Surveillance and data retention
Surveillance is when an individual or organisation is watching, tracking, filtering, analysing or blocking what you can see and do online or offline. It can be targeted on a specific individual (such as someone suspected of a crime) or it can be done indiscriminately (such as on all users from a particular country), also known as mass surveillance. Surveillance - and the retention of surveillance data - can impose restrictions on our fundamental rights in the digital environment by interfering with our freedom online, or by using digital technology to follow our offline movements, in order to gain an intimate picture of our lives, our beliefs and our interactions.
Filter resources
-
Hadopi law (2009–2026)
The French Administrative Supreme Court ruled in favour of La Quadrature du Net, French Data Network (FDN), Franciliens.net and Fédération FDN by recognising that the Hadopi law’s surveillance system that aims to combat illegal files sharing breaches fundamental rights protected by the European Union. The government has been ordered to repeal the key provisions of this decree. It is now up to the government to acknowledge the end of this law and finally accept that the non-commercial sharing of culture online must not be criminalised.
Read more
-
Proposed Europol reform dangerously erodes privacy, automates surveillance, and sidelines oversight
Third reform in six years allocates €3 billion to controversial EU policing agency with the capacities to place everyone under surveillance.
Read more
-
Joint Statement: Pegasus in the European Parliament, the EU Must Act Now
A joint statement with civil society organisations and individual signatories is calling on the EU institutions to regulate spyware technologies after the 2026 Citizen Lab revelations.
Read more
-
Statement: End complicity with ISS World Europe
ISS World Europe is an annual surveillance industry trade fair where the most invasive technologies for mass surveillance, data harvesting and tracking of individuals are traded and promoted. Such a marketplace for digital repression tools, connected to companies directly involved in war crimes, human rights violations, and the genocide in Gaza, should have no place in the EU. Civil society is calling on the EU to immediately cut ties with ISS World Europe.
Read more
-
Inside Italy’s low-cost spyware economy
Commercial spyware in Europe has recently made headlines with the now notorious names of Pegasus and Graphite, the expensive, exploitation-driven products at the top end of the market. Much less known is the wide underworld ecosystem of low-cost spyware vendors, often targeting citizens via their smartphones. EDRi member Osservatorio Nessuno has investigated and analysed two separate products, Spyrtacus and Morpheus.
Read more
-
Did the EU Parliament really vote not to protect children online?
In April 2026, negotiations on the ‘interim ePrivacy derogation’ fell apart, with several stakeholders claiming that the European Parliament stopped the EU from protecting children. In reality, however, the Parliament’s position aimed to ensure the protection of all fundamental rights without leading to mass surveillance – whereas EU Member States and the Commission proved unwilling to move even an inch on safeguards.
Read more
-
Greece’s AI Smart Policing system ruled unlawful after €4 million public spending\
A 4 million EUR “Smart Policing” programme enabling the use of AI technologies, including facial recognition software, which was deployed by the Hellenic Police has been ruled unlawful by Greece’s data protection authority. The decision confirmed long-standing concerns raised by EDRi member Homo Digitalis about facial recognition and data protection violations.
Read more
-
Predatorgate: Breaking the chain of impunity of the spyware underworld
Greek courts have issued a landmark criminal first-instance conviction in the Predatorgate scandal, finding four individuals linked to the spyware vendor Intellexa guilty of unlawful surveillance, with cumulative sentences of 126 years and 8 months. Courts must now establish responsibility for who ordered this espionage. The case also resonates across the EU, challenging the widespread impunity of vendors and intensifying the calls for a ban on spyware.
Read more
-
The eID Wallet still doesn’t deserve your full trust
Despite its imminent deployment, the EU’s new eID Wallet is not yet fit for purpose in terms of safeguarding the rights of its users. EDRi and nine CSOs urge the European Commission to amend the draft implementing acts to ensure that users cannot be tracked, forced to share sensitive data nor to provide their legal identity where this is not required by law.
Read more
-
Outsourcing crime control: How EU anti-money laundering rules threaten financial privacy
Privacy First is drawing attention to the risks to financial privacy and fundament rights arising from the European Union’s anti-money laundering and counter-terrorist financing (AML/CFT) framework. Over the past decade, the EU has increasingly shifted the responsibility of detecting financial crime from public authorities to banks, bookkeepers and other companies (called“obliged entities”). With a completely revised AML Package set to enter into force in mid-2027, this system will expand further, turning ordinary citizens and civil society organisations into subjects of systems of financial surveillance.
Read more
-
Chat Control is in the final stretch – but it could be a marathon, not a sprint
With final negotiations on the controversial CSA Regulation underway, you’d be forgiven for thinking that our digital rights are out of the woods. However, even though the recently-agreed position of EU Member States is a cautiously optimistic step, we are still far from a final deal. Perhaps the most worrying issue that remains is the threat of age verification becoming mandatory across all digital methods of private communication – a hugely disproportionate limitation on our privacy and free speech.
Read more
-
Open Letter: Civil society concerned about extensive and indiscriminate data retention regime in Switzerland
19 civil society organisations have penned a letter to the Swiss Federal Department of Justice and Police (FDJP) to express serious concerns about their plans to extend the Swiss Data Retention regime. They call on the Federal Councilor to align Swiss legislation with the highest standards of protection for people’s privacy.
Read more
