Case studies
The case studies provided here illustrate some of the important digital rights work of our grantees, which we are proud to support. Due to the context or sensitivity of some projects, not all the work we support is shown here. We will continue to add case studies over time as new grants are approved and projects progress.
We have also produced more in-depth analyses of the impact, background, development and the application process on 11 of the case studies below, accessible here.
Access to information about online political advertising
K-Monitor is preparing for litigation challenging the lack of recourse for getting information about online political advertising on social media platforms. K-Monitor believe that online political advertising has a decisive
Predictive policing of minors
The “Top 400” programme in Amsterdam profiles minors and young adults to predict the 400 most likely to commit serious crimes. This programme is problematic because it disproportionately targets marginalised
Digital practices that violate freedom of thought and opinion
Internet users are being profiled and targeted by various online and digital business practices in a way that influences how they think. Examples include the use of targeted advertising or
Government use of spyware against civil society in Spain
The case addresses unwarranted surveillance of personal devices and communications using Pegasus-type spyware by the Spanish State against civil society and, in particular, against one of the lawyers spied on
Invasion of privacy of people living with HIV by medical institutions
Association Stronger Together Skopje believe that the North Macedonia Ministry of Health’s data system, MojTermin leads to medical data of patients being processed and accessed by all medical professionals, without
The adtech industry’s unlawful data flows
The online advertising industry (adtech) is built on the trade of personal data, including intimate and sensitive details about individuals. Information about individuals is shared and sold across thousands of
Extraction of asylum seeker mobile data in Germany
The German Asylum Act grants the Federal Ministry for Migration and Refugees the power to access the mobile devices of migrants and asylum seekers, without a warrant, in order to
Processing of sensitive personal medical data in Czech Republic
In October 2024, IuRe filed a lawsuit with the Municipal Court in Prague to challenge the processing and use of sensitive personal medical data by the Czech Institute of Health
Misuse of technology against people on the move in Closed Controlled Access Centres
Border Violence Monitoring Network (BVMN) and I Have Rights, a refugee law clinic based in Samos, Greece, are preparing for litigation challenging the technology and surveillance infrastructure of the Samos
Collusion and discriminatory practices by urban transportation platforms
Association Taxi Project 2.0 carried out pre-litigation research to support the preparation of a complaint(s) against ride-sharing companies in Spain. Taxi Project has been analysing the behaviour of dynamic pricing
EU Data Adequacy and Digital Trade
In January 2019, the EU’s European Commission granted adequacy to Japan for its data protection laws, allowing personal data to flow freely between the EU and Japan. The adequacy decision
The use of Pegasus malware on UK-based smartphones
GLAN are working in partnership with Bindmans LLP to devise a strategic litigation approach to achieve accountability for the use of Pegasus malware on UK-based smartphones in violation of individuals’
Restrictive copyright laws in Europe
Copyright is often used as a means to suppress or censor content online. The EU Information Society Directive allows for exceptions, for example in cases of parody or citation, serving
Secret algorithms and hidden data flows violating rights of “gig workers”
“Gig workers” are oppressed, misclassified as self-employed and denied the right to a minimum wage, as well as freedom from discrimination and unfair dismissal. Their oppression is exacerbated by digitisation,
Blocking of access to LGBTQI+ content online
Háttér Society are preparing for litigation challenging the blocking of access to online LGBTQI+ content in Hungary. This relates to the adoption in 2021 of legislation that bans access of
Exploitation of sensitive personal medical data by commercial entities
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several
Digital surveillance of social protection in Serbia
In Serbia, the Law on Social Card was adopted in 2021, establishing an electronic register containing the data of beneficiaries of social protection schemes, and enabling automated processing of data
Mass surveillance of electronic communications metadata
The Greek law on retention of electronic communications metadata (Law 3917/2011) was not revised following a ruling from the Court of Justice of the European Union (CJEU) invalidating the EU
Gender-Based Censorship of Sexual and Reproductive Health Content by Online Platforms
CIJ is preparing for litigation enforcing the EU Digital Services Act (DSA) to address gender-based censorship by Meta platforms and other Very Large Online Platforms (VLOPs). CIJ found that Meta
Misuse of freelance workers’ data in Spain
In Spain, the data of millions of freelance workers is shared unlawfully by the registrar of freelance workers and the tax authorities with other public authorities, who then repurpose the
Misuse of data protection law in Spain to stifle speech
In Spain, Xnet carried out research related to two examples where data protection law is being misused by the government to limit people’s rights to freedom of information and expression.
Use of facial recognition technology by law enforcement and judicial authorities in Italy
StraLi for Strategic Litigation (StraLi) is preparing a strategic path to challenge the use of facial recognition technology by law enforcement and judicial authorities in Italy. They will also identify
Restricted data protection rights for non-citizens in Germany
People residing in Germany without German citizenship have their personal data automatically stored in a centralised database that can be accessed and shared by more than 14,000 government agencies. The