The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Filter resources
-
The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Read more
-
12 civil society organisations tell delivery platforms it’s time to deliver answers on how they use algorithms to manage their workers
EDRi member Privacy International and more digital rights groups, together with trade unions, call out food delivery platforms for their algorithmic management of workers. In an open letter co-signed by 12 organisations, they make three clear recommendations for the platforms to improve.
Read more
-
GDPR Procedural Regulation: A critical opportunity to strengthen cross-border enforcement
As EU negotiators continue trilogue discussions on the GDPR Procedural Regulation, civil society organisations across Europe are raising the alarm: the proposed reforms risk failing to address the long-standing enforcement challenges that have undermined the GDPR’s effectiveness. In a joint letter, EDRi, Access Now and 34 fellow organisations call on policymakers to prioritise robust, rights-centred enforcement mechanisms that ensure individuals can meaningfully exercise their rights.
Read more
-
New European Commission confirmed: our takeaways on what to expect
On 1 December 2024, the new political leaders of one of the EU’s most powerful institutions – the European Commission – officially took office. As part of their nomination process, they shared their digital visions for the next five years. Spoiler alert: the fight for digital rights will be as important as ever, with data protection, encryption and privacy all on the chopping block.
Read more
-
Italian DPA’s €5M fine against Glovo marks milestone for workers’ rights
The Italian data protection authority (DPA) recently fined Foodinhio, a subsidiary of Glovo, €5 million for serious breaches of the General Data Protection Regulation (GDPR) and labour law. This decision sets a milestone for the use of the GDPR to protect workers' rights across Europe.
Read more
-
Promises unkept: The EU-US Data Privacy Framework under fire
A decade after Snowden’s revelations — and despite the public outrage they sparked — surveillance and mass data collection continue under the EU-U.S. Data Privacy Framework (DPF), despite persistent privacy concerns. This shift reflects a reorientation of EU priorities toward economic and geopolitical interests, risking compromises on privacy and data protection.
Read more
-
Unpacking digital fairness: What Europe must do now to end the tech industry’s most nefarious tactics
The EU plans to propose a Digital Fairness Act to better protect consumers from deceptive design practices, social media addiction, and pervasive online tracking. We unpack what this means and what the European Commission should do to end Big Tech’s most nefarious tactics.
Read more
-
Deported for reporting a crime: the paradox of securitisation policies
The review of the Return Directive, which governs detention and deportation procedures in the EU, should not lead to the criminalisation of undocumented people. Rather, it should uphold their fundamental right to personal data protection by establishing firewalls that allow them to report crimes without fears of being deported.
Read more
-
Council’s General Approach on GDPR Procedural
EDRi acknowledges the Council’s positive steps in their General Approach on the Proposal for additional procedural rules concerning the GDPR. Nevertheless, we emphasise the pressing need for enhanced legal certainty and the prevention of actions that could compromise the effectiveness of GDPR enforcement and erode trust, particularly concerning the protection of fundamental rights.
Read more
-
How to fight Biometric Mass Surveillance after the AI Act: A legal and practical guide
The EU's Artificial Intelligence Act has been adopted, laying out an in-principle ban on live mass facial recognition and other public biometric surveillance by police. Yet the wide exceptions to this ban may pave the way to legitimise the use of these systems. This living guide, for civil society organisations, communities and activists, charts a human rights-based approach for how to keep resisting biometric mass surveillance practices now and in the future
Read more
-
Position paper: GDPR enforcement done right
There is an urgent need to enhance legal certainty and prevent actions that undermine the effectiveness of and trust in GDPR enforcement. EDRi and Access Now have co-drafted a position paper on the EU Proposal for additional procedural rules concerning the General Data Protection Regulation (GDPR).
Read more
-
Privacy is not for sale: Meta must stop charging for people’s right to privacy
Ahead of a crucial opinion by the European Data Protection Board (EDPB) – a grouping of the EU’s chief privacy regulators - on Meta’s plan to charge for privacy, the European Commission has opened an investigation that we hope will cast light on the unlawfulness of Meta’s so-called ‘Pay or Okay’ model, which has become the ‘talk of the town’ in Brussels.
Read more