Case studies
The case studies provided here illustrate some of the important digital rights work of our grantees, which we are proud to support. Due to the context or sensitivity of some projects, not all the work we support is shown here. We will continue to add case studies over time as new grants are approved and projects progress.
We have also produced more in-depth analyses of the impact, background, development and the application process on 11 of the case studies below, accessible here.

UK Police “digital strip search”
In 2019, the UK Police brought in new regulations on how police officers should gather data-based evidence to investigate certain criminal cases. Under the policy, police can request that the

Misuse of copyright claims in Germany to stifle freedom of information
The German government is using copyright law to suppress documents published online, which have been legally obtained through freedom of information requests and contain information important for the public interest.

Use of facial recognition technology by law enforcement and judicial authorities in Italy
StraLi for Strategic Litigation (StraLi) is preparing a strategic path to challenge the use of facial recognition technology by law enforcement and judicial authorities in Italy. They will also identify

The “SyRI” welfare fraud risk-scoring algorithm
Under the guise of detecting potential welfare and tax fraud, the Dutch government introduced a computerised system (System Risk Indication or “SyRI”) that profiled individuals based on vast pools of

Data protection violations by data brokers
Online data brokers and advertising technology (adtech) companies gather data and build intricate profiles of internet users, which are then shared and sold to thousands of advertisers. Users have limited

Facebook’s private censorship
Facebook and other online platforms have been criticised for their role in arbitrarily censoring legal content that is shared through their services. Without explanation Facebook removed pages belonging to Spoleczna

Misuse of freelance workers’ data in Spain
In Spain, the data of millions of freelance workers is shared unlawfully by the registrar of freelance workers and the tax authorities with other public authorities, who then repurpose the

Restricted data protection rights for non-citizens in Germany
People residing in Germany without German citizenship have their personal data automatically stored in a centralised database that can be accessed and shared by more than 14,000 government agencies. The

Facebook data breach mass action
Digital Rights Ireland are taking a “mass action” lawsuit against Facebook. They will represent users who have been affected by the 3 April 2021 release of computer files containing personal

Processing of sensitive personal medical data in Czech Republic
IuRe is planning litigation to challenge the processing and use of sensitive personal medical data by the Czech Institute of Health Information and Statistics through the National Health Information System.

Copyright enforcement by private parties against internet intermediaries
On 18 June 2021, Quad9, a non-profit Domain Name Server (DNS) resolver, received an interim injunction from the District Court of Hamburg, pursuant to an application made by Sony Music.

Enforcement of EU data protection law against non-EU companies
A Luxembourg resident discovered that their data was collected and offered for sale by Apollo and RocketReach, two US-based companies which collect and commercialise personal data on different online platforms.

Ireland’s ID card for accessing public services
Ireland recently deployed a “Public Services Card” – an ID card with an electronic chip letting the government store people’s personal data (including photos). Digital Rights Ireland say the system

Secret, targeted surveillance in Hungary
Domestic law on surveillance in Hungary does not require individuals who have been subjected to surveillance measures to be notified of that fact. This means there are no adequate safeguards

Intrusive and discriminatory impacts of remote proctoring in the UK
Due to the COVID-19 pandemic many educational institutions in the UK have moved exams online and are turning to remote proctoring as a monitoring solution. This potentially results in a

France criminal records database expanded during COVID-19
In March 2020, France introduced an emergency law imposing a strict lockdown on the whole country. People who did not comply were subject to fines and even jail time. Authorities

Intrusive impacts of remote proctoring by universities in Germany
As exams were shifted online during the COVID-19 pandemic, some German universities began to use proctoring software to monitor students taking their exams. This software may violate fundamental rights by

Mass surveillance through biometric ID cards in Germany
In Germany, since 2017, citizens’ personal information and photographs from their ID cards have been stored in registers that are accessible to various state bodies. Under German law, authorities such

Inactive Data Protection Authorities
noyb is taking litigation against the Luxembourg data protection authority (CNPD), challenging the inactivity of the CNPD in response to a complaint filed against Amazon back in 2019. noyb argues

Discriminatory digital policies that marginalise Roma communities
The Center for Civil and Human Rights are taking litigation to challenge the disparate impact felt by some groups in Slovakia, in particular the Romani minority, due to unequal access

Data sharing between health services and immigration authorities in Germany
In Germany, undocumented migrants are at risk of privacy violations and deportation if they try to access healthcare services. This is because the social welfare office is obliged to share

