2024-01-31-accounts

This text was generated using OCR and may contain errors. Check the original PDF to see the document submitted to the regulator.

Company number: 4354366 Charity number: 1147471

Privacy International

Report and financial statements For the year ended 31 January 2024

Privacy International

For the year ended 31 January 2024

Reference and administrative information ...................................................................................... 1 Trustees’ annual report .................................................................................................................. 2 Independent auditor’s report ....................................................................................................... 21 Statement of financial activities (incorporating an income and expenditure account) ................... 24 Balance sheet ............................................................................................................................... 25 Statement of cash flows ................................................................................................................ 26 Notes to the financial statements ................................................................................................. 27

Privacy International

Reference and administrative information

For the year ended 31 January 2024

Company number 4354366 Country of incorporation United Kingdom Charity number 1147471 Country of registration England & Wales

Registered office and operational address 62 Britton Street, London, EC1M 5UY

Trustees Trustees, who are also directors under company law, who served during the year and up to the date of this report were as follows:

Benjamin Elihu Wizner Resigned 30 September 2023 Susan Gardner Resigned 30 September 2023 Holly Marie Ruthrauff Stephen Josef Tibbett Antonio Michaelides Ahana Datta Joshua Castellino Amanda Borton Mahdis Keshavarz Appointed 01 May 2024 Martin Georgi Appointed 01 May 2024 Bankers Barclays Bank 1 Churchill Place London E14 5HP Solicitors Covington & Burling 22 Bishopsgate London EC2N 4BQ Auditor Sayer Vincent LLP Chartered Accountants and Statutory Auditor 110 Golden Lane LONDON EC1Y 0TG

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

The trustees present their report and the audited financial statements for the year ended 31 January 2024.

Reference and administrative information set out on page 1 forms part of this report. The financial statements comply with current statutory requirements, the memorandum and articles of association, the requirements of a directors’ report as required under company law, and the Statement of Recommended Practice - Accounting and Reporting by Charities: SORP applicable to charities preparing their accounts in accordance with FRS 102.

Objectives and activities

Purposes and aims

Privacy International's objects are to promote privacy as a human right (as set out in the Universal Declaration of Human Rights) throughout the world, specifically:

a) To raise awareness of, to conduct research about, and to provide educational materials regarding threats to personal privacy;
b) To monitor and report on surveillance methods and tactics employed against individuals and groups;
c) To work at national and international levels towards the provision of strong and effective privacy protections;

d) To monitor the nature, effectiveness and extent of measures to protect privacy, and to seek ways through information technology to protect personal information.

Mission

We campaign for legal and technological solutions to protect people and their data from exploitation. We expose harm and abuses, mobilise allies globally, campaign with the public for solutions, and pressure companies and governments to change.

Vision

Freedom and privacy will be the foundations of tomorrow’s societies. People are enabled by technology to explore their identities, speak their minds, and live with dignity. They will be free from exploitation and in control of their lives.

Governance of Privacy International (PI)’s activities

Privacy International’s trustees review the aims, objectives and activities of the charity each year. This review also looks at what the charity has achieved and the outcomes of its work in the reporting period. The review also helps the trustees ensure the charity's aims, objectives and activities remained focused on its stated purposes.

The trustees have referred to the guidance contained in the Charity Commission's general guidance on public benefit when reviewing the charity's aims and objectives and in planning its future activities. In particular, the trustees consider how planned activities will contribute to the aims and objectives that have been set.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Privacy International sets multi-year strategies that the Trustees expect the organisation to deliver upon. Through annual planning of projects that contribute towards multi-year outcomes, the Trustees are able to monitor PI’s delivery of its strategic priorities.

PI’s strategy for 2023-2026 and the strategic plan was approved by the Board of Trustees in 2022. The strategy states that PI must build a sustainable PI that is capable of creating meaningful system change, genuinely engaging and protecting people, and openly amplifying and scaling impact; by staff who are supported to learn and grow to become effective advocates.

Every December PI establishes an annual plan that prescribes how we will organise our work to achieve change. By March every year we establish indicators for monitoring whether we are achieving results in accordance with our Monitoring & Evaluation framework. These indicators are reviewed at every Trustee meeting, alongside the organisation’s risk matrix.

In setting the annual workplan, the Board of Trustees have regard to both the Charity Commission's guidance on public benefit, and the promotion of human rights for the public benefit. The Trustees confirm that they have complied with section 17 of the Charities Act 2011 and are satisfied that the aims and objects of the charity, and the activities reported on to achieve those aims, meet these principles.

What Privacy International worked toward in FY2023 – PI’s strategic programmes

PI’s Defending of Democracy and Dissent programme investigates the role technology plays in facilitating and/or hindering everyone’s participation in civic society.

Our Safeguarding People’s Dignity programme explores how access to services with governments and industry are increasingly dependent on us providing more and more data about ourselves. This puts people and communities who are inherently disadvantaged within our socioeconomic and political ecosystems at risk.

Our State Accountability programme challenges how unprecedented surveillance capabilities of governments outstrip the safeguards for our rights.

PI’s Corporate programme challenges how companies are innovating on surveillance capitalism, reducing people to data for exploitation.

PI’s Organisational Development focus is put on exploring innovative methods of making the case for change and reaching audiences in ways that are relevant to them. PI will support and amplify the advocacy of partners across the world, and at global fora. PI explores new strategies in approaching our targets together. PI works to support staff by exploring effective learning & development programming, to prepare for future growth opportunities within and beyond PI.

Beneficiaries of our services

Changes in practices and policies by governments and companies as a result of our work have benefited people globally, including as national publics and consumers. Direct beneficiaries of our work are i) the general public across the world through our advocacy, public engagement, and

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

educational work, and ii) public interest civil society organisations across the world through our capacity-building and support.

Achievements and performance

The charity's charitable activities focus on achieving change by strategically targeting our tech, legal and policy advocacy at governments and companies who are vying for power to determine the future to their advantage and to the detriment of people’s privacy. We track results on an annual basis; knowing that impact often takes longer.

Results and Impact in 2023

At PI we believe HOW we work is as important as WHAT we do. PI’s achievements below are presented in accordance with PI’s organisational values.

We deliver on our promises. We work on until we achieve our strategic objectives, as stated above.
We work with others to better understand, to engage, to change minds (including our own), and to build a movement.
We lead by example , set high standards, and critically evaluate our work. This means also learning from our mistakes.
We are all responsible for building and maintaining a good and resilient PI and field.

We deliver: Strategic Results and Impact 2023

In 2023 PI was able to directly generate or significantly contribute to a series of landmark courts decisions, regulatory action and legislative developments aimed to create structural premises for ensuring better human rights protections for various categories of people.

Change through Courts and Regulators’ Decisions

United Kingdom accountable for its digital spying outside its borders

The European Court of Human Rights ruled in September 2023 on the case Guarnieri and Wielder v UK, that UK’s security and intelligence agencies breached the right to privacy of two individuals living outside the UK, through the UK’s mass surveillance practices. The judgment underscores that security and intelligence agencies must be held responsible for the effects of their actions in the UK no matter where their consequences are felt. The case was a result of PI’s 2015 campaign asking people to make applications to the UK’s Investigatory Powers Tribunal to investigate whether they had been subjected to unlawful surveillance measures by the UK’s intelligence agencies.

EU must protect human rights when transferring surveillance tech

The EU Ombudsman decided in December 2023 in PI’s favour against the European Border and Coast Guard Agency (Frontex) and the European External Action Service (EEAS) on the transfer of tech to non-EU countries. The decisions, arising from PI’s complaints, highlighted existing

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

shortcomings of the European Union agencies’ approach to human rights due diligence and articulated that transfer of surveillance capabilities to third countries needs to be subject of standalone human rights impact assessments.

Change through Policy developments

European Commission pushes industry to extend security support for tech

The European Commission published in August 2023 its Regulation for eco-design for smartphones and tablets, that included requirements for manufacturers, importers or authorised representatives to provide for at least 5 years of operating system updates (from the date of end of placement of the product on the market). This means that end-users will benefit from longer protections and functionality of their devices. This change in the regulation was PI’s specific demand and intensively promoted by PI through our Best Before Date advocacy and extensive engagement with the Commission.

EU offers more control of their devices to people

The final text of the EU Directive on empowering consumers for the green transition adopted in January 2024 reflected PI’s language and demands. In its current version, the Directive contains a strong transparency and other obligations for device manufacturers to ensure that users are empowered and that their devices remain secure.

Strengthened tools against consumer profiling

The European Commission adopted most of PI’s recommendations in relation to the template regulating the consumer profiling techniques under the Digital Markets Act. PI made a series of recommendations to strengthen the draft template during the consultation period opened by the EC. In the current version, the template provides clear, precise and detailed instructions on the information gatekeepers need to include in audited description of consumer profiling, to allow for the effective monitoring and assessment of gatekeepers’ practices and their compliance with the obligations under the DMA.

