For the 13th edition of Privacy Camp, we focused on recognising the collective struggles facing the digital justice and wider social justice fields: our rights and freedoms – online and offline – are facing unprecedented threats. Whether it be policy shifts or crackdowns on human rights defenders, increasing militarisation within and at borders, or systemic repression across civil society, academia, and the general public more broadly — the landscape of rights, freedoms, and justice is under growing strain.

The increasingly far-right political landscape in Europe, and beyond has enabled a wave of deregulation on important legislative wins, as well as violent crackdowns on protest movements and erosion of rights for historically marginalised communities.

At Privacy Camp 2025, we welcomed over 370 people in-person and more than 550 online to collectively grapple with the question: How do we build and sustain resilience and resistance in times of deregulation and authoritarianism?

We were thrilled to note that this was the most widely attended edition of the event in its history.

The 13th edition of Privacy Camp was organised by European Digital Rights (EDRi), in collaboration with our partners the Research Group on Law, Science, Technology & Society at Vrije Universiteit Brussel (VUB), Privacy Salon, the Institute for European Studies at Université Saint-Louis – Bruxelles, and the Racism and Technology Center.

Read summaries of all the sessions at #PrivacyCamp24 below

Contents

• Access to devices by law enforcement: How does current police practice call for legal change?

• Resisting deregulation of data centers in Europe: Tactics and action

• Mapping the effects of militarisation in digital rights

• Strategic litigation against tech harms: How do we learn, improve, and remain relevant?

• GDPR and ePrivacy at risk: in the EU’s digital rulebook

• Military decision making making systems: Countering the normalisation of surveillance in war

• ‘Predictive’ policing in Europe: Current state and counter strategies

• Privacy under pressure: AI surveillance and digital rights in Eurasiay

• Resisting technology by building resilience through communities

• GDPR under attack:What resists, persists (civil society roundtable with the EDPS)

• “Policy change is an end point, not an origin”: Moving beyond reform for digital justice

• Simplification, securitisation, and surveillance: What’s at stake for fundamental rights in Europe and beyond?

• From digital sovereignty to self-determination

• Reporting from exile: Digital innovation, resilience, and safety in the context of digital authoritarianism

• Co-creating a factsheet: Mapping the impact of technology on environmental justice

• Under fire: Resisting spyware in Europe

• Deregulate all the things (except policing)? Building a united front in the face of securitisation

• Shadowbanning as an authoritarian expression: How to reclaim women’s health discourse and resist digital violence

• Organising techies: Out of the comfort zone and into digital rights

• Get started in the Fediverse: How the Open Social Web can set you free from Big Tech social media

Access to devices by law enforcement: How does current police practice call for legal change?

One of the first session of the day offered a legal and technical perspective on access to devices and encrypted messages for law enforcement. The Moderator Bastien le Querrec, Legal Officer at La Quadrature du Net kicked things off by offering an overview of the current context where law enforcement agencies’ power to access data has been expanding increasingly being legitimised.

The discussion started with the SkyECC and Encrochat cases where the French police compromised the entire encrypted messaging service for criminal investigation, rather than targeting specific phones. Attendees watched a part of speaker Guillaume Dasquié’s documentary, Sky ECC: The Crime Messenger’ to understand the ongoing attacks on encryption and encrypted services. Guillaume explained the technical and legal mechanisms behind the SkyECC case, which involved a French cloud company allowing police to access encrypted data and the French legal system legitimising this by labeling all users of SkyECC criminals.

Chloé Berthélémy, Senior Policy Advisor at EDRi, built on Guillaime’s explanation of the SkyECC case, sharing with the audience how EU laws actually facilitate operations like SkyECC rather than protecting people’s fundamental rights. Even courts protect EU judicial and police cooperation over people’s rights. She also highlighted the important role Europol plays in this dynamic. Through the various legislative reforms of Europol, supported by EU lawmakers, the police cooperation agency has been able to remove all “obstacles” to judicial and police cooperation between EU countries. They are also leading the charge on spreading the narrative that being able to access encrypted data is necessary, calling for so-called “encryption front-doors” and lawful access (in other words, encryption backdoors). Europol is being supported by the European Commission such as through their “Going Dark” High-Level group which recommended maximum access to personal data for law enforcement.

Rory Flynn, Full Stack Developer at Amnesty Tech Security Lab, spoke about the implication of the use of spyware tools on civil liberties, specifically referring to Serbia’s use of the Cellebrite tool to install spyware and constantly monitor people’s phone.

Resisting deregulation of data centers in Europe: Tactics and action

The session aimed to critically expose the environmental and democratic costs of unchecked data centre expansion in Europe. Facilitated by Dr. Corinne Cath, Head of Global Team Digital at ARTICLE 19, the exchange brought together insights from Dr. Fieke Jansen, co-principal Investigator at the critical infrastructure lab, Max Schulze, Executive Chairman of the Sustainable Digital Infrastructure Alliance, and Bárbara Simão, Program Officer at ARTICLE 19, with the aim to develop concrete strategies to resist the deregulatory agenda threatening climate goals and community rights.

