Why the EU’s GDPR ‘simplification’ reforms could unravel hard-won protections
Since it came into force almost seven years ago, the European Union (EU)'s General Data Protection Regulation (GDPR) has set the global standard for data protection. It empowers people to control their personal data while holding businesses accountable for how they collect, process, and store that data. One would imagine that all of the above would cement the GDPR, but this crucial law is being threatened by a push for profit at any cost.
Filter resources
-
Why the EU’s GDPR ‘simplification’ reforms could unravel hard-won protections
Since it came into force almost seven years ago, the European Union (EU)'s General Data Protection Regulation (GDPR) has set the global standard for data protection. It empowers people to control their personal data while holding businesses accountable for how they collect, process, and store that data. One would imagine that all of the above would cement the GDPR, but this crucial law is being threatened by a push for profit at any cost.
Read more
-
UK data adequacy under scrutiny: civil society warns EU not to reward deregulation disguised as ‘simplification’
Civil society organisations, including EDRi and EDRi members Open Rights Group and Privacy International, are urging the European Commission not to re-adopt the UK’s data adequacy decisions without meaningful reform. The UK’s rollback of protections under the guise of ‘simplification’ puts the level of protection required by the General Data Protection Regulation (GDPR) and Court of Justice of the European Union (CJEU) case law at risk and exposes the Commission’s decisions to legal challenge.
Read more
-
Open Letter: Reopening the GDPR is a threat to rights, accountability, and the future of EU digital policy
121 civil society organisations, academics, companies and other experts, including EDRi, are concerned about the proposals to reopen the General Data Protection Regulation (GDPR). They are calling on the European Commission to protect people’s rights and dignity in a data-driven world by reaffirming the GDPR as the cornerstone of EU’s digital law and supporting its rigorous enforcement.
Read more
-
Digital trade: the new frontline in the fight for our rights
The EU is signing digital trade deals that could undermine fundamental rights and block oversight of software systems shaping our lives. From data protection to algorithmic accountability, these agreements risk empowering opaque systems - used by both companies and governments - at the expense of the people most affected by them.
Read more
-
Commission slams Apple and Meta for breaching the Digital Markets Act, doesn’t stick the landing with fines
The European Commission has shown some teeth with the EU’s digital rulebook by slamming tech giants Apple and Meta with fines, and an order to stop the infringing behaviour. While we commend the strong stance, we're concerned about whether the low fines will actually lead to change of behaviour from the tech giants.
Read more
-
Panoptykon Foundation challenges the data retention regime in Poland: Telecom companies requested to delete activists’ data
EDRi member Panoptykon Foundation supports activists and attorney-at-law Artur Kula to demand that the four biggest telecom companies in Poland delete data stored for the purpose of law enforcement in the 12 months prior. They want to challenge the current unlawful data retention regime in Poland.
Read more
-
When data never dies: How better GDPR enforcement could minimise hate and harm
Lax enforcement of the GDPR has had far-reaching consequences for many people and collectives in the EU, especially those most vulnerable. Through a story based on real life experiences of people, this blog highlights the gap between the GDPR’s promise of protection and its current reality of weak enforcement, and the opportunity EU lawmakers have with the ongoing GDPR Procedural Regulations to take bold steps to protect our data rights.
Read more
-
The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Read more
-
12 civil society organisations tell delivery platforms it’s time to deliver answers on how they use algorithms to manage their workers
EDRi member Privacy International and more digital rights groups, together with trade unions, call out food delivery platforms for their algorithmic management of workers. In an open letter co-signed by 12 organisations, they make three clear recommendations for the platforms to improve.
Read more
-
GDPR Procedural Regulation: A critical opportunity to strengthen cross-border enforcement
As EU negotiators continue trilogue discussions on the GDPR Procedural Regulation, civil society organisations across Europe are raising the alarm: the proposed reforms risk failing to address the long-standing enforcement challenges that have undermined the GDPR’s effectiveness. In a joint letter, EDRi, Access Now and 34 fellow organisations call on policymakers to prioritise robust, rights-centred enforcement mechanisms that ensure individuals can meaningfully exercise their rights.
Read more
-
New European Commission confirmed: our takeaways on what to expect
On 1 December 2024, the new political leaders of one of the EU’s most powerful institutions – the European Commission – officially took office. As part of their nomination process, they shared their digital visions for the next five years. Spoiler alert: the fight for digital rights will be as important as ever, with data protection, encryption and privacy all on the chopping block.
Read more
-
Italian DPA’s €5M fine against Glovo marks milestone for workers’ rights
The Italian data protection authority (DPA) recently fined Foodinhio, a subsidiary of Glovo, €5 million for serious breaches of the General Data Protection Regulation (GDPR) and labour law. This decision sets a milestone for the use of the GDPR to protect workers' rights across Europe.
Read more