AI legislation contains some protections against use at borders and in immigration

The final proposal for the EU AI Act was approved in December 2023, and included some key protections against harmful uses of AI in immigration and border control. This was due to the advocacy from ProtectNotSurveil coalition, of which PI is a member. PI’s participation in the coalition involved co-drafting open civil society statements to negotiators, asking the governments of Belgium, France, Germany, Italy and Spain to push for safeguards in their negotiating positions, and providing evidence of potential harms resulting from a lack of safeguards, based on PI’s previous and current work.

Change through key stakeholder engagement

Informing the protection of elections

PI was invited to participate and present at the high-level Declaration of Principles meeting in Addis Ababa, following an invitation from the African Union. The meeting for the first time featured a session entirely dedicated to Data Protection and Electoral Integrity, out of a total of six sessions, ensuring its visibility to an international audience of key stakeholders and institutions.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

UN special mandate holder speaks out on spyware

A statement on the Development, Use, and Transfer of Commercial Spyware published by the UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism, raised significant concerns on the issue reflecting PI’s positions and input to the position paper published in May 2023 (where PI’s work was referenced).

UN special mandate holders speak out on UN travel surveillance programme

The UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism has published a report on the United Nations Countering Terrorist Travel Programme and the goTravel Software Solution, raising significant concerns in line with PI’s briefings and meetings with relevant UN staff in the last couple of years.

UN Human Rights Commissioner reports on border surveillance

The Office of the High Commissioner on Human Rights’ report “Digital Border Governance: A Human Rights Based Approach” published in September 2023, makes extensive references to PI’s work - including two references to PI’s campaign and complaints on continuous location tracking of migrants through ‘GPS tagging’, and a reference to PI’s broader work on the deployment of digital border technologies. PI had previously participated at the expert-meeting discussions of the report and provided input to earlier drafts.

UNICEF reports on protecting children from surveillance at protests

In August 2023, UNICEF published its report on ‘Free and safe to protect policing assemblies involving children’. PI was part of the expert group consulting on the report and its positions are reflected in the paper. PI’s contribution resulted in the report calling for higher standards for the use of facial recognition technology in protests.

UN Special mandate holder on right to health and right to privacy

UN Special Rapporteur on the right to health’s report on Digital innovations, technology and the right to health, presented to the 53rd HRC session integrated many of the issues outlined by PI and PI’s global partners. It referenced PI’s work and proposed recommendations reflecting PI’s demands. The Special Rapporteur dedicated a whole section of her report to the right to privacy and unprecedented risks faced as a result of digital health innovation and tech in addition to raising privacy concerns in other sections in particular in the section on sexual and reproductive health.

European Parliamentary scrutiny of spyware

The key European Parliament committee investigating spyware adopted its report and recommendation in May 2023, calling for strong safeguards against the EU use and export of spyware. The report included PI’s language, positions, and referenced our research including on government hacking, encryption, vulnerability handling and disclosure procedures.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Delivering change by Targeting adversaries

Amazon and iRobot forced to terminate their merger

On 29 January 2024 Amazon and iRobot announced that they have entered into a mutual agreement to terminate their previously announced acquisition agreement. The decision came after European Commission’s initiated Phase II in-depth investigation and published its Statement of Objections pointing to potential harms of the merger onto competitors and consumers. PI contributed to this result by making submissions to the European Commission’s investigation into the merger (as well as to the UK competition regulator); PI was invited to obtain a third person interest status in the review of the merger by the Commission. This invitation was the only time a non-consumer rights group was granted third person status in merger review proceedings by the Commission.

French Data Protection regulator (CNIL) fined Doctissimo

Following PI’s complaint from 2020, in May 2023, CNIL fined French health website doctissimo.fr (Doctissimo) €380,000 euro. The regulator found that Doctissimo failed to comply with obligations under the GDPR and French Data Protection Act mentioning the following infringements: (1) failure to store data for no longer than is necessary; (2) failure to obtain consent from individuals to collect their health data; (3) failure to provide a formal legal framework for the processing operation; (4) failure to ensure the security of personal data and (5) failure to comply with obligations related to the use of cookies. As a result, the company has taken measures to remedy the infringements.

French Data Protection regulator (CNIL) fined AdTech company Criteo

As a result of PI’s complaint from 2018 and further investigations conducted by CNIL, in June 2023, the regulator fined French AdTech company, Criteo, €40 million for failing to ensure that people had provided their consent to processing of their data, failing to sufficiently inform them and to enable them to exercise their rights. The decision was submitted and approved by all the other 29 European supervisory authorities interested in the case.

... that result then informed a court’s decision against Criteo

After the French Data Protection regulator’s (CNIL) decision to fine Criteo for their abusive data collection practices, in October 2023 the Amsterdam District Court contended that Criteo did not obtain a ‘valid consent for the placement of cookies’, which made their placement illegal. The court recognised the CNIL’s decision (which resulted from our complaint), holding that Criteo must provide a complete overview of the third parties with whom data has been shared.

Delivering change by Enabling scalable action

Joint regulatory action against Clearview generated impact in 5 countries

Joint regulatory action in 5 countries (the UK, France, Greece, Italy and Austria) against Clearview AI, a facial recognition tech firm, which was collecting people’s data from internet. Regulators from all countries issued decisions against Clearview’s activity, and most issued fines amounting to over 50 million euros. Coordinated action with other civil society organisations with similar positions and demands resulted in a cascade of regulators’ decisions for 3 years in a row.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Joint, beneficiary-led campaign against company involved in migrants’ surveillance

Together with two migrants’ rights organisations, Bail for Immigration Detainees and Migrants Organise, PI campaigned against Capita’s involvement in the UK’s GPS tagging of migrants. The campaign aimed to pressure Capita’s shareholders to consider the human rights implications of the GPS tagging contract with the UK Government. PI’s demands have been supported by over 200 people who sent a letter to Capita following our public action. The campaign also generated attention and support from the many other non-governmental organisations from the migrants’ rights sector, and generated media attention to the issue.

Inviting people to raise awareness together on facial recognition

In the context of dramatic rise of facial recognition technology in public spaces in the United Kingdom, PI launched The End of Privacy in Public campaign, asking members of the public to ask their representatives in Parliament if facial recognition cameras are being deployed in their local areas. At the moment of writing, dozens of people joined the campaign and messaged their Members of Parliament.

Engaging CSO leaders in other domains to consider their risks

PI’s guide for climate activists on how to avoid social media monitoring inspired Greenpeace to organise an internal round-table and review their internal policies. PI was invited and took part in the internal discussions contributing to improvement of Greenpeace’s policies.

Delivering change through Fieldbuilding

PI works to build a capable and sustainable civil society that defends privacy globally.

This often means working to support others’ visibility, building infrastructure for sustainable advocacy including positions and materials, and helping others to build.

Change through Enabling partners and allies

PI continuously supports partners’ research, capacity building and international advocacy initiatives. This requires deep collaboration, including at the strategic levels when our strategic projects work with partners. Coordinating timelines, objectives and results requires care.

Below are some examples of support where PI increases the capacity and visibility of partners:

InternetLab, with financial and technical support from PI conducted research on surveillance technology in education. After its publication, academics in the state of Paraná in Brazil requested their support around research they have done on Facial Recognition Technology in schools in the state.
PI provided support to our partner Karisma’s submissions to the Colombia Universal Periodic Review (UPR), and supported another Colombian partner Dejusticia in their response to the UN Special Rapporteur on migration on regularisation.
PI supported our Mexican partner R3D on their UPR submission on Mexico.
PI is part of the new Digital Health and Rights Project Consortium, bringing together social scientists, human rights lawyers, health advocates, and networks of people living with HIV, to conduct research and advocate for rights-based digital governance in Colombia, Ghana,

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Kenya, Vietnam, and globally. PI has been informing the project’s global advocacy strategy through capacity building sessions, the digital empowerment strategy, and its participatory action research which will see the involvement of affected communities in particular young people in their diversity. In addition, PI has been supporting and sharing experiences on risk management, grant management and monitoring & evaluation.

Change through Educating others

In 2023 PI updated and added more to our range of educational materials, including a series of guides on how to protect from online tracking providing concrete steps to increase protection on social media, messengers and browsers; our ‘Free to Protest guides’ revealing a wide range of surveillance tools used to identify and track protesters; a guide for climate activists on social media monitoring. The guides have been adapted and used by the general public, partner organisations, activists and others (including Greenpeace, America Bar Association, the International Detention Coalition, STOPAIDS):

The American Bar Association Rule of Law Division reached out to PI requesting translation (in Bahasa, Thai, Vietnamese, Mandarin languages) of three of PI’s educational videos to be included in their legal training syllabuses within different countries around Asia. For instance, the ABA used PI’s resources in an online event/training on the right to privacy for approximately 400 participants, mainly lawyers, from Indonesia, Malaysia, the Philippines, Thailand and Vietnam. Trainers showed PI’s videos and flagged PI’s work.
The European Agency for Safety at Health at Work included our Managed by Bots research in their Campaign toolkit. This shows recognition of PI’s positions and research, opening potential for scaling-up of our work.
PI supported the Digital Rights Foundation in organising of an introductory workshop on the Free to Protest Guide Pakistan for local activists. It was attended by people from the transgender community, religious minorities community, student rights’ groups and feminist activists.

