GDPR
Filter by...
-
UK data adequacy under scrutiny: civil society warns EU not to reward deregulation disguised as ‘simplification’
Civil society organisations, including EDRi and EDRi members Open Rights Group and Privacy International, are urging the European Commission not to re-adopt the UK’s data adequacy decisions without meaningful reform. The UK’s rollback of protections under the guise of ‘simplification’ puts the level of protection required by the General Data Protection Regulation (GDPR) and Court of Justice of the European Union (CJEU) case law at risk and exposes the Commission’s decisions to legal challenge.
Read more
-
Open Letter: Reopening the GDPR is a threat to rights, accountability, and the future of EU digital policy
121 civil society organisations, academics, companies and other experts, including EDRi, are concerned about the proposals to reopen the General Data Protection Regulation (GDPR). They are calling on the European Commission to protect people’s rights and dignity in a data-driven world by reaffirming the GDPR as the cornerstone of EU’s digital law and supporting its rigorous enforcement.
Read more
-
When data never dies: How better GDPR enforcement could minimise hate and harm
Lax enforcement of the GDPR has had far-reaching consequences for many people and collectives in the EU, especially those most vulnerable. Through a story based on real life experiences of people, this blog highlights the gap between the GDPR’s promise of protection and its current reality of weak enforcement, and the opportunity EU lawmakers have with the ongoing GDPR Procedural Regulations to take bold steps to protect our data rights.
Read more
-
The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Read more
-
GDPR Procedural Regulation: A critical opportunity to strengthen cross-border enforcement
As EU negotiators continue trilogue discussions on the GDPR Procedural Regulation, civil society organisations across Europe are raising the alarm: the proposed reforms risk failing to address the long-standing enforcement challenges that have undermined the GDPR’s effectiveness. In a joint letter, EDRi, Access Now and 34 fellow organisations call on policymakers to prioritise robust, rights-centred enforcement mechanisms that ensure individuals can meaningfully exercise their rights.
Read more
-
Italian DPA’s €5M fine against Glovo marks milestone for workers’ rights
The Italian data protection authority (DPA) recently fined Foodinhio, a subsidiary of Glovo, €5 million for serious breaches of the General Data Protection Regulation (GDPR) and labour law. This decision sets a milestone for the use of the GDPR to protect workers' rights across Europe.
Read more
-
Promises unkept: The EU-US Data Privacy Framework under fire
A decade after Snowden’s revelations — and despite the public outrage they sparked — surveillance and mass data collection continue under the EU-U.S. Data Privacy Framework (DPF), despite persistent privacy concerns. This shift reflects a reorientation of EU priorities toward economic and geopolitical interests, risking compromises on privacy and data protection.
Read more
-
Council’s General Approach on GDPR Procedural
EDRi acknowledges the Council’s positive steps in their General Approach on the Proposal for additional procedural rules concerning the GDPR. Nevertheless, we emphasise the pressing need for enhanced legal certainty and the prevention of actions that could compromise the effectiveness of GDPR enforcement and erode trust, particularly concerning the protection of fundamental rights.
Read more
-
Position paper: GDPR enforcement done right
There is an urgent need to enhance legal certainty and prevent actions that undermine the effectiveness of and trust in GDPR enforcement. EDRi and Access Now have co-drafted a position paper on the EU Proposal for additional procedural rules concerning the General Data Protection Regulation (GDPR).
Read more
-
Open letter: Modernised ePrivacy legislation must protect fundamental rights
Today, 24 April, EDRi and 13 organisations call for robust legislation to complement and particularise the General Data Protection Regulation (GDPR), and call upon the next European Commission to include comprehensive plans for reforming the European Union’s ePrivacy legislation.
Read more
-
Greek Ministry of Asylum and Migration face a record-breaking €175,000 fine for the border management systems KENTAUROS & HYPERION
On 3 April, the Greek Data Protection Authority (DPA) slapped the Ministry of Asylum and Migration with a record-breaking €175,000 fine under the General Data Protection Regulation for the border management systems KENTAUROS and HYPERION. The DPA’s investigation started back in 2022, following a strategic complaint filed by the EDRi member Homo Digitalis and its partners in Greece.
Read more
-
Europe’s highest court delivers landmark judgment against IAB Europe in GDPR consent spam pop-ups case
The Court of Justice of the European Union's landmark decision on March 7, 2023, against the auctioning of personal data for advertising purposes under the General Data Protection Regulation (GDPR) challenges the legality of invasive tracking and profiling in the context of online advertising. It marks a significant victory for privacy advocates and sets a precedent for the protection of personal data in the digital era.
Read more