Privacy and data protection
Privacy and data protection are essential for us to live, connect, work, create, organise and more. Governments and companies have long used mass surveillance for control trying to legitimise snooping for health, security or other reasons. The near-total digitisation of our lives has made it easier to control, profile and profit from our attention, data, bodies and behaviours in ways that are very difficult for us to understand and challenge. European data protection standards such as the GDPR are a good step forward but we need more to effectively ensure enforcement and protection against unlawful surveillance practices.
Filter resources
-
European Parliament draws red line against biometric surveillance society
On Wednesday 14 June 2023, the European Parliament voted to ban most public mass surveillance uses of biometric systems. This is the biggest achievement to date for the eighty organisations and quarter of a million people who have supported the Reclaim Your Face campaign's demand to end biometric mass surveillance (BMS) in Europe.
Read more
-
Online Safety Bill insecure: international organisations, academics and cyber experts urge UK government to protect encrypted messaging
EDRi, Open Rights Group and over 80 civil society organisations, academics and cyber experts from 23 countries have written to the UK government to raise the alarm about proposed powers in the Online Safety Bill.
Read more
-
Open letter: The Council of European Union must protect journalists against spyware and surveillance in the European Media Freedom Act
Civil society and journalist associations are calling on the Council of the European Union to reconsider its current position on the European Media Freedom Act, as stated in a recent compromise text. Instead, the Council must take steps to meaningfully protect journalists and their fundamental rights.
Read more
-
Open Letter: Make vulnerability disclosure in the Cyber Resilience Act more secure, not less
The CRA would require organisations to disclose software vulnerabilities to government agencies within 24 hours of exploitation. However, such recently exploited vulnerabilities are unlikely to be mitigated within such a short time, leading to real-time databases of software with unmitigated vulnerabilities in the possession of potentially dozens of government agencies. Read the open letter.
Read more
-
EU Parliament calls for ban of public facial recognition, but leaves human rights gaps in final position on AI Act
The final EU Parliament position upholds all of the fundamental rights demands which were added at committee level. Despite efforts to overturn it, the final position also maintains the committees' strong stance against biometric mass surveillance practices. But it is disappointing that the plenary missed the opportunity to increase protections when it comes to empowering people affected by the use of AI and the rights of migrants, refugees and asylum seekers.
Read more
-
EDRi-gram,14 June 2023
It’s getting hot in here – and we don’t just mean the weather. By the time this EDRi-gram reaches your inbox, the EU Parliament will have voted on the AI Act and the "e-Evidence" package. This is a crucial moment for the AI Act as we push hard and keep our fingers crossed for all the wins of the committee vote to remain after the plenary. We also have serious concerns about the e-Evidence proposal posing a threat to our fundamental rights. Along with other civil society groups, doctors and journalists organisations and internet service providers, we are calling on Members of European Parliament to reject this package. In this edition you can also read about what changed in the ten years since Snowden’s revelations about mass surveillance by the US government.
Read more
-
Snowden revelations: ten years on
Ten years ago, the first revelations about US mass surveillance were published in the UK and USA. The revelations swiftly widened to encompass details about the role of the UK’s GCHQ (Government Communications Headquarters) in the global gathering of vast amounts of communications data.
Read more
-
Europol data deals with violent police forces need “strong data protection safeguards”
Proposed data-sharing deals between Europol and five states in Central and South America needs explicit safeguards if they are to uphold fundamental rights, the European Data Protection Supervisor said at the beginning of May. Police forces in those states have brutal records of violence and torture.
Read more
-
Bits of Freedom monthly update on human rights & tech: April 2023
Read through the most interesting developments at the intersection of human rights and technology from the Netherlands. This is the fourth update in this series.
Read more
-
The Belgian government is failing to consider human rights in CSA Regulation
Despite the clear warnings, Belgium has taken a position calling on the EU to adopt the CSA regulation as quickly as possible, dismissing the technical problems, and without addressing the serious legal concerns that have been raised.
Read more
-
Open letter: e-Evidence package lacks appropriate safeguards, EU Parliament must reject it
Civil society, doctors, lawyers and journalists associations and internet service providers are calling on MEPs to reject the so-called “e-Evidence” package during the plenary vote on June 13 because the proposed system of cross-border access to data in criminal matters would severely undermine fundamental rights.
Read more
-
EDRi-gram, 31 May 2023
Here is what happened since we last touched base. The EDRi network met in Belgrade for our General Assembly. We strategised, got updates from national members about the state of #DigitalRights, and enjoyed personal connection time. A BIG welcome to EDRi's newly elected Board members: Andrej Petrovski, Director of Tech at EDRi member SHARE Foundation, and Isabela Fernandes, Executive Director of TOR Project. In the last fortnight, we also celebrated 5 years of the General Data Protection Regulation. The anniversary was marked by the €1.2 billion fine for Meta issued thanks to EDRi member noyb's work. The decision required 10 years and 3 court procedures against the Irish Data Protection Commission, which shows the need for better GDPR enforcement.
Read more