Delivering on Protecting affected populations

PI must understand, respond and align itself with the realities and needs of the people whose lives and future we are aiming to make better. Doing this work requires great care to not deprioritise people’s issues, nor steal attention, nor expose them to additional risks.

PI’s work on border and immigration surveillance has focused on migrants and specifically in the 2022 and 2023 projects those who are targeted with surveillance techniques in the UK, in particular asylum seekers and foreign nationals subject to deportation. This work was informed by feedback from migrants who were subjected to GPS tagging, and PI included some of the affected people in planning meetings and decision making.
PI’s work on health originally foregrounded people who were unable to access technologies, or people seeking abortion-related healthcare information; now PI is also working with a consortium of partners working with people living with HIV and other key populations – predominantly in Kenya, Ghana, Colombia and Vietnam.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

PI also made progress towards having a clearer understanding of the ways the digitisation of public services is having on persons with disabilities. Through this work PI actively consulted and engaged with international organisations of people with disabilities: held meetings with the African Disability Forum and Christian Blind Mission representatives to scope the potential for carrying out work and started to identify opportunities collaboration including trainings to raise awareness amongst other similar organisations and joint areas of concern for further advocacy.

We lead by example: Learning and Reflections

PI learns continuously from interventions, ascertaining where it’s falling short of expectations, how to better ensure the relevance of work, and how it can be more effective. PI is also looking around to see what contributes to change, what does not, and what can be done differently.

First, we have been slow at external engagement on 2023’s top emerging issues, being ‘war’ and ‘AI’. This may temporarily reduce our profile as public audiences and key institutions focus attention on specific instances each (i.e. Gaza, Ukraine, ChatGPT).

Second, we’ve struggled to kickstart capacity-building within PI. Our strategic plan’s three new internal capacity-building initiatives included: digital communications (which platforms and why and how?), education (for who and for what and how?), research (which methods and tools, why, and when?). They had to develop from scratch but did so more slowly than we had hoped. This began to improve in FY2024.

Third, the uncertainty within the funding community is destabilising for the sector, even though PI is coping well for now. Our partners’ sustainability will be further challenged.

Together these factors could lead to a world with many organisations vying for attention for survival. We are concerned that PI’s approach of deliberate intervention and field-building will not be as attractive in a future with fewer resources, ‘new’ pressing issues and crises. Over-reacting to this challenge could also exhaust us.

We predicted these challenges. For instance, our strategy states already that PI does not intend to grow. We also focused 2023 on redeveloping our partnership strategy so we could sustainably support and build the field even as funders may depart. And in 2024 we’re developing and deploying a new comms strategy.

We work with others: Our Network and Change

PI convenes a network of organisations from across the world, primarily in eastern Africa, Latin America, and South and South-east Asia. Following the launch of our new strategic plan, we consulted extensively with our partners to develop a Partnership Strategy.

To date, our dominant mode of working with partners was around deep interaction on agreed advocacy objectives. In the new partnership strategy, with partners we identified new forms of collaborations including more flexible partnerships (e.g. multi-year) with a wider array of results (e.g. partner organisational strengthening).

Consequently, in 2023 and 2024 PI re-initiated relationships under the new Partnership Strategy, experimenting with new modes of partnerships (field building and organisational strengthening) and continued to support partners in the form of regranting (to 12 partners in 10 countries).

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

We build: Core and Internal developments

Launch and implementation of new strategy

In February 2023, PI launched a new strategic plan for 2023-2026, continuing work in the existing 4 strategic priority areas (as above), but now with each of them involving 3 multi-year interventions. In addition, PI identified a series of areas for internal development.

Launching the plan meant PI had to reorganise and build new frameworks for delivering on the new strategic plan. This was made possible by the considerable organisational building undertake in 2021-2022, particularly on Human Resources Strategy.

Further Human Resources development

The new strategic plan prioritises the growth and development of staff, with specific outcomes and results. This is more than just budgeting for educational development at sector standards but also links their annual performance objectives directly to learning objectives. As a result, the actual use of PI’s learning budget has grown significantly.

The Board of Trustees PI also regularly evaluates the remuneration procedure. This is to ensure that PI is providing fair and sustainable salaries, though regularly reviewing annual salaries and also revising our approach to matching pension contributions.

To ensure that PI continues to promote a good working environment, in 2023 PI undertook an extensive exercise on psychological safety: staff were deeply involved in developing a new series of agreements around providing psychological safety for each other. PI also undertook external audit of our wellbeing programme, and developed and finalised a new staff handbook, to bring these to the highest sector standards.

Financial review

Results for the year

The results of the period and financial position of the charity are shown in the annexed financial statements.

Expenditure for the year decreased slightly to £2.07m (2022/2023: £2.1m) mostly as a result of changes to staff costs and a very slow return to more regular level of activities, as the organisation and its allies kept recovering and re-adjusting the intensity of work in the ongoing global health emergency.

The incoming resources for the year were £2.59m (2022/2023: £2.02m) – the income in 2023/2024 reflects ongoing multi-year grant agreements in support of the organisational strategy (2018-2023 and 2023-2026).

The total funds of the charity at the end of the year were £3.34m. This included £424k in project and other restricted funds and £2.91m in unrestricted funds. The trustees have set aside £2.16m (2024 Activity fund: £526k and Strategic fund 2026: £1.63m) of unrestricted funds as designated funds for delivery of the strategic objectives, projects and activities. The Trustees expect these designated funds to be fully utilised by the end of the strategic plan (2026). There is also £31k of designated fixed assets funds. The remaining £728k are general funds held for operational

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

working capital requirements to address financial risks surrounding income and expenditure in line with the reserves policy set out below.

Principal risks and uncertainties

Changes in funding environment and shifts due to ongoing multiple global crises and economic uncertainties, including armed conflicts, have potentially positive and negative consequences for PI: while the funding space is shrinking, PI's relevance and expertise continues to be very valued by existing institutional funders. PI recognises the ongoing global crises could cause funders to divert funding to other causes, and we are monitoring these shifts closely. See risk statement below for further information.

Reserves policy and going concern

Taking into account the risks, funding sources, and complexity of Privacy International, the Board of Trustees has set a reserves policy for Privacy International aiming for unrestricted and undesignated reserves equivalent to 6 months’ running costs – resulting in a target of £840k (currently: £728k, constituting 5.2 months of operational costs, representing the amount of general reserves not designated or otherwise committed to activity expenditure in 2024-2026).

The Executive Director and Resources Director continue to work with the Board of Trustees to maintain a policy of increasing unrestricted reserves until they are built to a level that ensures that core activity could continue during a period of unforeseen financial difficulty.

After making appropriate enquiries, the Trustees have a reasonable expectation that the company has adequate resources to continue in operational existence for the foreseeable future. For this reason, they continue to adopt the going concern basis in preparing the financial statements.

Fundraising

PI is working hard to ensure that PI's work is independent, cutting-edge and can be sustained for years to come. As a result, PI's work is funded by a variety of different sources. We do not accept funding from corporations because we believe that it would jeopardise the independence of our activities. We do not work with specialist fundraising service providers and fundraising is conducted by PI staff to maintain our high standards. We have also developed a due diligence process to investigate suspect donations and deal with them accordingly.

Main sources of funding for PI are multi-year grants (core support and project support alike) from a small number of big institutional donors. Public donations remain around 1% of overall annual income, which Privacy International continues to work to change with the goal of diversifying the funding to move away from high dependency on limited number of donors.

In our public fundraising we strive for the highest standards. We do not participate in fundraising and marketing tactics that we see as privacy intrusive, such as highly targeted behavioural advertising. Furthermore, we go beyond the minimum standards laid out in GDPR and have our supporter platform set up so supporters have control over their data, including being able to stop communications and withdraw consent whenever they want.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

In 2023/2024 we did not receive any complaints.

The staff and Board of Trustees of Privacy International are extremely grateful to the following organisations for their support over the past year:

Ford Foundation

Luminate Oak Foundation Open Society Foundations Paul Hamlyn Foundation Swedish International Development Cooperation Agency

Volunteers and pro bono support

The Trustees also wish to record their appreciation to the many eminent lawyers who have contributed their expertise to our legal work. We hugely appreciate the support received from Blackstone Chambers, Brick Court Chambers, Doughty Street Chambers, Bhatt Murphy, Liberty, Hausfeld, Duncan Lewis, Wilson Solicitors, Covington & Burling LLP, independent counsel, and various university departments, law clinics and legal experts including at the Harvard Law School Cyberlaw Clinic.