The workshop started with a short input from speakers who brought different examples to light, mapping connections between Big Tech’s capacity hoarding, AI’s exponential energy demands, and the systematic dismantling of environmental protections.

Dr. Fieke Jansen highlighted a Dutch case in which a municipality entered a seven-year contract with a foreign data centre, resulting in local high schools being unable to expand due to the energy grid reaching full capacity. This example illustrates a recurring pattern in which foreign companies consume local resources, raising concerns about the state’s prioritisation of market interests over public needs. Max Schulze noted that, while digital services are theoretically global, there is potential for IT infrastructure to be localised through smaller, human-scale data centres that produce software locally and contribute to regional economies. Bárbara Simão drew a comparison with Brazil, where the state has sought “digital sovereignty” by hosting foreign data centres, yet retains limited control over them. Weak environmental safeguards, vague impact criteria, and minimal public participation were identified as persistent challenges. The discussion emphasised the importance of linking global perspectives with solutions at the local level.

During subgroup discussions, participants explored actionable strategies. One group examined ways to move beyond localised opposition narratives, emphasising the need for transparency, awareness-raising, and coalition-building across regions. Another group addressed challenges to developing local IT infrastructure, including issues of scale, trust, policy gaps, and limited human capital, while highlighting the benefits of embedding local values and responding to actual community needs. A third group analysed the environmental impacts of data centres within a context characterised as a “non-rational state,” drawing parallels with gas fracking and noting the role of investigative journalism and public scrutiny in prompting accountability and change.

Overall, the session stressed that effective civil society action requires linking local and global perspectives, practical coalition-building, and advocacy for regulatory frameworks that prioritise environmental, social, and community concerns over purely market-driven approaches.

Mapping the effects of militarisation in digital rights

This workshop examined how technology is increasingly entangled with militarisation in Europe, and what this shift means for digital rights, environmental justice, and democratic accountability. Facilitated by Aljosa Ajanovic, Policy Advisor at EDRi, Jill Toh, and Naomi Appelman of the Racism & Technology Center, participants explored how militarised logics are reshaping funding priorities, policy frameworks, and technology deployment in ways that normalise surveillance, expand state power, and weaken social protections.

The discussion began from a shared understanding that technology is not neutral and is increasingly mobilised in support of military and security agendas. Participants mapped where militarisation already appears in their work, pointing to growing partnerships between Big Tech and military actors and to EU defence spending where digital technologies, AI, space, and military infrastructure are funded through the same channels. This convergence was seen as blurring the line between civilian and military uses of technology and accelerating the repurposing of civilian tools for military ends.

In the discussions with attendees, militarisation was traced across the entire technological supply chain, from the extraction of raw materials to the infrastructures built upon them, all of which feed into military production and surveillance systems. At the policy level, participants highlighted how AI and “innovation” are increasingly framed as instruments of defence and competitiveness, citing the spread of digital warfare task forces – first developed in Israel and now echoed in EU Member States – and the absence of clear provisions on military uses of AI in the EU Artificial Intelligence (AI) Act.

Across breakout groups, participants identified multiple areas where militarisation intersects with digital rights: examples were found in border control, migration, policing, AI development, and public services. Technologies such as digital identity systems, AI-driven surveillance, and data infrastructures were described as being weaponised against migrants and racialised communities, framing migration as a security threat while extending military logic into civilian governance.

Participants linked these trends to broader structural drivers, including deregulation, geopolitical competition, and the erosion of environmental and digital rights protections. In response, they stressed the need to challenge securitisation narratives and articulate alternative visions of safety grounded in social investment, community resilience, and environmental justice. Yet, caution was raised against adopting “national security” framings, which have previously reinforced exclusionary and border-focused agendas.

The session concluded with reflections on long-term strategy: there are challenging times ahead, and we need to strengthen transparency and accountability, engage tech workers, build resilient communities, and accept the possibility of short-term losses while remaining committed to resisting militarisation and refusing repressive technologies altogether.

Strategic litigation against tech harms: How do we learn, improve, and remain relevant?

This conversation table explored the role of strategic litigation in addressing technology-related human rights harms, unpacking both its potential and its limitations. Participants reflected on the growing pressure to hold powerful tech actors accountable in a context marked by pro-innovation narratives, shrinking civic space, and increasingly authoritarian discourse. In this setting, they were invited to question how strategic litigation can remain effective, relevant, and people-centred under these conditions.

With the facilitation of Lori Roussey, Founder & Executive Director at Data Rights, Alexandra Giannopoulou, Fundraising Lead & Legal Officer at Digital Freedom Fund, and Lucie Audibert, Solicitor at AWO, the session opened with a collective discussion on how to define “strategic litigation”. Participants highlighted its dual nature: a powerful tool capable of driving systemic change, but also a resource-intensive practice that can over-promise or fail if not carefully grounded in strategy, evidence, and collaboration.

