recognised at their settlement amount after allowing for any trade discounts due.

n) Financial instruments

The charity only has financial assets and financial liabilities of a kind that qualify as basic financial instruments. Basic financial instruments are initially recognised at transaction value and subsequently measured at their settlement value.

o) Pensions

The charity operates defined contribution schemes which are administered by outside independent pensions providers. Contributions payable for the year are charged to the Statement of Financial Activities.

31

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

Grants
The Swedish International
Development Cooperation
Agency - Core support
The Swedish International
Development Cooperation
Agency - project grant
Ford Foundation BUILD
Paul Hamlyn Foundation
Luminate
Ford Foundation BUILD
Donated in-kind services
Ford Foundation
Foundation to Promote
Open Society -
Eurasia
Foundation to Promote
Open Society
Oak Foundation		 Unrestricted
£
-
263,412
870,831
211,037
16,290
-
-
-
-
-
-



 £
-
-
-
-
-
-
140,691
-
434,906
(28,568)
58,000
Restricted		 2023
Total
£
-
263,412
870,831
211,037
16,290
-
140,691
-
434,906
(28,568)
58,000		 Unrestricted
£
540,541
261,038
503,446
109,318
23,500
-
-
-
-
-
-		 £
-
787,862
2,245,108
-
-
153,328
72,879
37,347
-
487,370
58,000
Restricted		 2022
Total
£
540,541
1,048,900
2,748,554
109,318
23,500
153,328
72,879
37,347
-
487,370
58,000
1,361,570 605,029 1,966,599 1,437,843 3,841,894 5,279,737

32

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

3a Analysis of expenditure (current year)

Staff costs (Note 6)
Other staff related costs
Grants to partners (note 4)
Project expenses
Rent
Depreciation
Consultancy
Trustee expenses
Audit
(Gains) on foreign exchange
Office expenses
Legal and professional fees
Travel and accommodation
Translation
Other costs
Support costs
Governance costs
Total expenditure 2023
Total expenditure 2022		 Charitable
Activities
£
1,372,227
31,320
234,503
62,863
-
-
90,252
2,866
-
(65)
-
10,391
31,082
11,417
-
1,846,855
243,916
10,273
2,101,045
1,903,778		 Governance
costs
£
-
-
-
-
-
-
-
-
10,260
-
-
-
-
-
13
10,273
-
(10,273)
-
-		 Support
costs
£
-
-
-
-
83,397
33,411
9,073
-
-
-
99,703
16,290
-
-
2,043
243,916
(243,916)
-
-
-		 2023
Total
2022
Total
£
£
1,372,227
1,267,775
31,320
30,536
234,503
232,269
62,863
27,107
83,397
85,416
33,411
33,651
99,325
51,782
2,866
-
10,260
22,320
(65)
61
99,703
104,401
26,681
32,955
31,082
528
11,417
12,312
2,056
2,665
2,101,045
1,903,778
-
-
-
-
2,101,045
1,903,778

33

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

3b Analysis of expenditure (prior year)

Staff costs (Note 6)
Other staff related costs
Grants to partners (note 4)
Project expenses
Rent
Depreciation
Consultancy
Trustee expenses
Audit
(Gains) on foreign exchange
Office expenses
Legal and professional fees
Travel and accommodation
Translation
Other costs
Support costs
Governance costs
Total expenditure 2022
Total expenditure 2021		 Charitable
Activities
£
1,267,775
30,536
232,269
27,107
-
-
51,782
-
-
61
-
9,455
528
12,312
335
1,632,160
249,285
22,333
1,903,778
1,857,373		 Governance
costs
£
-
-
-
-
-
-
-
-
22,320
-
-
-
-
-
13
22,333
-
(22,333)
-
-		 Support
costs
£
-
-
-
-
85,416
33,651
-
-
-
-
104,401
23,500
-
-
2,317
249,285
(249,285)
-
-
-		 2022
Total
£
1,267,775
30,536
232,269
27,107
85,416
33,651
51,782
-
22,320
61
104,401
32,955
528
12,312
2,665
1,903,778
-
-
1,903,778		 2021
Total
£
1,140,978
14,110
345,598
37,405
85,346
35,871
50,501
8,181
13,380
-
97,240
11,924
6,094
7,488
3,257
1,857,373
-
-
1,857,373

34

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

4a Grant making to institutions

Foundaiton for Media Alternatives
ICJ Kenya
Internet Labs
Haki Na Sheria
At the end of the year
Unwanted Witness
Impetus
TEDIC
Asociación por los Derechos Civiles
Cost
The Centre for Internet and Society
Fundación Datos Protegidos
Derechos Digitales
Hermes Center for Transparency and Digital Human
Fundación Karisma
Defenders Coalition - Kenya
Social Media Exchange
Ipandetec
Corporación Centro De Estudios de Derecho, Justicia y Sociedad – Dejusticia
The Libertarian Research & Education Trust
Kenya Legal and Ethical issues network on HIV&AIDS
Other		 2023
£
19,000
15,923
-
10,000
4,000
13,369
11,140
9,999
45,105
-
9,000
1,000
31,526
10,000
-
-
17,216
10,000
5,000
22,225		 2022
£
12,900
18,572
14,980
7,000
-
11,992
-
8,111
-
9,050
-
1,208
17,772
15,000
5,274
11,784
19,776
12,500
19,465
46,885
234,503 232,269

Other grants include grants to partners below £5,000 in the year and also those organisations which need to remain anonymous due to sensitive nature of their work.