We also remain extremely grateful to Covington & Burling LLP for their continued support for Privacy International’s organisational development, including pro bono support for the further professionalization of our systems and processes for staffing and governance.

Plans for the future

The Strategy 2023-2026 recognises that we must build a sustainable PI that is capable of creating meaningful system change, genuinely engaging and protecting people, and openly amplifying and scaling impact; by staff who are supported to learn and grow to become effective advocates. Within the new results framework the plan is based on multi-year interventions.

Every planning cycle PI reassess the context, revisit the planned priority results, and explore creating new ones. PI then identifies annual project plans that will make progress towards these results, with their own annual objectives and results.

We will continue our Strategic Interventions in each of our four ‘Strategic Area’ programmes. Additionally we have set objectives around expanding our skills and capacities, deepening our expertise within core functions, and exploring more resilient operations.

Structure, governance and management

The organisation is a charitable company limited by guarantee, incorporated on 16 January 2002 and registered as a charity on 26 May 2012.

The company was established under a memorandum of association which established the objects and powers of the charitable company and is governed under its articles of association.

All trustees give their time voluntarily and receive no benefits from the charity. Any expenses reclaimed from the charity are set out in note 6 to the accounts.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Privacy International’s governing body is the Board of Trustees, which meets up to five times a year. The primary responsibility of the Board is to provide strategic leadership by formulating and reviewing Privacy International's strategic aims in consultation with staff, setting overall policy, regularly evaluating the charity's performance and risk management, and ensuring compliance with UK law. The Board of Trustees delegates day-to-day management of the charity to the Executive Director.

Financial controls

Privacy International continues to strengthen its financial management systems. As the organisation grows, we work hard to ensure that PI is accountable to the public, our partners, and our funders.

All expenditure is carried out with reference to Privacy International’s multi-year strategic plan and annual workplan, as approved by the Board prior to the start of each fiscal year. Financial procedures have been developed to monitor and evaluate the charity’s finances, including quarterly management accounts, which are prepared for review by Trustees, prior to each meeting of the Board.

The Board is assisted in taking decisions relating to budgeting and forecasting by the Finance and Audit Committee, which consists of three Trustees including the Treasurer. The Committee is responsible for recommending finance management policy to the Board and ensuring that existing policies are implemented. The audit function of the Committee is to consider the adequacy of risk management, internal controls, and governance.

Risk statement

Privacy International takes seriously the safety, security and wellbeing of its staff, consultants, partners and contracted sources and researchers and fully accepts our duty to provide a reasonable standard of care to those performing activities on our behalf. Our mission and operating locations inherently mean that our staff, consultants, partners, contracted sources and researchers are exposed to safety and security risks. Our approach to managing risk is one of risk management rather than risk aversion; however, we do not seek to engage in high-risk activities.

PI reviews and updates its risk framework and risk register on a regular basis from which the Board considers the following risks with the greatest overall potential impact on PI as at the date of signing the Accounts.

1. Insufficiently diverse or unsustainable sources of funding

The focus of policy makers and funders is continuously shifting to meet emerging challenges in ongoing multiple global crises. With many actors in the sector vying for attention, there is a risk that resources move away from existing commitments and effective tactics.

This uncertainty within the funding community is destabilising. PI is coping well, with a strong cash position at the end of fiscal year. Nonetheless, the funders’ programmatic changes make future planning challenging. Our partners’ sustainability will be further challenged.

PI remains highly reliant on limited number of funders - our most substantive long-term support comes from 4-5 institutional funders, and PI is vulnerable to their strategic changes. The board recognised the lack of flexibility in funding might result in limited resources to respond to

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

unexpected project developments and/or crisis situations. As the global situation continues to deteriorate and donors’ attention and their resources could be easily re-directed to other pressing topics and matters.

What is PI doing about it?

The Executive Director, with the support of the Strategy Team, engages regularly with current PI funders, not only as it relates to financial support but also to make sure they have in-depth understanding of and commitment to issues the sector is tackling and facing. PI regularly reviews the strategic developments of current and potential funders and keeps exploring other funders in the domain. The executive team also provides regular updates to the Finance and Audit Committee and Board of Trustees, and invites them to engage with donors, where needed. We continue to build infrastructure and processes to increase income from the public.

PI continues to innovate and explore new areas of work in pioneering ways, to make sure our work remains relevant and effective and bring needed change. The approach is to cooperate (not compete) with and support other actors. As PI plans interventions, it consults beneficiaries and stakeholders to understand and incorporate their perspectives and constantly monitors how PI work responds to beneficiaries’ needs, meeting our commitments and progress towards agreed vision and change.

PI also developed planning-scenarios to navigate the period of uncertainty, with Board, partners, and staff and will work to develop a diverse income portfolio that reduces risk exposure (especially risk of starvation cycle) and dependency on limited number of funding sources, without jeopardising its independence. With focus on critical operating reserves while PI will also work to make sure the funding structure considers building capital to allow for investment to support further development (i.e. explore new domains and methods and expand geographically).

2. Organisational health

PI transitioned to the new strategic plan in a climate of significant external pressures. Economic pressures pose risks to staff’s health and wellbeing; and PI’s ability to deliver.

Building PI as a resilient organisation was essential to PI’s ability to navigate this period. As firm believers in organisational strengthening, PI has more to do as an employer to be more effective, efficient, and a good place to work. This is a continuous developmental area.

What is PI doing about it?

IN 2023 PI deployed a new updated staff handbook, after a comprehensive review. Wellbeing management and supporting staff is an integral part of Privacy International’s global risk framework and management is key to building a more resilient organisation. Staff who feel supported will in return contribute to a balanced and healthy workplace.

As part of comprehensive review of practices, in 2023 PI conducted an audit of the wellbeing programme and updated it to best sector standards. In order to most effectively support staff, the wellbeing and training programmes now include:

coaching as part of available counselling schemes
change management training
psychological safety workshops

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

● manager training and support to effectively guide staff.

Further work is needed to cultivate the culture and embed within practices. Staff need greater clarity of expectations when they work together to deliver change and better understanding of their roles with respect to delivery and communications. PI needs to be quicker at adapting based on lessons, embedding them into future actions. Finally, PI is working to consolidate our learning programme, including adapting the externally-supported educational programming/training to our own learning programmes and practices for staff, e.g. develop own ‘how to do project management at PI’ course, as well as develop mentorship initiatives on communications, tech, and policy advocacy.

Risk management

Risk management is an essential part of the operations of Privacy International and a key responsibility of the Board, with a Risk Management Policy and framework in place. Trustees review the major risks to which the organisation is exposed, and the measures taken to mitigate them, at each of their meetings. The executive team reviews these risks regularly during the year and risks are identified and monitored for each area of operation as well as for significant new activities.

The risk register has been developed with reference to the UK Charity Commission and National Audit Office guidance and UK Charity Law and is regularly updated and comprehensively reviewed annually by the Board.

Whistle-Blowing

Privacy International is committed to maintaining the highest standards of integrity, honesty and professionalism in the workplace and to complying with its legal obligations. Whilst Privacy International makes every effort to ensure that its business is conducted according to these standards, employees may be aware of, or suspect, certain failings or wrongdoings within the organisation and they are encouraged to alert the organisation to such concerns so that they can be remedied. Information from concerned third parties is a very important element in detection, especially of corruption where formal controls can be made ineffective by collusion. The whistle-blowing policy was revised and approved by the Board in 2023 as part of the comprehensive review and update of the staff handbook, and applies to all employees, volunteers and contractors, both in the UK and overseas.

Appointment of trustees

At any one time the number of Trustees shall not be less than five, and no more than twelve. New Trustees are recruited through an open application process. Appointments are made not only on the basis of individual merit, but also taking into consideration the existing expertise and experience of the Trustees.

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

Trustee induction and training

New Trustees receive information on Privacy International's work, their duties as Trustees, and take part in induction meetings with the Executive Director and other members of the Privacy International staff.

Remuneration policy for key management personnel

The remuneration of staff is guided by PI’s Values and Competency Framework as set out in the organisational Staff Handbook, outlining roles and responsibilities, ensuring that each employee is rewarded in line with the level of their role and our overall remuneration structure. The remuneration of the Executive Director is decided by the Board of Trustees.

Statement of responsibilities of the trustees

The trustees (who are also directors of Privacy International for the purposes of company law) are responsible for preparing the trustees’ annual report and the financial statements in accordance with applicable law and United Kingdom Accounting Standards (United Kingdom Generally Accepted Accounting Practice).

