DFF supports strategic litigation to advance digital rights in Europe, by providing financial support for strategic court cases and catalysing collaboration between those working to advance digital rights.
Strategic litigation – litigation with broad impact and which can bring about legislative or policy change – has proven to be a crucial lever to protect human rights in the digital realm.
The case studies provided here illustrate some of the important digital rights work of our grantees, which DFF is proud to support. Due to the context or sensitivity of some projects, not all the work DFF is supporting is shown here. We will continue to add case studies over time as new grants are approved and projects progress.
We have also produced more in-depth analyses of the impact, background, development and the application process on 11 of the case studies below, accessible here.
The case studies can be filtered by thematic focus area or type of grant support.
In Spain, Xnet carried out research related to two examples where data protection law is being misused by the government to limit people’s rights to freedom of information and expression.
A Luxembourg resident discovered that their data was collected and offered for sale by Apollo and RocketReach, two US-based companies which collect and commercialise personal data on different online platforms.
Association Taxi Project 2.0 carried out pre-litigation research to support the preparation of a complaint(s) against ride-sharing companies in Spain. Taxi Project has been analysing the behaviour of dynamic pricing
On 18 June 2021, Quad9, a non-profit Domain Name Server (DNS) resolver, received an interim injunction from the District Court of Hamburg, pursuant to an application made by Sony Music.
StraLi for Strategic Litigation (StraLi) is preparing a strategic path to challenge the use of facial recognition technology by law enforcement and judicial authorities in Italy. They will also identify
In Germany, undocumented migrants are at risk of privacy violations and deportation if they try to access healthcare services. This is because the social welfare office is obliged to share
The Center for Civil and Human Rights are taking litigation to challenge the disparate impact felt by some groups in Slovakia, in particular the Romani minority, due to unequal access
Internet users are being profiled and targeted by various online and digital business practices in a way that influences how they think. Examples include the use of targeted advertising or
In Germany, since 2017, citizens’ personal information and photographs from their ID cards have been stored in registers that are accessible to various state bodies. Under German law, authorities such
People residing in Germany without German citizenship have their personal data automatically stored in a centralised database that can be accessed and shared by more than 14,000 government agencies. The
The Child Poverty Action Group (CPAG) is taking litigation in the UK related to the universal credit system administered by the UK Department for Work and Pensions. Universal credit is
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several
The Greek law on retention of electronic communications metadata (Law 3917/2011) was not revised following a ruling from the Court of Justice of the European Union (CJEU) invalidating the EU
“Gig workers” are oppressed, misclassified as self-employed and denied the right to a minimum wage, as well as freedom from discrimination and unfair dismissal. Their oppression is exacerbated by digitisation,
The German government is using copyright law to suppress documents published online, which have been legally obtained through freedom of information requests and contain information important for the public interest.
GLAN are working in partnership with Bindmans LLP to devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’
Border Violence Monitoring Network (BVMN) and I Have Rights, a refugee law clinic based in Samos, Greece, are preparing for litigation challenging the technology and surveillance infrastructure of the Samos
IuRe is planning litigation to challenge the processing and use of sensitive personal medical data by the Czech Institute of Health Information and Statistics through the National Health Information System.
GFF believe that information about algorithm-driven technology used by state bodies in Germany should be accessible to anyone who wants to scrutinise it. When the public can check that technology
To help deal with the COVID-19 pandemic, governments are developing and rolling out apps related to contact-tracing, symptom-tracking, exposure notification, and quarantine-enforcement. Many governments are not taking data protection and
In 2019, the Bulgaria National Revenue Agency servers were hacked, compromising personal data of approximately six million people. KDBM believes the hack was partly due to deficient security practices and
Constitutional complaint against the amendment of the telecommunication surveillance regulation (“G10” ), which for the first time grants all 19 German intelligence services the right to use malware to surveil
Due to the COVID-19 pandemic many educational institutions in the UK have moved exams online and are turning to remote proctoring as a monitoring solution. This potentially results in a
In mid-2019, the media revealed that the UK Home Office had been using an algorithm/automated computer system for five years to process visa applications. Foxglove and JCWI argued that the
The German Asylum Act grants the Federal Ministry for Migration and Refugees the power to access the mobile devices of migrants and asylum seekers, without a warrant, in order to
As exams were shifted online during the COVID-19 pandemic, some German universities began to use proctoring software to monitor students taking their exams. This software may violate fundamental rights by
In Germany, public health insurance providers will soon begin transferring anonymised health data of millions of people to institutions for research. However, the security standards for the storage and transfer
K-Monitor is preparing for litigation challenging the lack of recourse for getting information about online political advertising on social media platforms. K-Monitor believe that online political advertising has a decisive
Privacy First are challenging the Dutch Automatic Number Plate Recognition (ANPR) Act, which was adopted in November 2017 and entered into force in January 2019. The Act enables the Dutch
In March 2020, France introduced an emergency law imposing a strict lockdown on the whole country. People who did not comply were subject to fines and even jail time. Authorities
defenddigitalme is taking legal action against the UK Department of Education to ensure that the data of students is collected and processed lawfully, fairly, and transparently.
Litigation challenging website censorship and demanding that access to sexual and reproductive health services be recognised as a key part of the right to information in Spain.
Litigation against universities in Germany to stop the processing of personal data through automated online proctoring software.
Litigation to improve security standards and shorten retention periods for sharing of health data by insurance providers with research institutions.
Research to prepare for litigation challenging examples where data protection law is misused by the Spanish government to limit freedom of information and expression
Research preparing for litigation challenging an inadequate data protection regime for people residing in Germany without German citizenship.
Litigation to restrict access to photographs and personal information from biometric ID cards.
Legal action demanding access to information about algorithm-driven technology used by state bodies in Germany
Research to prepare for litigation to challenge the practice in Germany of accessing sensitive personal data on the mobile devices of migrants and asylum seekers upon arrival in the country.
Coordinated complaints to data protection authorities across the EU pushing for changes to the online advertising industry so that users have control over how their data is used.
Litigation preventing the expansion of a criminal record database to include COVID-19 lockdown infringements.
Cross-jurisdictional litigation action to stop the use of COVID-19 apps that do not respect people’s rights to privacy and data protection.
Research to prepare a strategic case challenging restrictions to copyright exceptions that limit freedom of expression and access to information.
Litigation to prevent the use of remote proctoring software until data rights and equality issues are resolved.
Research to prepare a strategic case challenging digital practices that interfere with the rights to freedom of thought and opinion.
A coalition in the Netherlands successfully challenged the use of the “SyRI” risk-scoring algorithm by the Dutch government.