Case studies
The case studies provided here illustrate some of the important digital rights work of our grantees, which we are proud to support. Due to the context or sensitivity of some projects, not all the work we support is shown here. We will continue to add case studies over time as new grants are approved and projects progress.
We have also produced more in-depth analyses of the impact, background, development and the application process on 11 of the case studies below, accessible here.
Inactive Data Protection Authorities
noyb is taking litigation against the Luxembourg data protection authority (CNPD), challenging the inactivity of the CNPD in response to a complaint filed against Amazon back in 2019. noyb argues
Enforcement of EU data protection law against non-EU companies
A Luxembourg resident discovered that their data was collected and offered for sale by Apollo and RocketReach, two US-based companies which collect and commercialise personal data on different online platforms.
Non-Consensual Tracking on Pornhub
Based on research carried out by Tracking Exposed (now rebranded into AI Forensics) since 2019, privacy activists have lodged complaints before the data protection authorities of Italy and Cyprus alleging
Homophobic hate speech on social media
Campaign Against Homophobia are supporting two LGBTQI+ activists in litigation up to the European Court of Human Rights to challenge the lack of practical tools to fight against the excessive
Illegal use of personal data by Meta
The General Data Protection Regulation (GDPR) is supposed to give users a free choice as to whether or not they agree to the collection of their personal data. However, when
Facebook data breach mass action
Digital Rights Ireland are taking a “mass action” lawsuit against Facebook. They will represent users who have been affected by the 3 April 2021 release of computer files containing personal
Data protection violations by data brokers
Online data brokers and advertising technology (adtech) companies gather data and build intricate profiles of internet users, which are then shared and sold to thousands of advertisers. Users have limited
Collusion and discriminatory practices by urban transportation platforms
Association Taxi Project 2.0 carried out pre-litigation research to support the preparation of a complaint(s) against ride-sharing companies in Spain. Taxi Project has been analysing the behaviour of dynamic pricing
EU Data Adequacy and Digital Trade
In January 2019, the EU’s European Commission granted adequacy to Japan for its data protection laws, allowing personal data to flow freely between the EU and Japan. The adequacy decision
Unlawful location monitoring of Glovo riders
Based on research carried out by Tracking Exposed (now rebranded into Reversing Works), privacy activists lodged a complaint before the data protection authority (DPA) of Italy. In November 2024, after
Digital practices that violate freedom of thought and opinion
Internet users are being profiled and targeted by various online and digital business practices in a way that influences how they think. Examples include the use of targeted advertising or
Facebook’s private censorship
Facebook and other online platforms have been criticised for their role in arbitrarily censoring legal content that is shared through their services. Without explanation Facebook removed pages belonging to Spoleczna
Copyright enforcement by private parties against internet intermediaries
On 18 June 2021, Quad9, a non-profit Domain Name Server (DNS) resolver, received an interim injunction from the District Court of Hamburg, pursuant to an application made by Sony Music.
Illegal data sharing by Grindr
In December 2021, the Norwegian Data Protection Authority (DPA) issued an administrative fine of NOK 65 million (around EUR 6.5 million) against dating app Grindr for disclosing personal information about
The adtech industry’s unlawful data flows
The online advertising industry (adtech) is built on the trade of personal data, including intimate and sensitive details about individuals. Information about individuals is shared and sold across thousands of
Exploitation of sensitive personal medical data by commercial entities
medConfidential is examining possible legal action in relation to the unlawful processing of patients’ medical data by Sensyne Health plc, a private company, which has data sharing agreements with several
Secret algorithms and hidden data flows violating rights of “gig workers”
“Gig workers” are oppressed, misclassified as self-employed and denied the right to a minimum wage, as well as freedom from discrimination and unfair dismissal. Their oppression is exacerbated by digitisation,
Access to information about online political advertising
K-Monitor is preparing for litigation challenging the lack of recourse for getting information about online political advertising on social media platforms. K-Monitor believe that online political advertising has a decisive
Gender-Based Censorship of Sexual and Reproductive Health Content by Online Platforms
CIJ is preparing for litigation enforcing the EU Digital Services Act (DSA) to address gender-based censorship by Meta platforms and other Very Large Online Platforms (VLOPs). CIJ found that Meta