Company law requires the trustees to prepare financial statements for each financial year which give a true and fair view of the state of affairs of the charitable company and of the incoming resources and application of resources, including the income and expenditure, of the charitable company for that period. In preparing these financial statements, the trustees are required to:

Select suitable accounting policies and then apply them consistently
Observe the methods and principles in the Charities SORP
Make judgements and estimates that are reasonable and prudent
State whether applicable UK Accounting Standards and statements of recommended practice have been followed, subject to any material departures disclosed and explained in the financial statements
Prepare the financial statements on the going concern basis unless it is inappropriate to presume that the charity will continue in operation

The trustees are responsible for keeping adequate accounting records that disclose with reasonable accuracy at any time the financial position of the charitable company and enable them to ensure that the financial statements comply with the Companies Act 2006. They are also responsible for safeguarding the assets of the charitable company and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities.

In so far as the trustees are aware:

There is no relevant audit information of which the charitable company’s auditor is unaware
The trustees have taken all steps that they ought to have taken to make themselves aware of any relevant audit information and to establish that the auditor is aware of that information

The trustees are responsible for the maintenance and integrity of the corporate and financial information included on the charitable company's website. Legislation in the United Kingdom

Privacy International

Trustees’ annual report

For the year ended 31 January 2024

governing the preparation and dissemination of financial statements may differ from legislation in other jurisdictions.

Members of the charity guarantee to contribute an amount not exceeding £1 to the assets of the charity in the event of winding up. The total number of such guarantees at 31 January 2024 was 8 (2023: 7). The trustees are members of the charity but this entitles them only to voting rights. The trustees have no beneficial interest in the charity.

Auditor

Sayer Vincent LLP was re-appointed as the charitable company's auditor during the year and has expressed its willingness to continue in that capacity.

The trustees’ annual report has been approved by the trustees 18 September 2024 on and signed on their behalf by:

Joshua Castellino

Chair of the Board

Independent auditor’s report

to the members of

Privacy International

Opinion

We have audited the financial statements of Privacy International (the ‘charitable company’) for the year ended 31 January 2024 which comprise the statement of financial activities, balance sheet, statement of cash flows and notes to the financial statements, including significant accounting policies. The financial reporting framework that has been applied in their preparation is applicable law and United Kingdom Accounting Standards, including FRS 102 The Financial Reporting Standard applicable in the UK and Republic of Ireland (United Kingdom Generally Accepted Accounting Practice).

In our opinion, the financial statements:

Give a true and fair view of the state of the charitable company’s affairs as at 31 January 2024 and of its incoming resources and application of resources, including its income and expenditure for the year then ended
Have been properly prepared in accordance with United Kingdom Generally Accepted Accounting Practice
Have been prepared in accordance with the requirements of the Companies Act 2006

Basis for opinion

We conducted our audit in accordance with International Standards on Auditing (UK) (ISAs (UK)) and applicable law. Our responsibilities under those standards are further described in the Auditor’s responsibilities for the audit of the financial statements section of our report. We are independent of the charitable company in accordance with the ethical requirements that are relevant to our audit of the financial statements in the UK, including the FRC’s Ethical Standard and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Conclusions relating to going concern

In auditing the financial statements, we have concluded that the trustees' use of the going concern basis of accounting in the preparation of the financial statements is appropriate.

Based on the work we have performed, we have not identified any material uncertainties relating to events or conditions that, individually or collectively, may cast significant doubt on Privacy International's ability to continue as a going concern for a period of at least twelve months from when the financial statements are authorised for issue.

Our responsibilities and the responsibilities of the trustees with respect to going concern are described in the relevant sections of this report.

Independent auditor’s report

to the members of

Privacy International

Other Information

The other information comprises the information included in the trustees’ annual report, other than the financial statements and our auditor’s report thereon. The trustees are responsible for the other information contained within the annual report. Our opinion on the financial statements does not cover the other information and, except to the extent otherwise explicitly stated in our report, we do not express any form of assurance conclusion thereon. Our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the course of the audit, or otherwise appears to be materially misstated. If we identify such material inconsistencies or apparent material misstatements, we are required to determine whether this gives rise to a material misstatement in the financial statements themselves. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact.

We have nothing to report in this regard.

Opinions on other matters prescribed by the Companies Act 2006

In our opinion, based on the work undertaken in the course of the audit:

The information given in the trustees’ annual report, for the financial year for which the financial statements are prepared is consistent with the financial statements; and
The trustees’ annual report, has been prepared in accordance with applicable legal requirements.

Matters on which we are required to report by exception

In the light of the knowledge and understanding of the charitable company and its environment obtained in the course of the audit, we have not identified material misstatements in the trustees’ annual report. We have nothing to report in respect of the following matters in relation to which the Companies Act 2006 requires us to report to you if, in our opinion:

Adequate accounting records have not been kept, or returns adequate for our audit have not been received from branches not visited by us; or
The financial statements are not in agreement with the accounting records and returns; or
Certain disclosures of trustees’ remuneration specified by law are not made; or
We have not received all the information and explanations we require for our audit; or
● The directors were not entitled to prepare the financial statements in accordance with the small companies regime and take advantage of the small companies’ exemptions

Independent auditor’s report

to the members of

Privacy International

in preparing the trustees’ annual report and from the requirement to prepare a strategic report.

Responsibilities of trustees

As explained more fully in the statement of trustees’ responsibilities set out in the trustees’ annual report, the trustees (who are also the directors of the charitable company for the purposes of company law) are responsible for the preparation of the financial statements and for being satisfied that they give a true and fair view, and for such internal control as the trustees determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the trustees are responsible for assessing the charitable company’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the trustees either intend to liquidate the charitable company or to cease operations, or have no realistic alternative but to do so.

Auditor’s responsibilities for the audit of the financial statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance but is not a guarantee that an audit conducted in accordance with ISAs (UK) will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

Irregularities, including fraud, are instances of non-compliance with laws and regulations. We design procedures in line with our responsibilities, outlined above, to detect material misstatements in respect of irregularities, including fraud. The extent to which our procedures are capable of detecting irregularities, including fraud are set out below.

Capability of the audit in detecting irregularities

In identifying and assessing risks of material misstatement in respect of irregularities, including fraud and non-compliance with laws and regulations, our procedures included the following:

Independent auditor’s report

to the members of

Privacy International

We enquired of management and Finance and Audit committee, which included obtaining and reviewing supporting documentation, concerning the charity’s policies and procedures relating to:
Identifying, evaluating, and complying with laws and regulations and whether they were aware of any instances of non-compliance;
Detecting and responding to the risks of fraud and whether they have knowledge of any actual, suspected, or alleged fraud;
The internal controls established to mitigate risks related to fraud or noncompliance with laws and regulations.
We inspected the minutes of meetings of those charged with governance.
We obtained an understanding of the legal and regulatory framework that the charity operates in, focusing on those laws and regulations that had a material effect on the financial statements or that had a fundamental effect on the operations of the charity from our professional and sector experience.
We communicated applicable laws and regulations throughout the audit team and remained alert to any indications of non-compliance throughout the audit.
We reviewed any reports made to regulators.
We reviewed the financial statement disclosures and tested these to supporting documentation to assess compliance with applicable laws and regulations.
We performed analytical procedures to identify any unusual or unexpected relationships that may indicate risks of material misstatement due to fraud.
In addressing the risk of fraud through management override of controls, we tested the appropriateness of journal entries and other adjustments, assessed whether the judgements made in making accounting estimates are indicative of a potential bias and tested significant transactions that are unusual or those outside the normal course of business.

Because of the inherent limitations of an audit, there is a risk that we will not detect all irregularities, including those leading to a material misstatement in the financial statements or non-compliance with regulation. This risk increases the more that compliance with a law or regulation is removed from the events and transactions reflected in the financial statements, as we will be less likely to become aware of instances of non-compliance. The risk is also greater regarding irregularities occurring due to fraud rather than error, as fraud involves intentional concealment, forgery, collusion, omission or misrepresentation.

A further description of our responsibilities is available on the Financial Reporting Council’s website at: www.frc.org.uk/auditorsresponsibilities. This description forms part of our auditor’s report.

Independent auditor’s report

to the members of

Privacy International

Use of our report

This report is made solely to the charitable company's members as a body, in accordance with Chapter 3 of Part 16 of the Companies Act 2006. Our audit work has been undertaken so that we might state to the charitable company's members those matters we are required to state to them in an auditor’s report and for no other purpose. To the fullest extent permitted by law, we do not accept or assume responsibility to anyone other than the charitable company and the charitable company's members as a body, for our audit work, for this report, or for the opinions we have formed.