Rather than treating litigation as a silver bullet, facilitators encouraged a more reflective and adaptive approach that learns from past successes and failures. To facilitate that, they invited participants to split into groups based on their experience with litigation.

The group familiar with strategic litigation discussed best practices and lessons learned throughout their respective experiences. A key challenge that was tackled was gathering evidence, particularly in cases involving large, transnational corporations. Participants shared their experiences of difficulties accessing information across borders, navigating freedom of information (FOI) regimes and overcoming refusals based on vague or expansive claims of ‘national security’. They discussed creative approaches, such as leveraging cross-border networks, making informal requests to institutions, and cooperating with legal, technical, and investigative experts to build stronger cases.

Participants newer to strategic litigation focused on identifying entry points, learning from existing cases, and finding allies to collaborate with. Across groups, there was strong interest in building connections between organisations working on similar issues and in sharing resources, tools, and lessons learned.

The session concluded with a collective reflection on the need to be strategic not only in choosing cases, but also in maximising their broader impact. Rather than viewing litigation as an isolated tactic, the discussion framed it as one element of a broader ecosystem of accountability.

GDPR and ePrivacy at risk: in the EU’s digital rulebook

The session examined the European Commission’s ongoing efforts to “simplify” the GDPR and the wider implications of withdrawing the ePrivacy Regulation. With the moderation of Ellen O’Regan, Data Protection and Privacy Reporter at POLITICO Europe, speakers explored how these reforms fit within a broader deregulatory agenda that risks weakening fundamental rights, legal certainty, and democratic accountability in the EU.

The discussion opened with Maria Magierska, Researcher at the University of Maastricht and European University Institute, who questioned the portrayal of fundamental rights and competitiveness as opposing aims. Underlining that not only the content of reform is problematic, but so is the form, she criticised the Commission’s proposal to remove Records of Processing Activities (RoPAs) without a proper fundamental rights impact assessment, stressing that RoPAs serve as key accountability tools rather than administrative burdens. Mariano delli Santi, Legal and Policy Officer at Open Rights Group, warned that similar deregulation in the UK had faced pushback from industry itself, as compliance investments risk being wasted while large tech companies stand to gain.

Jesper Lund, Chairperson at IT-POL Denmark, argued that weakening Article 30 would undermine legal certainty, and that better enforcement and guidance by data protection authorities would serve businesses and citizens more effectively. Turning to the ePrivacy Regulation, Anja Wyrobek, Legal Policy Advisor at the European Parliament, condemned its withdrawal as a blow to communications confidentiality, linking its failure to institutional memory loss and a misplaced “cookie fatigue” narrative that distracts from real enforcement gaps.

Speakers also warned against the introduction of so-called “low-risk” tracking, which could open new loopholes for adtech. triggering a “race to the bottom” among telecoms and publishers.

In closing, Magierska and Wyrobek stressed that deregulation threatens both the EU’s rule of law and its global credibility. Delli Santi highlighted the convergence of state and corporate surveillance interests, while Lund warned that practices like real-time bidding entrench constant monitoring of users. Responding to an audience question, the panel stressed that privacy and competitiveness are not mutually exclusive, strong protections can foster innovation and trust. What Europe needs is adequately resourced regulators to safeguard fundamental rights, security, and digital sovereignty in Europe.

Military decision making making systems: Countering the normalisation of surveillance in war

The session explored how the growing use of tech-enabled and data-intensive military decision-support systems is reshaping contemporary warfare and eroding fundamental rights. Chantal Joris, Senior Legal Officer at ARTICLE 19; Serhat Ozturk, Legal Officer at Privacy International, Marianne Rahme, Senior Policy Analyst at SME, and Mark Dempsey, Senior EU Advocacy Officer at ARTICLE 19 – speakers at the event – agreed on the flaws of a narrative that depicts technologies as tools that can enhance compliance with International Humanitarian Law, particularly the principles of distinction and proportionality.

AI-driven systems operate at speeds and levels of opacity that make meaningful human review impossible, and their very functioning depends on extensive, population-wide surveillance that blurs the boundary between intelligence gathering and mass monitoring.

Panellists illustrated these concerns through current examples, with Gaza serving as a stark demonstration of algorithmic warfare. Systems such as Lavender, Gospel, and “Where is Daddy?” automate the identification and targeting of individuals and infrastructure based on vast data sets, with only seconds of human oversight. This militarised digital ecosystem is enabled by major tech companies that provide data infrastructures, cloud services, and analytic capabilities. As technologies tested in conflict settings are later exported globally, the erosion of the line between civilian and military data becomes entrenched and normalised.

The discussion broadened to the global “data race” underpinning modern warfare, where militaries increasingly procure bulk data, which range from movements and communications to health information, through data brokers. These systems, designed to predict human behaviour at scale, rely on intrusive data extraction and threaten the rights to privacy, freedom of expression, and civic participation. Civilians become data points in processes they cannot see, understand, or contest.