Mass data breach by the Bulgaria National Revenue Agency
In 2019, the Bulgaria National Revenue Agency servers were hacked, compromising personal data of approximately six million people. KDBM believes the hack was partly due to deficient security practices and

UK Home Office visa application streaming algorithm
In mid-2019, the media revealed that the UK Home Office had been using an algorithm/automated computer system for five years to process visa applications. Foxglove and JCWI argued that the

Invasive surveillance by the German intelligence service
Constitutional complaint against the amendment of the telecommunication surveillance regulation (“G10” ), which for the first time grants all 19 German intelligence services the right to use malware to surveil

Injustice due to digitalisation of means tested welfare benefits
The Child Poverty Action Group (CPAG) is taking litigation in the UK related to the universal credit system administered by the UK Department for Work and Pensions. Universal credit is

Exploitation of sensitive personal medical data by commercial entities
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several

Access to government algorithms in Poland
The Ministry of Justice in Poland is using a computer system to randomly allocate cases to judges. Some judges claim that since the system was deployed, they have been given

Invasive surveillance through thermal scanning
Thermal scanning has expanded in pandemic times to places like airports, schools, workplaces, and retailers. The concern is that unlawful and unevidenced use could lead to unnecessary violations of data

Predictive policing of minors
The “Top 400” programme in Amsterdam profiles minors and young adults to predict the 400 most likely to commit serious crimes. This programme is problematic because it disproportionately targets marginalised

UK’s national pupil database
The UK Department of Education collects highly sensitive personal data about students for the National Pupil Database, which is routinely shared with other departments and third parties for academic and

The adtech industry’s unlawful data flows
The online advertising industry (adtech) is built on the trade of personal data, including intimate and sensitive details about individuals. Information about individuals is shared and sold across thousands of

Secret algorithms and hidden data flows violating rights of “gig workers”
“Gig workers” are oppressed, misclassified as self-employed and denied the right to a minimum wage, as well as freedom from discrimination and unfair dismissal. Their oppression is exacerbated by digitisation,

Women’s rights website blocked in Spain
Spanish authorities blocked the website of Women on Web (WOW), a non-profit organisation sharing information on safe medical abortions. This coincides with an increase in barriers faced by women and

Data breaches by UK Secret Service MI5
The UK Investigatory Powers Act gives the government the power to gather information about what people say and do online, even when they are not suspected of a crime. In

Restrictive copyright laws in Europe
Copyright is often used as a means to suppress or censor content online. The EU Information Society Directive allows for exceptions, for example in cases of parody or citation, serving

Gaining access to government algorithms in Germany
GFF believe that information about algorithm-driven technology used by state bodies in Germany should be accessible to anyone who wants to scrutinise it. When the public can check that technology

Extraction of asylum seeker mobile data in Germany
The German Asylum Act grants the Federal Ministry for Migration and Refugees the power to access the mobile devices of migrants and asylum seekers, without a warrant, in order to

EU Passenger Name Record Directive
The EU Passenger Name Record (PNR) Directive obliges airlines to collect personal, and sometimes potentially sensitive, data of travellers and share it with government authorities. The data is mined and

The use of Pegasus malware on UK-based smartphones
GLAN are working in partnership with Bindmans LLP to devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’

Digital practices that violate freedom of thought and opinion
Internet users are being profiled and targeted by various online and digital business practices in a way that influences how they think. Examples include the use of targeted advertising or

UK’s Snoopers’ Charter
The UK Investigatory Powers Act (IPA) grants the government power to collect and store information about everything people do and say online. This includes emails, texts, calls, location data and

Collection and mass storage of data through automatic number plate recognition
Privacy First are challenging the Dutch Automatic Number Plate Recognition (ANPR) Act, which was adopted in November 2017 and entered into force in January 2019. The Act enables the Dutch

COVID-19 apps in Europe violating data protection and privacy
To help deal with the COVID-19 pandemic, governments are developing and rolling out apps related to contact-tracing, symptom-tracking, exposure notification, and quarantine-enforcement. Many governments are not taking data protection and

Access to information about online political advertising
K-Monitor is preparing for litigation challenging the lack of recourse for getting information about online political advertising on social media platforms. K-Monitor believe that online political advertising has a decisive

Misuse of data protection law in Spain to stifle speech
In Spain, Xnet carried out research related to two examples where data protection law is being misused by the government to limit people’s rights to freedom of information and expression.

Sharing of health data by German public health insurance providers
In Germany, public health insurance providers will soon begin transferring anonymised health data of millions of people to institutions for research. However, the security standards for the storage and transfer

Illegal data sharing by Grindr
In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about