Noelia Serrano (Senior statutory auditor)

30 September 2024

for and on behalf of Sayer Vincent LLP, Statutory Auditor 110 Golden Lane, LONDON, EC1Y 0TG

Privacy International

Statement of financial activities (incorporating an income and expenditure account)

For the year ended 31 January 2024

For theyear ended31January2024
Note Income from: 2 3 5 14 Reconciliation of funds: Charitable activities Total expenditure Donations and legacies Charitable activities Investments Total income Expenditure on: Other income Total funds brought forward Net income / (expenditure) for the year Total funds carried forward Transfers between funds Net movement in funds	Unrestricted £ 100,759 1,682,338 13,141 6,128	Restricted £ - 792,149 - -	2024 Total £ 100,759 2,474,487 13,141 6,128	Unrestricted £ 27,755 1,361,570 20,242 1,156	Restricted £ - 605,029 - -	2023 Total £ 27,755 1,966,599 20,242 1,156
	1,802,365	792,149	2,594,514	1,410,723	605,029	2,015,752
	1,223,004	849,466	2,072,470	1,334,892	766,153	2,101,045
	1,223,004	849,466	2,072,470	1,334,892	766,153	2,101,045
	579,361 66	(57,317) (66)	522,045 -	75,831 831	(161,124) (831)	(85,293) -
	579,427 2,334,972	(57,383) 481,078	522,045 2,816,050	76,662 2,258,310	(161,955) 643,033	(85,293) 2,901,343
	2,914,399	423,695	3,338,095	2,334,972	481,078	2,816,050

All of the above results are derived from continuing activities. There were no other recognised gains or losses other than those stated above. Movements in funds are disclosed in Note 14a to the financial statements.

Privacy International

Company no. 4354366

Balance sheet

As at 31 January 2024

As at 31 January 2024
Note Fixed assets: 10 Current assets: 11 Liabilities: 12 14a Unrestricted general funds General funds Total charity funds Cash at bank and in hand Tangible assets The funds of the charity: Creditors: amounts falling due within one year Net current assets Total net assets Debtors Restricted income funds Unrestricted income funds: Designated funds	£ 58,760 3,418,976	2024 £ 31,240	£ 98,230 2,800,469	2023 £ 33,516
		31,240 3,306,855		33,516 2,782,534
	3,477,736 (170,881)		2,898,699 (116,165)
	2,186,403 727,997		1,640,722 694,250
		3,338,095		2,816,050
		423,695 2,914,399		481,078 2,334,972

		3,338,095		2,816,050

Approved by the trustees on 18 September 2024 and signed on their behalf by

Professor Joshua Castellino Trustee

Privacy International

Statement of cash flows

For the year ended 31 January 2024

For theyear ended 31January2024
Cash flows from operating activities (as per the statement of financial activities) Depreciation charges Dividends, interest and rent from investments Decrease/(increase) in debtors Increase in creditors Cash at bank and in hand Total cash and cash equivalents Purchase of fixed assets Net cash provided by/(used in) operating activities Analysis of cash and cash equivalents and of net debt Net income for the reporting period Cash and cash equivalents at the end of the year Change in cash and cash equivalents in the year Cash and cash equivalents at the beginning of the year Net cash (used in) investing activities Cash flows from investing activities: Dividends, interest and rents from investments	£ £ 522,045 31,041 (6,128) 39,470 54,717 641,145 6,128 (28,766) (22,638) 618,507 2,800,469 3,418,976 At 1 February 2023 Cash flows £ £ 2,800,469 618,507 2024		£ £ (85,293) 32,262 (1,156) (37,490) 19,075 (72,602) 1,156 (9,910) (8,754) (81,356) 2,881,825 2,800,469 Other non- cash changes At 31 January 2024 £ £ - 3,418,976 2023
		641,145 (22,638) 618,507 2,800,469		(72,602) (8,754) (81,356) 2,881,825
	At 1 February 2023 £ 2,800,469		Other non- cash changes £ -
		3,418,976		2,800,469
		Cash flows £ 618,507		At 31 January 2024 £ 3,418,976
	2,800,469	618,507	-	3,418,976

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

1 Accounting policies
a) Statutory information Privacy International is a charitable company limited by guarantee and is incorporated in England & Wales.

The registered office address and principal place of business is 62 Britton Street, London, EC1M 5UY.

b) Basis of preparation

The financial statements have been prepared in accordance with Accounting and Reporting by Charities: Statement of Recommended Practice applicable to charities preparing their accounts in accordance with the Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) - (Charities SORP FRS 102), The Financial Reporting Standard applicable in the UK and Republic of Ireland (FRS 102) and the Companies Act 2006/Charities Act 2011.

Assets and liabilities are initially recognised at historical cost or transaction value unless otherwise stated in the relevant accounting policy or note.

In applying the financial reporting framework, the trustees have made a number of subjective judgements, for example in respect of significant accounting estimates. Estimates and judgements are continually evaluated and are based on historical experience and other factors, including expectations of future events that are believed to be reasonable under the circumstances. The nature of the estimation means the actual outcomes could differ from those estimates. Any significant estimates and judgements affecting these financial statements are detailed within the relevant accounting policy below.

c) Public benefit entity

The charity meets the definition of a public benefit entity under FRS 102.

d) Going concern

The charity's income is mainly derived from non self-generated sources, such as grants, service level agreements and other governmental or NGO sources. The trustees consider that there are no material uncertainties about the likelihood that this support will continue, and accordingly, the accounts have been prepared on a going concern basis.

e) Income

Income is recognised when the charity has entitlement to the funds, any performance conditions attached to the income have been met, it is probable that the income will be received and that the amount can be measured reliably.

Income from government and other grants, whether ‘capital’ grants or ‘revenue’ grants, is recognised when the charity has entitlement to the funds, any performance conditions attached to the grants have been met, it is probable that the income will be received and the amount can be measured reliably and is not deferred.

f) Donations of gifts, services and facilities

Donated professional services and donated facilities are recognised as income when the charity has control over the item or received the service, any conditions associated with the donation have been met, the receipt of economic benefit from the use by the charity of the item is probable and that economic benefit can be measured reliably. In accordance with the Charities SORP (FRS 102), volunteer time is not recognised so refer to the trustees’ annual report for more information about their contribution.

On receipt, donated gifts, professional services and donated facilities are recognised on the basis of the value of the gift to the charity which is the amount the charity would have been willing to pay to obtain services or facilities of equivalent economic benefit on the open market; a corresponding amount is then recognised in expenditure in the period of receipt.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

1 Accounting policies (continued)
g) Interest receivable
Interest on funds held on deposit is included when receivable and the amount can be measured reliably by the charity; this is normally upon notification of the interest paid or payable by the bank.

h) Fund accounting Restricted funds are to be used for specific purposes as laid down by the donor. Expenditure which meets these criteria is charged to the fund.

Unrestricted funds are donations and other incoming resources received or generated for the charitable Designated funds are unrestricted funds earmarked by the trustees for particular purposes.

i) Expenditure recognition

Expenditure is recognised once there is a legal or constructive obligation to make a payment to a third party, it is probable that settlement will be required and the amount of the obligation can be measured reliably. Irrecoverable VAT is charged as a cost against the activity for which the expenditure was incurred. Expenditure is classified under the following activity headings:

Expenditure included in Raising Funds includes amounts incurred in obtaining grants and other donations.

Charitable expenditure includes those costs expended in fulfilling the charity's principal objects, as outlined in the Report of the Trustees. These include grants payable, governance costs and an apportionment of support costs.

Grants payable are payments made to third parties in furtherance of the charity's objects. In the case of an unconditional grant offer this is accrued once the recipient has been notified of the grant award. The notification gives the recipient a reasonable expectation that they will receive the grant. Grants awards that are subject to the recipient fulfilling performance conditions are only accrued when the recipient has been notified of the grant and any remaining unfulfilled condition attaching to that grant is outside of the control of the charity.
Governance costs comprise all costs involving the public accountability of the charity and its compliance with regulation and good practice. These costs include costs related to the independent examination and legal fees.
Rentals under operating leases are charged as incurred over the term of the lease.

Costs are allocated directly to projects where they can be identified as relating solely to that project. Other costs are allocated between the funds based on staff time spent on the fund activities or other appropriate criteria. Irrecoverable VAT is charged as a cost against the activity for which the expenditure was incurred.

Allocation of support costs

Support costs are allocated to the charity's charitable activities.

Governance costs are the costs associated with the governance arrangements of the charity. These costs are associated with constitutional and statutory requirements and include any costs associated with the strategic management of the charity’s activities.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

1 Accounting policies (continued)

j) Tangible fixed assets

Tangible fixed assets are stated at cost less depreciation. Depreciation is provided at the following annual rates in order to write off each asset over its estimated useful life.