In the conclusive remarks, speakers stressed the need to reclaim agency and shift the narrative. Beyond human rights arguments, they called for confronting the political economy of “defence” budgets, strengthening protections for scrutiny, and using available at the EU level (control on export, the Corporate Sustainability Due Diligence Directive) to curb harmful practices. By joining the front between humanitarian, human rights, and tech policy communities, we can collectively resisting the normalisation of data-driven surveillance and targeting systems in both conflict and everyday life.

‘Predictive’ policing in Europe: Current state and counter strategies

This workshop gathered the knowledge and experience of attendees to come up with collective strategies to challenge and, ultimately, abolish so-called ‘predictive’ policing. It was led by Sanne Stevens, Co-Director at Justice, Equity and Technology Project, Chris Jones, Executive Director at Statewatch, Romain Lanneau, Researcher at Statewatch and Corentin from Technopolice.

During the workshop, some important strategies to counter predictive policing emerged. It was noted that documenting the infrastructure and extent of this practice is key, whether it be mapping CCTV in cities, issuing data subject access requests or unveiling harms through community-led research. Secondly, awareness raising through sharing stories of concrete harms in people’s lives will motivate the public to mobilise. Overall resistance includes a multiplicity of actors and tactics, including civil disobedience, local activism, peer support and delegitimising securitisation narratives.

An important issue related to predictive policing that often goes under-noticed is that it’s also done by financial institutions using anti money-laundering (AML) and countering financing of terrorism (CFT) legislation in the EU. With recent changes, the EU AML/CFT framework seems ripe for hurtling everyone towards a financial surveillance society.

Privacy under pressure: AI surveillance and digital rights in Eurasia

This panel examined how artificial intelligence, facial recognition, and large-scale surveillance are reshaping digital rights across Eurasia, against a backdrop of authoritarian governance, weak legal safeguards, and shrinking civic space. The event brought together Sarkis Darbinyan from Eurasian Digital Foundation, RKS Global; Alex Kozlyuk from Human Constanta, VPN Guild; Sergey Ross from Collective Action Think Tank Brussels; and Anastasia Zhirmont, from Access Now as speakers. To open with, the peakers highlighted how the Eurasian region has become a testing ground for invasive technologies, often deployed before any meaningful legal or democratic oversight.

Participants described the region as caught between two dominant technological powers, Russia and China, whose export policies, surveillance tools, and governance models strongly influence local developments. Civil society organisations operate with extremely limited tools: advocacy mechanisms are weak, litigation is often ineffective, and international accountability structures are largely absent. In several countries, technologies are introduced first and only later “legalised” to fit government interests.

In the background of this discussion, an outline of the broader regional context was given: speakers noted how it had intensified pressure on civil society due to factors such as funding freezes, platform policy changes, and increasing repression. In many cases, online spaces remain one of the last arenas for civic engagement, making the role of large technology platforms particularly significant and raising difficult questions about how to influence companies that enable censorship and surveillance.

Concrete examples illustrated the scale of the challenge. Russia plans to connect millions of cameras into a unified facial recognition system by 2030, while China has exported surveillance infrastructure to countries such as Kyrgyzstan. Belarus was highlighted as an extreme case, where facial recognition systems operate in near-total opacity, creating a chilling effect on society and making accountability almost impossible. Kazakhstan, by contrast, was presented as a rare partial exception, with emerging AI legislation that includes risk assessments and potential prohibitions, though significant risks remain.

The discussion also addressed broader challenges for international solidarity. Litigation is hampered by barriers to expert admissibility, and global attention to the region remains limited. Similarly, panellists also warned how the “Brussels effect” could be harmful if EU standards are to be followed without consultation with local communities. The panel concluded by stressing that technical measures are always political. Safeguarding digital rights in Eurasia requires creativity, cross-regional alliances, particularly South-to-South cooperation, and stronger global support for civil society resisting surveillance under authoritarian pressure

Resisting technology by building resilience through communities

This panel focused on discussing power dynamics that drive the creation and use of repressive technologies in the context of migration. Speakers Alyna Smith from the Equinox Initiative for Racial Justice and EDRi Board member, Iness Ben Guirat from Université Libre de Bruxelles, Nandini Jiva from the Aapti Institute, and Myles Delfin from Bike Scouts Project dove into how dominant technological infrastructures enable surveillance and control, and highlighted the importance of community-led initiatives that challenge.

Smith kicked off the session by bringing up the political economy of tech infrastructure shaping the world we live in. This infrastructure is linked to a repressive ethos, which in turn leads to production and use of tech that is also deeply repressive. In migration control, the examples of such tech include drones supplied by Elbit and used by Libyan coast guards to intercept and forcibly return migrants and refugees, use of algorithmic tools during asylum seeking/migration process, etc.

