Undermining the GDPR through ‘simplification’: EDRi pushes back against dangerous deregulation
EDRi has responded to the European Commission’s consultation on the GDPR ‘simplification’ proposal. The plan to remove documentation safeguards under Article 30(5) risks weakening security, legal certainty and rights enforcement, and opens the door to broader deregulation of the EU’s digital rulebook.
Filter resources
-
Undermining the GDPR through ‘simplification’: EDRi pushes back against dangerous deregulation
EDRi has responded to the European Commission’s consultation on the GDPR ‘simplification’ proposal. The plan to remove documentation safeguards under Article 30(5) risks weakening security, legal certainty and rights enforcement, and opens the door to broader deregulation of the EU’s digital rulebook.
Read more
-
Joint civil society response to the Commission’s call for evidence: Impact assessment on data retention by service providers for criminal proceedings
Last week, the EDRi network expressed shared concerns about the introduction of new rules at EU level on the retention of data by service providers for law enforcement purposes.
Read more
-
Data flows and digital repression: Civil society urges EU to reassess Israel’s adequacy status
On 24 June 2025, EDRi, Access Now and other civil society organisations sent a second letter to the European Commission, urging it to reassess Israel’s data protection adequacy status under the GDPR. The letter outlines six categories of concerns linking Israel’s data practices to escalating human rights violations in Gaza and the West Bank.
Read more
-
Open Letter: Reopening the GDPR is a threat to rights, accountability, and the future of EU digital policy
121 civil society organisations, academics, companies and other experts, including EDRi, are concerned about the proposals to reopen the General Data Protection Regulation (GDPR). They are calling on the European Commission to protect people’s rights and dignity in a data-driven world by reaffirming the GDPR as the cornerstone of EU’s digital law and supporting its rigorous enforcement.
Read more
-
Ljubljana’s municipal surveillance: Where trust trumps data
During a Ljubljana municipal council debate on CCTV transparency, several concerning points were raised regarding the Slovenian capital's network of over 500 surveillance cameras and the methods employed to assess their effectiveness in preventing crime. The discussion revealed that the entire system relies heavily on trust in the authorities, without any substantial data to support the cameras' effectiveness or a clear rationale for their widespread deployment.
Read more
-
CJEU saved the HADOPI: what implications for the future of data retention in the EU?
The Court of Justice of the European Union judgement on the HADOPI case (C-470/21) is significant for the ongoing debate on mandatory retention of metadata, such as traffic and location data. EDRi provides key takeaways and what they mean for the upcoming data retention legislation by the European Commission.
Read more
-
When data never dies: How better GDPR enforcement could minimise hate and harm
Lax enforcement of the GDPR has had far-reaching consequences for many people and collectives in the EU, especially those most vulnerable. Through a story based on real life experiences of people, this blog highlights the gap between the GDPR’s promise of protection and its current reality of weak enforcement, and the opportunity EU lawmakers have with the ongoing GDPR Procedural Regulations to take bold steps to protect our data rights.
Read more
-
The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Read more
-
The ePrivacy Regulation proposal has been withdrawn, but the fight for your privacy is far from over
The European Commission's withdrawal of the ePrivacy Regulation proposal is a major setback for privacy rights in Europe, driven by pressure from industry interests and national security concerns. However, EDRi remains committed to advocating for stronger privacy protections, challenging commercial and state surveillance in future legislative efforts.
Read more
-
12 civil society organisations tell delivery platforms it’s time to deliver answers on how they use algorithms to manage their workers
EDRi member Privacy International and more digital rights groups, together with trade unions, call out food delivery platforms for their algorithmic management of workers. In an open letter co-signed by 12 organisations, they make three clear recommendations for the platforms to improve.
Read more
-
GDPR Procedural Regulation: A critical opportunity to strengthen cross-border enforcement
As EU negotiators continue trilogue discussions on the GDPR Procedural Regulation, civil society organisations across Europe are raising the alarm: the proposed reforms risk failing to address the long-standing enforcement challenges that have undermined the GDPR’s effectiveness. In a joint letter, EDRi, Access Now and 34 fellow organisations call on policymakers to prioritise robust, rights-centred enforcement mechanisms that ensure individuals can meaningfully exercise their rights.
Read more
-
Civil Society Demands: European Commission Must Close e-ID Loopholes!
In a coalition of 15 civil society organisations, EDRi member epicenter.works published an open letter demanding that the European Commission close loopholes in the European Digital Identity Wallet. They highlight risks for privacy and transparency in recent eIDAS implementing acts.
Read more