Depreciation is provided at rates calculated to write down the cost of each asset to its estimated residual value over its expected useful life. The depreciation rates in use are as follows:

Software 33% on cost
Computer equipment 50% on cost  Furniture & fixtures 25% on cost  Leasehold improvements 20% on cost

k) Debtors

Trade and other debtors are recognised at the settlement amount due after any trade discount offered. Prepayments are valued at the amount prepaid net of any trade discounts due.

l) Cash at bank and in hand

Cash at bank and cash in hand includes cash and short term highly liquid investments with a short maturity of three months or less from the date of acquisition or opening of the deposit or similar account.

m) Creditors and provisions

Creditors and provisions are recognised where the charity has a present obligation resulting from a past event that will probably result in the transfer of funds to a third party and the amount due to settle the obligation can be measured or estimated reliably. Creditors and provisions are normally recognised at their settlement amount after allowing for any trade discounts due.

n) Financial instruments

The charity only has financial assets and financial liabilities of a kind that qualify as basic financial instruments. Basic financial instruments are initially recognised at transaction value and subsequently measured at their settlement value.

o) Pensions

The charity operates defined contribution schemes which are administered by outside independent pensions providers. Contributions payable for the year are charged to the Statement of Financial Activities.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

2 Income from charitable activities

Foundation to Promote Open Society Oak Foundation The Swedish International Development Cooperation Agency- Core support The Swedish International Development Cooperation Agency - project grant Ford Foundation BUILD Paul Hamlyn Foundation Luminate Ford Foundation BUILD Donated in-kind services Ford Foundation - project Grants	Unrestricted £ 819,068 250,000 351,309 243,540 18,420 - - - - -	£ - - - - - 164,400 162,360 406,389 - 59,000 Restricted	2024 Total £ 819,068 250,000 351,309 243,540 18,420 164,400 162,360 406,389 - 59,000	Unrestricted £ - 263,412 870,831 211,037 16,290 - - - - -	£ - - - - - - 140,691 434,906 (28,568) 58,000 Restricted	2023 Total £ - 263,412 870,831 211,037 16,290 - 140,691 434,906 (28,568) 58,000
	1,682,338	792,149	2,474,487	1,361,570	605,029	1,966,599

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

3a Analysis of expenditure (current year)

Staff costs (Note 6) Other staff related costs Grants to partners (note 4) Project expenses Rent Depreciation Consultancy Trustee expenses Audit (Gains) on foreign exchange Office expenses Legal and professional fees Travel and accommodation Translation Other costs Support costs Governance costs Total expenditure 2024 Total expenditure 2023	Charitable Activities £ 1,396,855 60,006 99,951 55,600 - - 106,656 4,430 - (271) - 9,494 64,804 6,827 - 1,804,353 252,774 15,343 2,072,470 -	Governance costs £ - - - - - - - - 15,330 - - - - - 13 15,343 - (15,343) - -	Support costs £ - - - - 85,468 31,041 - - - - 116,633 18,240 - - 1,392 252,774 (252,774) - - -	2024 Total £ 1,396,855 60,006 99,951 55,600 85,468 31,041 106,656 4,430 15,330 (271) 116,633 27,734 64,804 6,827 1,405 2,072,470 - - 2,072,470	2023 Total £ 1,372,227 31,320 234,503 62,863 83,397 33,411 99,325 2,866 10,260 (65) 99,703 26,681 31,082 11,417 2,056
					2,101,045 - -
					2,101,045 2,101,045

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

3b Analysis of expenditure (prior year)

Staff costs (Note 6) Other staff related costs Grants to partners (note 4) Project expenses Rent Depreciation Consultancy Trustee expenses Audit (Gains) on foreign exchange Office expenses Legal and professional fees Travel and accommodation Translation Other costs Support costs Governance costs Total expenditure 2023	Charitable Activities £ 1,372,227 31,320 234,503 62,863 - - 90,252 2,866 - (65) - 10,391 31,082 11,417 - 1,846,855 243,916 10,273 2,101,045	Governance costs £ - - - - - - - - 10,260 - - - - - 13 10,273 - (10,273) -	Support costs £ - - - - 83,397 33,411 9,073 - - - 99,703 16,290 - - 2,043 243,916 (243,916) - -	2023 Total £ 1,372,227 31,320 234,503 62,863 83,397 33,411 99,325 2,866 10,260 (65) 99,703 26,681 31,082 11,417 2,056 2,101,045 - - 2,101,045	2022 Total £ 1,267,775 30,536 232,269 27,107 85,416 33,651 51,782 - 22,320 61 104,401 32,955 528 12,312 2,665
					1,903,778 - -

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

4a Grant making to institutions

Grant making to institutions
Asociación por los Derechos Civiles Cost The Centre for Internet and Society Derechos Digitales Hermes Center for Transparency and Digital Human Fundación Karisma Ipandetec Corporación Centro De Estudios de Derecho, Justicia y Sociedad – Dejusticia The Libertarian Research & Education Trust Kenya Legal and Ethical issues network on HIV&AIDS Other Haki Na Sheria Unwanted Witness TEDIC Foundaiton for Media Alternatives At the end of the year ICJ Kenya Internet Labs Paradigm Initiative Nigeria Red en Defensa de los Derechos Civiles Transparencia Electoral	2024 £ - - - - - 10,000 - - - - 14,201 8,000 24,953 5,000 11,501 - 8,072 5,000 13,225	2023 £ 19,000 15,923 10,000 4,000 13,369 11,140 9,999 45,105 9,000 1,000 31,526 10,000 - - 17,216 10,000 - 5,000 22,225
	99,951	234,503

Other grants include grants to partners below £5,000 in the year and also those organisations which need to remain anonymous due to sensitive nature of their work.

5 Net income / (expenditure) for the year

This is stated after charging / (crediting):

This is stated after charging / (crediting):
	2024	2023
	£	£
Depreciation	31,041	33,411
Operating lease rentals payable:
Property	83,328	79,375
Auditor's remuneration (gross of VAT):
Audit	13,680	12,780
Other services	-	-

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

6 Analysis of staff costs, trustee remuneration and expenses, and the cost of key management personnel

Staff costs were as follows:

Staff costs were as follows:
Salaries and wages Social security costs Employer’s contribution to defined contribution pension schemes	2024 £ 1,174,686 127,343 94,826	2023 £ 1,157,365 135,555 79,307
	1,396,855	1,372,227

The following number of employees received employee benefits (excluding employer pension costs and employer's national insurance) during the year between:

		2024	2023
		No.	No.
£60,000	- £69,999	1	1
£70,000	- £79,999	-	-
£80,000	- £89,999	1	1

The charity considers its key management personnel to be the trustees and the executive director. The total employment benefits (including employer pension contributions) of the key management personnel were £109,475 (2023: £91,285).

Included within salaries and wages are redundancy and termination costs totaling £21,213 (2023: Nil)

No remuneration was paid to any trustee or their associates for services as a trustee during the year ended 31 January 2024 nor to 31 January 2023.

During the year the charity paid 3 trustees' travel expenses £4,430: (2023: 2,866).

7 Staff numbers

The average number of employees (head count based on number of staff employed) during the year was 25 (2023: 25)

8 Related party transactions

There are no related party transactions to disclose for this financial year (2023: none).

9 Taxation

The company is a registered charity. Accordingly, it is exempt from taxation in respect of income and capital gains to the extent that these are applied to its charitable objects.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

10 Tangible fixed assets

Tangible fixed assets
Charge for the year At the start of the year Eliminated on disposal At the end of the year Net book value At the end of the year At the start of the year Cost Depreciation At the start of the year Additions in year Disposals in year At the end of the year	Leasehold improvements Software £ £ 107,315 3,645 18,480 - (3,078) -	Computer equipment £ 73,399 9,331 (12,490)	Furniture & fixtures £ 23,696 955 (1,735)	Total £ 208,055 28,766 (17,303)
	122,717 3,645	70,240	22,916	219,518
	87,603 3,645 18,274 - (3,078) -	63,059 10,970 (12,490)	20,232 1,797 (1,735)	174,539 31,041 (17,303)
	102,799 3,645	61,539	20,294	188,278
	19,918 -	8,700	2,621	31,240
	19,712 -	10,340	3,464	33,516

All of the above assets are used for charitable purposes.