Panelists then continued exploring how technology could look different and raising awareness of different initiatives that exist already which are re-imagining a new system built with care and resilience at its core. One such example of a positive community-centred use of tech was the Bike Scouts project from the Philippines. Delfin, Founder of the project, shared his experience of building a platform for social teamwork that uses bicyles, people power and technology. The project uses tech to organise distribution of aid, tracking displacements, and other purposes during times of disasters and emergencies. Another example of positive, people-affirming tech use was Forensic Architectures which uses tech like satellite imagery to investigate state violence and violations of human rights around the world.

Another point of discussion was the obstacles in the way of community-built and centric tech. Currently, so-called community tools are often built reactively, for the sake of building a tool and without considering people’s actual needs. Careless tech design or not considering the wider, repressive political context can lead to even well-intentioned tech being used as a system of oppression. Access to funding was noted as another barrier.

GDPR under attack:What resists, persists (civil society roundtable with the EDPS)

This roundtable explored the resilience of the EU’s General Data Protection Regulation (GDPR) at a time of increasing political and economic pressure to “simplify” digital regulation. Panellists discussed whether current reform debates risk weakening the GDPR’s core principles, how the regulation interacts with newer EU digital laws, and what is needed to ensure effective enforcement.

Discussions about changing the GDPR are not new, but are becoming more intense. European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski warned that what begins as technical simplification may gradually evolve into challenges to the regulation’s foundations. He stressed that simplification should be a tool to achieve better outcomes, not an end in itself.

Warning that the GDPR is already under attack, Itxaso Domínguez de Olazábal, Policy Advisor at EDRi, described the GDPR as a carefully balanced structure, where weakening individual provisions risk undermining the entire framework. She argued that claims of excessive regulatory burden are increasingly used to justify harmful data practices, often without evidence that deregulation improves competitiveness. Claire Pershan, EU Advocacy Lead at Mozillas Foundation, echoed these concerns, highlighting the unpredictability of fast-tracked reform processes and warning that reopening the GDPR could benefit powerful actors at the expense of citizens’ rights.

The discussion emphasised the GDPR’s role as the foundation of the EU’s broader digital rulebook, including the Digital Services Act (DSA) and Digital Markets Act (DMA). Panellists noted that these newer laws are designed to complement, not replace, data protection. Undermining the GDPR would therefore weaken the entire system of digital regulation and the protection of fundamental rights under the EU Charter.

In the discussion as well as in the exchange with the audience, enforcement emerged as a central theme. Panellists welcomed recent efforts to harmonise procedural rules for cross-border GDPR enforcement, seeing them as a step toward more consistent and effective action. However, speakers stressed that enforcement is not only about fines, but also about taking a firm stance against harmful practices. For this, persistent challenges, such as under-resourced Data Protection Authorities and a lack of political will to act against major violators, must be addressed.

Overall, the panel concluded that the GDPR remains a cornerstone of European digital rights. While improvements to enforcement and implementation are necessary, panellists strongly cautioned against reopening or weakening the regulation. The GDPR’s resilience, they argued, depends on defending its principles, strengthening enforcement, and keeping individuals’ fundamental rights at the centre of EU digital policy.

“Policy change is an end point, not an origin”: Moving beyond reform for digital justice

This workshop, facilitated by tèmítópé lasade-anderson, Executive Director at Glitch, brought together civil society and digital justice organisers to explore more liberatory advocacy work. Speakers Paige Collings, Senior Speech and Privacy Activist at Electronic Frontier Foundation, Likhita Banerji, Head of Algorithmic Accountability Lab at Amnesty Tech, Laurence Meyer, Co-Director of Weaving Liberation, and Sarah Chander, Director at Equinox Initiative for Racial Justice, kicked off the session by introducing the liberatory work their organisations are doing and setting the context: technology is an accelerator for marginalisations the way it’s being used in our current system. In an era of deregulation, where policy changes that civil society advocated for for years are being rolled back, what is the efficacy of policy reforms?

Attendees were invited to be self-critical and reflective about the work of their own organisations and how it lands on the spectrum of being reformist (often necessary but reactive, and upholding the ‘status-quo’) to revolutionist/liberatory (committed to systemic change).

Some high-level reflections that emerged from the rich group discussions centred on seeing political advocacy as one tool that should be embedded in a vision for an abolitionist future of a world where tech-facilitated prisons, police, military and other harms are obsolete. All our change-making strategies and tools must serve this vision. It was also highlighted that organisations can continue to engage with policy and legislative landscape, but do it in a reformist way to chip away at the system.

The role of civil society organisations in upholding the status-quo was also highlighted, with these orgs often being a vessel of white supremacy and hindering the world we want to create. This makes it even more crucial for organisations and people working in the system, who are or want to work differently towards systemic, revolutionary change, strategising together.

At the end, attendees committed to do self-critical work, and organisers of the session introduced a planned community of practice for this work.

Simplification, securitisation, and surveillance: What’s at stake for fundamental rights in Europe and beyond?