5 Net income / (expenditure) for the year

This is stated after charging / (crediting):

This is stated after charging / (crediting):
2023 2022
£ £
Depreciation 33,411 33,651
Auditor's remuneration (gross of VAT):
Audit 10,260 12,000
Other services - 10,320

35

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

6 Analysis of staff costs, trustee remuneration and expenses, and the cost of key management personnel

Staff costs were as follows:

Staff costs were as follows:
Salaries and wages
Social security costs
Employer’s contribution to defined contribution pension schemes		 2023
£
1,157,365
135,555
79,307		 2022
£
1,074,560
118,357
74,859
1,372,227 1,267,776

The following number of employees received employee benefits (excluding employer pension costs and employer's national insurance) during the year between:

2023 2022
No. No.
£60,000 - £69,999 1 -
£70,000 - £79,999 - -
£80,000 - £89,999 1 1

The charity considers its key management personnel to be the trustees and the executive director. The total employment benefits (including employer pension contributions) of the key management personnel were £91,285 (2022: £89,495).

No remuneration was paid to any trustee or their associates for services as a trustee during the year ended 31 January 2023 nor to 31 January 2022.

During the year the charity paid trustees' travel expenses £2,866: (2022: nil).

7 Staff numbers

The average number of employees (head count based on number of staff employed) during the year was 25

8 Related party transactions

There are no related party transactions to disclose for this financial year (2022: none).

9 Taxation

The company is a registered charity. Accordingly, it is exempt from taxation in respect of income and capital gains to the extent that these are applied to its charitable objects.

36

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

10 Tangible fixed assets

Tangible fixed assets
At the end of the year
Cost
Depreciation
At the start of the year
Additions in year
Disposals in year
At the start of the year
Charge for the year
At the start of the year
Eliminated on disposal
At the end of the year
Net book value
At the end of the year		 Leasehold
improvements
Software
£
£
107,315
3,645
-
-
-
-		 Computer
equipment
£
65,913
8,635
(1,149)
Furniture &
fixtures
£
21,273
2,423
-
Total
£
198,146
11,058
(1,149)
107,315
3,645		 73,399 23,696 208,055
66,139
3,645
21,464
-
-
-		 54,226
9,982
(1,149)		 18,267
1,965
-		 142,277
33,411
(1,149)
87,603
3,645		 63,059 20,232 174,539
19,712
-		 10,340 3,464 33,516
41,176
-		 11,687 3,006 55,868

All of the above assets are used for charitable purposes.

11 Debtors

11
Debtors
12
Credit cards
Accruals
Prepayments
Accrued income
Rent deposit
Payroll taxes
Creditors: amounts falling due within one year
Trade creditors		 2023
£
15,478
63,408
19,344		 2022
£
15,478
45,262
-
98,230 60,740
2023
£
13,444
3,767
29,861
69,093		 2022
£
10,433
2,573
31,046
53,038
116,165 97,090

37

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

13a Analysis of net assets between funds (current year)

Analysis of net assets between funds (current year)
Tangible fixed assets
Current liabilities
Current assets
Current assets
Net assets at 31 January 2023
Analysis of net assets between funds (prior year)
Tangible fixed assets
Current liabilities
Net assets at 31 January 2022		 General
unrestricted
£
-
694,250
-
Designated
£
33,516
1,723,371
(116,165)		 Restricted
£
-
481,078
-		 Total funds
£
33,516
2,898,699
(116,165)
694,250 1,640,722 481,078 2,816,050
General
unrestricted
£
-
622,866
-
Designated
£
55,868
1,676,666
(97,090)		 Restricted
£
-
643,033
-		 Total funds
£
55,868
2,942,565
(97,090)
622,866 1,635,444 643,033 2,901,343

13b Analysis of net assets between funds (prior year)

38

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

14a Movements in funds (current year)

Movements in funds (current year)
Total restricted funds
Total designated funds
General funds
The Swedish International
Development Cooperation Agency -
Project
Total funds
The Swedish International
Development Cooperation Agency -
Core support
Fixed asset fund
Foundation to Promote Open Society -
Eurasia
Luminate
Paul Hamlyn Foundation
Total unrestricted funds
Designated funds:
Unrestricted funds:
Ford Foundation BUILD
Restricted funds:
Ford Foundation
2024 Activity fund		 At 1 February
2022
Income &
gains
£
£
180,750
-
50,150
140,691
33,345
-
32,478
-
1,030
58,000
315,752
434,906
29,528
(28,568)
Expenditure
& losses
£
(166,245)
(95,252)
(33,476)
(32,461)
(58,680)
(380,024)
(15)
Transfers
£
-
-
131
(17)
-
-
(945)		 At 31
January
2023
£
14,505
95,589
-
-
350
370,634
-
643,033
605,029		 (766,153) (831) 481,078
1,579,576
-
55,868
-		 (1,317,650)
-		 1,345,280
(22,352)		 1,607,206
33,516
1,635,444
-		 (1,317,650) 1,322,928 1,640,722
622,866
1,410,723		 (17,242) (1,322,097) 694,250
2,258,310
1,410,723		 (1,334,892) 831 2,334,972
2,901,343
2,015,752		 (2,101,045) - 2,816,050

The narrative to explain the purpose of each fund is given at the foot of the note below.