11 Debtors

Debtors
Prepayments Accrued income Rent deposit Payroll taxes Creditors: amounts falling due within one year Trade creditors Accruals Credit cards	2024 £ 15,478 43,282 -	2023 £ 15,478 63,408 19,344
	58,760	98,230
	2024 £ 4,900 5,435 41,093 119,452	2023 £ 13,444 3,767 29,861 69,093
	170,881	116,165

12 Creditors: amounts falling due within one year

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

13a Analysis of net assets between funds (current year)

Analysis of net assets between funds (current year)
Net assets at 31 January 2023 Analysis of net assets between funds (prior year) Tangible fixed assets Current liabilities Net assets at 31 January 2024 Tangible fixed assets Current liabilities Current assets Current assets	General unrestricted £ - 727,997 -	Designated £ 31,240 2,326,044 (170,881)	Restricted £ - 423,695 -	Total funds £ 31,240 3,477,736 (170,881)
	727,997	2,186,402	423,695	3,338,095
	General unrestricted £ - 694,250 -	Designated £ 33,516 1,723,371 (116,165)	Restricted £ - 481,078 -	Total funds £ 33,516 2,898,699 (116,165)
	694,250	1,640,722	481,078	2,816,050

13b Analysis of net assets between funds (prior year)

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

14a Movements in funds (current year)

Movements in funds (current year)
Total restricted funds Total designated funds General funds Restricted funds: Ford Foundation 2024 Activity fund Unrestricted funds: Ford Foundation BUILD Paul Hamlyn Foundation Total unrestricted funds Strategic fund 2026 The Swedish International Development Cooperation Agency - Core support Fixed asset fund Total funds Designated funds:	At 1 February 2023 Income & gains £ £ 14,505 164,400 95,589 162,360 350 59,000 370,634 406,389	Expenditure & losses £ (142,876) (109,646) (59,284) (537,660)	Transfers £ - - (66) -	At 31 January 2024 £ 36,029 148,303 - 239,363
	481,078 792,149	(849,466)	(66)	423,695
	1,607,206 - - - 33,516 -	(1,081,294) - -	- 1,629,250 (2,276)	525,913 1,629,250 31,240
	1,640,722 -	(1,081,294)	1,626,974	2,186,403
	694,250 1,802,365	(141,710)	(1,626,908)	727,997
	2,334,972 1,802,365	(1,223,004)	66	2,914,399
	2,816,050 2,594,514	(2,072,470)	-	3,338,095

The narrative to explain the purpose of each fund is given at the foot of the note below.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

14b Movements in funds (prior year)

Movements in funds (prior year)
Total restricted funds Total designated funds General funds Ford Foundation BUILD Total unrestricted funds Designated funds: Fixed asset fund Foundation to Promote Open Society - Eurasia Luminate Paul Hamlyn Foundation The Swedish International Development Cooperation Agency - project Unrestricted funds: The Swedish International Development Cooperation Agency - Core support 2024 Activitiy fund Ford Foundation Restricted funds: Total funds	At 31 January 2022 Income & gains £ £ 180,750 - 50,150 140,691 33,345 - 32,478 - 1,030 58,000 315,752 434,906 29,528 (28,568)	Expenditure & losses £ (166,245) (95,252) (33,476) (32,461) (58,680) (380,024) (15)	Transfers £ - - 131 (17) - - (945)	At 31 January 2023 £ 14,505 95,589 - - 350 370,634 -
	643,034 605,029	(766,153)	(831)	481,078
	1,579,576 - 55,868 -	(1,317,650) -	1,345,280 (22,352)	1,607,206 33,516
	1,635,444 -	(1,317,650)	1,322,928	1,640,722
	622,866 1,410,723	(17,242)	(1,322,097)	694,250
	2,258,310 1,410,723	(1,334,892)	831	2,334,972
	2,901,343 2,015,752	(2,101,045)	-	2,816,050

Purposes of restricted funds

Projects financed by restricted funds are supported by unrestricted funding where necessary. This occurs where the funding is in arrears or the incidence of expenditure on the project occurs disproportionately at the beginning of the project compared to the income flows. Where restricted projects end the year with a deficit, this is met by after year-end restricted income or transfers from unrestricted funds.

Ford Foundation

The Ford Foundation is a globally oriented private foundation with the mission of advancing human welfare. In late 2020 Privacy International received a 2 year-grant to support civil society in the Global South to investigate, advocate against and support civil society in understanding implications of developments around global and local responses to COVID-19, extended into early 2024. In October 2020 PI received a five-year general support grant, combined with targeted organizational strengthening through Ford Foundation BUILD program.

Foundation to Promote Open Society/OSF

The Open Society Foundations work to build vibrant and tolerant democracies whose governments are accountable to their citizens. The Foundations seek to shape public policies that assure greater fairness in political, legal, and economic systems and safeguard fundamental rights. In September 2021 PI received a grant to explore our engagement in new geographical areas, with specific focus on civil society in Eurasia region.

Privacy International

Notes to the financial statements

For the year ended 31 January 2024

Luminate

Established in 2018, Luminate is a global philanthropic organisation with the goal of empowering people and institutions to work together to build just and fair societies, delivering impact in four connected areas that underpin strong societies: Civic Empowerment, Data & Digital Rights, Financial Transparency, and Independent Media. Since mid-2013 the Omidyar Network and since 2019 Luminate (an offshoot of the Omidyar Network), have been supporting Privacy International in building organisational capacity to become more resilient and strong leader within civil society.

Paul Hamlyn Foundation

Paul Hamlyn Foundation's mission is to help people overcome disadvantage and lack of opportunity, so that they can realise their potential and enjoy fulfilling and creative lives. In February 2021 Pl received a 3-year grant to look into invasive data exploitation practices in immigration processes

The Swedish International Development Cooperation Agency/SIDA

The Swedish International Development Agency is supporting Pl in our collaboration with civil society actors in countries across east Africa, south and south-east Asia and South America. The 4-year project, which started in January 2017 and completed in April 2021, aimed to strengthen civil society's capacity to protect the right to privacy, while confronting data-driven transformations in power. In June 2021 PI received from SIDA grant to support PI's strategy through to January 2025.

Purposes of designated funds

Activity fund 2024

The 2024 activity fund represents funds set aside by the trustees in the 2021/22 and 2022/2023 financial years for delivery of strategic objectives, projects and activities in first year of new strategic year. The Trustees continue to monitor the use of the fund and expect the fund to be fully utilised by January 2025.

Strategic Fund 2026

Strategic Fund 2026 represents funds set aside by trustees from unrestricted funding paid to PI in advance to support delivery of Strategic Plan 2023-2026. Trustees expect the fund to be utilised by 2026

Fixed Asset fund

The fixed asset fund represents the net book value of fixed assets at year-end as these are not freely available for the charity's use.

15 Operating lease commitments payable as a lessee

The charity's total future minimum lease payments under non-cancellable operating leases is as follows for each of the following periods:

of the following periods:
Less than one year One to five years Over five years	2024 2023 £ £ 96,075 41,750 168,131 - - - Property
	264,206	41,750

16 Legal status of the charity

The charity is a company limited by guarantee and has no share capital. The guarantors liability in the event the company is wound up is restricted to a maximum of £1 each.

Privacy International

Contents

Reference and administrative information

Trustees’ annual report

For the year ended 31 January 2024

Objectives and activities

Purposes and aims

Mission

Vision

Governance of Privacy International (PI)’s activities

Trustees’ annual report

For the year ended 31 January 2024

Beneficiaries of our services

Trustees’ annual report

Achievements and performance

Results and Impact in 2023

We deliver: Strategic Results and Impact 2023

Change through Courts and Regulators’ Decisions

United Kingdom accountable for its digital spying outside its borders

Trustees’ annual report

For the year ended 31 January 2024

Change through Policy developments

European Commission pushes industry to extend security support for tech

EU offers more control of their devices to people

Strengthened tools against consumer profiling

Change through key stakeholder engagement

Informing the protection of elections

Trustees’ annual report

For the year ended 31 January 2024

UN special mandate holder speaks out on spyware

UN special mandate holders speak out on UN travel surveillance programme

UN Human Rights Commissioner reports on border surveillance

UNICEF reports on protecting children from surveillance at protests

European Parliamentary scrutiny of spyware

Trustees’ annual report

For the year ended 31 January 2024

Delivering change by Targeting adversaries

Amazon and iRobot forced to terminate their merger

French Data Protection regulator (CNIL) fined Doctissimo

French Data Protection regulator (CNIL) fined AdTech company Criteo

... that result then informed a court’s decision against Criteo

Delivering change by Enabling scalable action

Joint regulatory action against Clearview generated impact in 5 countries

Trustees’ annual report

For the year ended 31 January 2024

Joint, beneficiary-led campaign against company involved in migrants’ surveillance

Inviting people to raise awareness together on facial recognition

Engaging CSO leaders in other domains to consider their risks

Delivering change through Fieldbuilding

Change through Enabling partners and allies

Trustees’ annual report

For the year ended 31 January 2024

Change through Educating others

Delivering on Protecting affected populations

Trustees’ annual report

For the year ended 31 January 2024

We lead by example: Learning and Reflections

We work with others: Our Network and Change

Trustees’ annual report

For the year ended 31 January 2024

We build: Core and Internal developments

Launch and implementation of new strategy

Further Human Resources development

Financial review

Principal risks and uncertainties

Reserves policy and going concern

Fundraising

Trustees’ annual report

For the year ended 31 January 2024

Volunteers and pro bono support

Plans for the future

Structure, governance and management

Trustees’ annual report

For the year ended 31 January 2024

Financial controls

Risk statement

1. Insufficiently diverse or unsustainable sources of funding

Trustees’ annual report

For the year ended 31 January 2024