This conversation table examined the growing convergence between two trends shaping EU digital governance: the push to “simplify” digital regulation and the expanding use of technology for ‘security’ such as surveillance, border control, and policing. The panel was moderated by Thiago Guimarães Moraes, PhD researcher at Vrije Universiteit Brussels, and Sagnik Dutta, PhD researcher at Tilburg University, with interventions from Rossella Andronico, Legal Officer at the AI Unit of the EDPS, and Shanti Badriyah, Human-Centric AI Strategist.

Grounded in the recent political developments of the Draghi report on competitiveness and the Budapest Declaration, attention was given to the upcoming Digital Omnibuses, which increasingly frame simplification as a tool to boost efficiency, competitiveness, and technological uptake. Participants warned that this framing would risk the protection of fundamental rights and democratic accountability.

While simplification can, in principle, support clearer rules or more effective enforcement, participants stressed that it is often used as a proxy for deregulation. Proposals that improve coordination between authorities, such as a digital clearing house for enforcement bodies, were cited as constructive alternatives. However, these approaches are frequently overshadowed by deregulatory measures and a growing reliance on industry self-regulation, including voluntary AI ethics codes.

A central theme was the close link between deregulation and securitisation. Participants highlighted the increasing political and financial momentum behind surveillance technologies, predictive policing, biometric systems, and border control tools. These technologies are often justified as “efficient” security solutions, yet they disproportionately impact migrants, racialised communities, and civil society. It was questioned whether such technologies are necessary at all, citing facial recognition in law enforcement as a key example.

The discussion also situated EU developments within a global context, noting similar trends in India, Brazil, and South Africa, where simplification supports broader neoliberal agendas aimed at accelerating AI adoption and economic growth. The session concluded by calling for cross-regional solidarity, stronger democratic oversight, and collective resistance against the erosion of fundamental rights under the dual narratives of simplification and security.

From digital sovereignty to self-determination

This panel explored how the European debate on digital sovereignty has shifted from concerns over cross-border data flows to a broader focus on structural dependence on foreign-owned digital infrastructure, largely controlled by US and Chinese companies. Moderated by Amber Sinha, EDRi’s Executive Director, the event brought together Alexandra Geese, Member of the European Parliament for Greens/EFA , Elisa Lindinger, co-founder at Superrr Lab, Zuzanna Warso, Director of Research at Open Future Foundation, and Paris Marx, author and host of the podcast “Tech Won’t Save Us”. Speakers examined whether current approaches to sovereignty genuinely enhance autonomy or instead risk reinforcing the extractive, unequal dynamics of today’s data-driven economy.

Participants noted that today’s digital sovereignty discourse is largely driven by strategic and economic goals, such as securing critical infrastructure and capturing greater economic value within Europe. However, speakers warned that this framing often sidelines the conditions needed for genuine digital self-determination, including collective control over data, labour, and technological systems, turning sovereignty into a project of competitiveness rather than rights. They rejected the idea that Europe should replicate US or Chinese tech models, arguing that shareholder-driven, surveillance-based business logics would simply reproduce existing harms. Instead, participants called for reimagining the role of technology in society and grounding sovereignty efforts in fundamental rights, environmental sustainability, and social justice.

A key theme was the limits of regulation alone. While EU legislation plays an important role in constraining harmful practices, speakers stressed that sovereignty also requires actively building alternatives. This entails rethinking how digital infrastructure is funded, invested in, and procured. Speakers urged the scoping of more promising avenues for generating long-term public value, infrastructures and industrial policies to support the creation of tech that works for the public good, in respect for democratic values and privacy.

Reflecting on the very definition of “digital sovereignty”, speakers invited the audience to define what kinds of digital futures we want before determining the role technology should play within them. Speakers warned that many sovereignty debates remain trapped on the terrain set by dominant tech actors, focusing on existing technologies and reproducing their narratives, which limits political imagination. Innovation alone, was argued, would replicate the underlying business models driven by surveillance and extractivism.

Particular concern was raised about energy-intensive infrastructures such as data centres, which risk deepening environmental harms and creating new dependencies if sustainability is not placed at the core of sovereignty strategies. Speakers also emphasised the importance of including voices from the Global South from the outset, cautioning that excluding them risks exporting extractive models under the banner of European autonomy.

The panel concluded with a call to move beyond defensive or competitive framings and articulate a positive, rights-based vision of digital sovereignty, one rooted in democratic accountability, community-driven infrastructure, and Europe’s traditions of open knowledge and public-interest innovation.

Reporting from exile: Digital innovation, resilience, and safety in the context of digital authoritarianism

This session unpacked the digital threats and surveillance risks faced by journalists, citizen journalists, and online activists in exile when reporting across borders.

Ena Bavcic, EU Advocacy Officer at European Centre for Press and Media Freedom, and Advocacy Coordinator for Media Freedom Rapid Response introduced ECPMF’s work with journalists in exile. This includes raising awareness about tactics of repression and harassment against journalists and providing support to journalists planning to exile to Germany.