39

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

14b Movements in funds (prior year)

Movements in funds (prior year)
Total restricted funds
Total designated funds
General funds
Ford Foundation
Total funds
Total unrestricted funds
Designated funds:
Fixed asset fund
Foundation to Promote Open Society -
Eurasia
Luminate
Paul Hamlyn Foundation
The Swedish International
Development Cooperation Agency -
project
Unrestricted funds:
The Swedish International
Development Cooperation Agency -
Core support
2024 Activitiy fund
Ford Foundation BUILD
Foundation to Promote Open Society
Restricted funds:		 At 31 January
2021
Income &
gains
£
£
236,067
153,328
-
72,879
9,574
-
-
37,347
45,417
-
-
58,000
-
487,370
81,007
-
Expenditure
& losses
£
(208,645)
(22,729)
1,638
(4,002)
(12,939)
(56,970)
(171,618)
(51,479)
Transfers
£
-
-
(11,212)
-
-
-
-
-		 At 31
January
2022
£
180,750
50,150
-
33,345
32,478
1,030
315,752
29,528
372,066
808,923		 (526,744) (11,212) 643,033
-
78,358
-		 - 1,579,576
(22,490)		 1,579,576
55,868
78,358
-		 - 1,557,086 1,635,444
2,076,983
1,468,791		 (1,377,034) (1,545,874) 622,866
2,155,341
1,468,791		 (1,377,034) 11,212 2,258,310
2,527,407
2,277,714		 (1,903,778) - 2,901,343

Purposes of restricted funds

Projects financed by restricted funds are supported by unrestricted funding where necessary. This occurs where the funding is in arrears or the incidence of expenditure on the project occurs disproportionately at the beginning of the project compared to the income flows. Where restricted projects end the year with a deficit, this is met by after year-end restricted income or transfers from unrestricted funds.

Ford Foundation

The Ford Foundation is a globally oriented private foundation with the mission of advancing human welfare. In late 2020 Privacy International received a 2 year-grant to support civil society in the Global South to investigate, advocate against and support civil society in understanding implications of developments around global and local responses to COVID-19, extended into late 2023. In October 2020 PI received a five-year general support grant, combined with targeted organizational strengthening through Ford Foundation BUILD program.

Foundation to Promote Open Society/OSF

The Open Society Foundations work to build vibrant and tolerant democracies whose governments are accountable to their citizens. The Foundations seek to shape public policies that assure greater fairness in political, legal, and economic systems and safeguard fundamental rights. In September 2021 PI received a grant to explore our engagement in new geographical areas, with specific focus on civil society in Eurasia region.

40

Privacy International

Notes to the financial statements

For the year ended 31 January 2023

Luminate

Established in 2018, Luminate is a global philanthropic organisation with the goal of empowering people and institutions to work together to build just and fair societies, delivering impact in four connected areas that underpin strong societies: Civic Empowerment, Data & Digital Rights, Financial Transparency, and Independent Media. Since mid-2013 the Omidyar Network and since 2019 Luminate (an offshoot of the Omidyar Network), have been supporting Privacy International in building organisational capacity to become more resilient and strong leader within civil society.

Paul Hamlyn Foundation

Paul Hamlyn Foundation's mission is to help people overcome disadvantage and lack of opportunity, so that they can realise their potential and enjoy fulfilling and creative lives. In February 2021 Pl received a 3-year grant to look into invasive data exploitation practices in immigration processes

The Swedish International Development Cooperation Agency/SIDA

The Swedish International Development Agency is supporting Pl in our collaboration with civil society actors in countries across east Africa, south and south-east Asia and South America. The 4-year project, which started in January 2017 and completed in April 2021, aimed to strengthen civil society's capacity to protect the right to privacy, while confronting data-driven transformations in power. In June 2021 PI received from SIDA grant to support PI's strategy through to January 2025.

Purposes of designated funds

Activity fund

The 2024 activity fund represents funds set aside by the trustees in the 2021/22 and 2022/2023 financial years for delivery of strategic objectives, projects and activities. The Trustees expect the fund to be fully utilised by January 2024.

Fixed Asset fund

The fixed asset fund represents the net book value of fixed assets at year-end as these are not freely available for the charity's use.

15 Operating lease commitments payable as a lessee

The charity's total future minimum lease payments under non-cancellable operating leases is as follows for each of the following periods:


each of the following periods:
Less than one year
One to five years
Over five years		 2023
2022
£
£
41,750
41,750
-
-
-
-
Property
41,750 41,750

16 Legal status of the charity

The charity is a company limited by guarantee and has no share capital. The guarantors liability in the event the company is wound up is restricted to a maximum of £1 each.

41