Case Studies

Case studies

The case studies provided here illustrate some of the important digital rights work of our grantees, which we are proud to support. Due to the context or sensitivity of some projects, not all the work we support is shown here. We will continue to add case studies over time as new grants are approved and projects progress.

We have also produced more in-depth analyses of the impact, background, development and the application process on 11 of the case studies below, accessible here.

Inactive Data Protection Authorities

noyb is taking litigation against the Luxembourg data protection authority (CNPD), challenging the inactivity of the CNPD in response to a complaint filed against Amazon back in 2019. noyb argues


Predictive policing of minors

The “Top 400” programme in Amsterdam profiles minors and young adults to predict the 400 most likely to commit serious crimes. This programme is problematic because it disproportionately targets marginalised

Facebook icon with 3 notifications on a smartphone or tablet. Photo by Brett Jordan on Unsplash

Facebook’s private censorship

Facebook and other online platforms have been criticised for their role in arbitrarily censoring legal content that is shared through their services. Without explanation Facebook removed pages belonging to Spoleczna

Two hands using a smartphone. Image by Gilles Lambert on Unsplash

UK’s Snoopers’ Charter

The UK Investigatory Powers Act (IPA) grants the government power to collect and store information about everything people do and say online. This includes emails, texts, calls, location data and


Illegal data sharing by Grindr

In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about


Non-Consensual Tracking on Pornhub

Based on research carried out by Tracking Exposed (now rebranded into AI Forensics) since 2019, privacy activists have lodged complaints before the data protection authorities of Italy and Cyprus alleging

Children sitting in a classroom

UK’s national pupil database

The UK Department of Education collects highly sensitive personal data about students for the National Pupil Database, which is routinely shared with other departments and third parties for academic and


EU Data Adequacy and Digital Trade

In January 2019, the EU’s European Commission granted adequacy to Japan for its data protection laws, allowing personal data to flow freely between the EU and Japan. The adequacy decision

photo from above the inside of an airport terminal, passengers walking with suitcases

EU Passenger Name Record Directive

The EU Passenger Name Record (PNR) Directive obliges airlines to collect personal, and sometimes potentially sensitive, data of travellers and share it with government authorities. The data is mined and

Somebody writing code on a laptop while looking at code on a phone. Photo by Sora Shimazaki from Pexels

UK Police “digital strip search”

In 2019, the UK Police brought in new regulations on how police officers should gather data-based evidence to investigate certain criminal cases. Under the policy, police can request that the


Facebook data breach mass action

Digital Rights Ireland are taking a “mass action” lawsuit against Facebook. They will represent users who have been affected by the 3 April 2021 release of computer files containing personal