Olga Dovbysh, Media Scholar at the University of Helsinki, gave the example of Russian journalists and IT specialists who fled Russia after the 2022 Ukraine invasion, but want to continue reporting on Russia from abroad. Through their experiences, one can see how technological resistance is influenced by the way the opportunities and threats to the exiled journalist and tech workers are imagined. For example, it was evident that Russian internet is a porous and heterogenous entity with multiple actors rather than a “great Chinese wall”. There are many solutions to Russian online restrictions. These journalists understand Big Tech companies as capitalist actors pursuing their own interests rather than the public’s, thus supporting the authoritarian regime.

Luis Assardo, freelance Digital Security trainer, researcher and journalist, and Leonid Iuldashev, Communications and Partnerships Lead for Eastern Europe at eQualitie, pointed out the myriad threats faced by journalists in exile, including surveillance, online harassment, phishing attacks and being blocked financially. All of this threatens the crucial work they do.

How can journalists prepare to face these threats? Assardo recommended every journalist to have a personal protection plan, to build capacity and protect their devices. At a macro-level, journalist organisations should advocate for regulations that protect journalists.

Co-creating a factsheet: Mapping the impact of technology on environmental justice

This workshop, led by Blue Duangdjai Tiyavorabun, Policy Advisor at EDRi, and representatives from the environmental justice x digital rights working group, was an effort to collaboratively generate a factsheet on the impact of technology on the environment, and the implications for environmental justice.

The session started with a presentation of the working group, and an introduction to environmental justice. EU’s deregulatory wave, plans for hyper-scale AI infrastructure and environmental impact being externalised to Global Majority countries formed the contextual framing for the work during the workshop.

The session highlighted the life-cycle of technology and the associated environmental impact at every stage, from the extraction of raw materiels to manufacturing and e-waste. The increasing militarisation at an EU level, and tech’s involvement in that, was a key issue. During the session, Génération Lumière, a member of the working group, provided testimony about mining conditions in the Democratic Republic of Congo, highlighting the colonial and extractive dynamics in resource exploitation.

Attendees then split into four working groups, each reviewing facts and case studies about e-waste, data centers, extractivism and mining.

At the end of the session, it was evident to all that environmental justice is inseparable from digital justice, and there’s a need to build coalitions across movements to challenge techno-solutionism and advance socially and environmentally just regulations.

Under fire: Resisting spyware in Europe

The conversation on resisting spyware in Europe started with Aljosa Ajanovic, Policy Advisor at EDRi highlighting EDRi’s new position paper on the topic which sought to create a working definition of spyware, and to call for a full ban on this technology. The paper also explores the unrestricted vulnerabilities market fueling the spyware industry, and the hardships for victims to access redress and justice.

Andrijana Ristic, Policy Advisor at SHARE Foundation also shared about the organisation’s recently published book, A Privacy Nightmare: Understanding Spyware, which offers a technical overview of spyware, the actors involved, legal frameworks around the technology and the impact of spyware and the market spilling over to the private sector.

Joanna Tricoli, Policy and Research Officer at Centre for Democracy and Technology Europe offered analysis about commercial spyware within the EU framework, which is unfortunately grounded in secrecy that makes it difficult to know how spyware vendors and other actors operate. For example, there is no regulation of spyware sales between EU member states, only when it sold from the EU to outside the bloc.

After a brief introduction to the issue, the session moved onto a fishbowl conversation in which all attendees could participate by asking questions and initiating discussions. Some of the topics covered during the fishbowl included the importance of litigation, the connection between spyware and undermining of end-to-end-encryption, and how to work with developers and tech experts to become whistleblowers. EU public money being used to research and develop software, and European spyware companies partnering with academic institutions for funding and recruiting employees was also brought up. The discussion also covered the impact of spyware attacks on victims and the lack of redress.

Deregulate all the things (except policing)? Building a united front in the face of securitisation

This session undertook the complex but crucial mission of reconciling two emerging trends in the EU policymaking space. Moderator Caterina Rodelli, EU Policy Analyst at Access Now, set the stage for the conversation. On the one hand, simplification is the EU’s new mantra to seemingly boost competitiveness and economic performance. This simplification is a trojan horse for a massive deregulatory drive undoing years of hard-fought wins for our rights. On the other hand, the same EU institutions are over-regulating and pushing for more control in the areas of policing and migration. Together, both trends are working together to form a concerted attack on people’s fundamental rights.

Olivier Hoedeman, Research and Campaign Coordinator at Corporate Europe Observatory, explained that while this is not the first deregulation drive undertaken by the European Commission, it is unprecedented in terms of scale and ambition. There’s a lot at stake with with democratic processes being undermined through the fast-track Omnibuses, and industry enjoying a direct line with the Commission even as public industry groups are iced out.

Sarah Chander, Director at Equinox Initiative for Racial Justice, spoke about the other side of the deregulation equation – the increasing securitisation and militarisation seen in inhumane migration laws and increased financing of police and military institutions like Europol and Frontex. She proposed that EU’s competitiveness agenda is being driven by securitisation, by the notion that Europe supposedly cannot protect itself without its own tech and defence industry. Resources are being shifted away from protecting people’s rights to private industries under the guise of ‘security’ without any reflection about how this affects people’s lives, public services and democracy.

Aarti Narsee, Senior Policy and Advocacy Officer at European Civic Forum, connected deregulation and increasing securitisation to attacks on civil society. The state of civic space in Europe is characterised by delegitimisation of civil society and movements at both the EU and national levels, including smear campaigns. People’s right to protest is under threat, and directly connected to the ‘security’ narrative explained by Chander. This affects mostly progressive movements like those for solidarity with Palestine, and climate justice. There’s also growing use of the ‘foreign threat’ narrative sowing a combative us vs. them narrative, affecting everything from rights of the LGBTQ+ community to funding for civil society.

Saskia Bricmont, MEP, Greens/EFA Group, brought in her experience as a lawmaker for the past six years and shared the frustrations and concerns expressed by civil society. She spoke about deregulation being a result of political winds shifting towards conservatism and European conservatives showing increasing willingness to get in bed with the far-right. She also noted the importance of making people aware of the costs of conservative policies on their lives.

Shadowbanning as an authoritarian expression: How to reclaim women’s health discourse and resist digital violence

Conversations about women and non-binary people’s health are increasingly silenced by authoritarianism, digital surveillance, and opaque content moderation systems. Topics like menstruation, abortion, sexuality and gender-affirming care are still considered societally taboo and it transforms into content about these issues being flagged as ‘explicit’ or being erased altogether.

This workshop combined participant testimony, analyses and other interactive methods to unpack these structural exclusions. Facilitators Kali Sudhra, Sex Worker Activist and Writer at European Sex Workers’ Rights Alliance, Mar Diez, Cybersecurity Lawyer and Digital Rights Advocate, and Maria Prendeville, Women’s Health and Sex-Positive Content Writer, shared their personal and professional experiences with shadowbanning and censorship and the impact on their communities.

Together, participants engaged in hands-on exercises to analyse real-world examples of shadow-banned posts and reflected on the risks of these topics being suppressed online.

 

Organising techies: Out of the comfort zone and into digital rights

This workshop, facilitated by natacha from petites singularités and Alexandra Ștefănescu from Asociația pentru Tehnologie și Internet (ApTI), focused on reconnecting tech professionals with digital rights advocacy by challenging the persistent myth that technology is neutral or apolitical. This narrative has grown alongside the concentration of power in large tech companies, contributing to the depoliticisation and disengagement of tech workers from the social and political consequences of their work.

Participants discussed how the idea of “neutral” technology isolates tech workers into narrow roles, such as maintainers, developers, or deployers, while obscuring the impact of their work in shaping the reciprocal relationship between technology, power, and society. Similarly, this framing also shifts responsibility away from individuals and institutions: users are constructed in ways that diffuse accountability, allowing harmful impacts to be treated as someone else’s problem. As a result, tech workers often disengage from their responsibility in shaping how technology is produced and deployed.

The workshop proposed four interconnected strategies to bring tech professionals back into advocacy and collective organising.

First, participants called for rethinking technical education. Rather than treating ethics, advocacy, or social sciences as optional add-ons, curricula should be understood as living, evolving spaces that integrate political, economic, and social perspectives throughout technical training.

Second, grass-roots event organising was highlighted as a way to rebuild inclusive spaces for exchange and mobilisation, especially as mainstream tech environments become increasingly hostile to systemic change and digital rights advocacy.

Third, the discussion addressed funding precarity. With shrinking institutional funding for civil society organisations and over-reliance on Big Tech, participants emphasised the need for grass-roots and solidarity-based funding models to support advocacy and reduce dependency on corporate interests.

Finally, labour organising emerged as a key lever for change. While acknowledging that many existing unions fail to adequately represent tech workers, participants highlighted the potential of unions, tech worker coalitions, and collective actions as spaces to practice solidarity, advocacy, and coordination with digital rights movements. Legal expertise was identified as crucial to support these efforts.

The session concluded with breakout discussions, inviting participants to build on these proposals and explore concrete steps to turn technical expertise into collective power in the struggle for digital justice.

Get started in the Fediverse: How the Open Social Web can set you free from Big Tech social media

This session, led by Jan Penfrat, Policy Advisor at EDRi, and Konstantin Macher from Digitale Gesellschaft, provided insights about finding a new social media home away from Big Tech. At a time when commercial social media platforms are in steep decline, Open Social Web has emerged as a viable alternative were people can reclaim control of their online spaces free from profit-driven algorithms and manipulation of Big Tech corporations.

During the session, participants learned about the Fediverse and its various services, what makes decentralised social media unique, and could even get guidance on opening a Fediverse account of their choice.