COVID-19 Litigation Fund Case Studies old version

A graphic showing a smartphone location and a virus.

COVID-19 Litigation Fund Case Studies

The COVID-19 Litigation Fund supports strategic cases challenging digital rights violations committed in the context of the COVID-19 pandemic. This page summarises the important work being carried out by COVID-19 Litigation Fund grantees.
 

The COVID-19 Litigation Fund was open for applications in the second half of 2020. It is not currently accepting new applications. See more information here.

The COVID-19 Litigation Fund was made possible thanks to funding from the Open Society Initiative for Europe, Luminate and the Sigrid Rausing Trust.

  • Bulgaria, Belgium, Croatia, Germany, Hungary, Italy, Ireland, Lithuania, Slovenia, Spain, Sweden, Poland
  • Privacy and data protection; accountability, transparency, and the adherence to human rights in the use and design of technology

Civil Liberties Union for Europe, working with 12 member organisations and Access Now

To help deal with the COVID-19 pandemic, governments are developing and rolling out apps related to contact-tracing, symptom-tracking, exposure notification, and quarantine-enforcement. Many governments are not taking data protection and privacy seriously when developing and deploying these apps, and there is a risk of normalising the expanded use of invasive digital surveillance technologies.

The Civil Liberties Union for Europe used variety of litigation actions – freedom of information requests, data protection authority complaints, and litigation before domestic/regional courts – to stop the use of COVID-19 apps that do not respect people’s rights to privacy and data protection. They also wanted to use this litigation to help ensure that impact assessments are carried out in relation to such apps, and that there is more transparency around their development and use.

Liberties started the project with partners in 12 EU members states but then narrowed this down to four jurisdictions where they began litigation action: Belgium, Bulgaria, Hungary and Spain.
In both Bulgaria and Spain there were rulings in favour of Liberties’ partners. In both countries the courts ruled that data protection impact assessments about the national COVID tracing apps must be shared. These rulings set an important precedent that human rights impact assessments about COVID tracing apps must be carried out and made public.

In almost all jurisdictions they assessed, Liberties noticed major issues. For example, when launching apps, governments did not consult stakeholders and watchdogs, data protection impacts assessments were not prepared or made public, source codes were not published, and the expected efficacy was too low to justify the app’s use. In June 2021, Liberties launched a knowledge hub on their website to collate information gathered so far, and to monitor and update the ongoing cases.

Strategic Goal

To prevent European governments from using the COVID-19 pandemic as a pretext for normalising the expanded use of invasive digital surveillance technologies, and ensure that citizens across the EU have access to public health apps that do not amount to disproportionate surveillance and are not unlawful or unnecessarily intrusive.

  • Spain
  • Free flow of information online

Photo by Women’s Link Worldwide

Women’s Link Worldwide, in collaboration with Women on Web

In Spain, the website for Women on Web (WOW), a non-profit organisation that disseminates information on the human right to safe medical abortions, has been blocked by Spanish authorities. This coincides with an increase in barriers faced by women and girls when accessing sexual and reproductive health services because of the restrictions caused by the COVID-19 pandemic.

Women’s Link Worldwide are supporting Women on Web to take litigation in Spain to challenge the blocking of Women on Web’s website. Additionally, they will ask the courts to recognise access to information on sexual and reproductive health services, including during the pandemic, as a key part of the right to abortion and the right to information in Spain.

In January 2021, Women’s Link filed a lawsuit on behalf of WOW at the Spanish National Court.

On 3 October 2022, the Supreme Court of Spain ruled in favour of WOW and ordered the partial unblocking of their website. In its ruling, the court considers that the information, recommendations, and opinions on sexual health and reproductive rights that WOW provides on its website are protected by the right to information and freedom of expression. Therefore, according to the Spanish Constitution, its website cannot be blocked without judicial authorisation.

The decision creates an important judicial precedent in terms of the right to information and freedom of expression on the internet, since, for the first time, it establishes a need for judicial authorisation when blocking information published on the internet.

Strategic Goal

To ensure that information about sexual and reproductive health services, including access to abortion, is available in Spain through public online publications. This means all women will have accessible, high quality and non-discriminatory information regarding their sexual and reproductive rights and the services available to them, including access to abortion via telemedicine. Women’s Link also want to ensure that the protection and promotion of the free flow of information online includes women’s rights.

Stock image of surveillance cameras on a purple-blue background
  • United Kingdom
  • Privacy and data protection; accountability, transparency, and the adherence to human rights in the use and design of technology

Photo by CHUTTERSNAP on Unsplash

Big Brother Watch

Thermal scanning expanded in pandemic times to places like airports, schools, workplaces, and retailers. The concern is that unlawful and unevidenced use could lead to unnecessary violations of data protection rights, contributing to further invasive surveillance that violates other rights, such as the right to education and freedom of movement.

Big Brother Watch planned to take a claim in the UK High Court against a data controller using thermal scanning technology, to confirm that thermal scanning results are “personal data” under data protection law, that impact assessments are needed before scanners are used, and that the technology must be created and implemented in line with data protection law.

Big Brother Watch identified dozens of operators of thermal surveillance technology, including schools, restaurants, Heathrow Airport, and Amazon UK, and wrote letters outlining the evidentiary and privacy issues and making the case for them to stop. This advocacy was successful, with most operators desisting use of thermal surveillance. In the end a specific claim did not need to be taken to court.

A legal opinion was also produced, which advises on the data protection principles that apply to thermal scanning. It is hoped this legal opinion can be a useful resource to organisations considering biosurveillance options now or in the future.

Strategic Goal

To ensure a more evidence-led, rights-respecting and data protection respecting approach to surveillance during the pandemic, particularly related to thermal scanning, and to set a precedent confirming that other rights are being indirectly violated by the imposition of thermal scanning.

A group of police officers in riot gear standing on a street
  • France
  • Privacy and data protection

Photo by ev on Unsplash

La Quadrature du Net

In March 2020, in the early stages of the COVID-19 pandemic, France introduced an emergency law that imposed a strict lockdown on the whole country. People that did not comply with the lockdown obligations were subject to fines or even jail time. Police and law enforcement agencies started to record data on lockdown infringements in a criminal record database previously only used for driving offences. La Quadrature du Net believe this practice goes beyond the purposes of the database and violates French and EU data protection standards.

La Quadrature du Net are taking litigation before the Conseil d’État to overturn the French government’s expansion of the criminal record database to include COVID-19 lockdown infringement records. They filed their litigation statement with the Conseil d’État on 2 November 2020.

On 21 December 2021, the Conseil d’Etat rejected the challenge, meaning the expansion of the database remains in place.

Strategic Goal

To ensure that, in France, personal data about people that break the law is only collected for limited and specific purposes and meets French and EU data protection standards.

Somebody using a laptop with data and graphs on the screen. Photo by Myriam Jessier on Unsplash
  • Germany
  • Privacy and data protection

Photo by cottonbro on Pexels

Gesellschaft für Freiheitsrechte (Society for Civil Rights)

As exams have been shifted online in response to the COVID-19 pandemic, some universities in Germany have started to use proctoring software to monitor students taking their exams. GFF believe that this software violates fundamental rights by processing a large amount of personal data, including identity, location, videos of movements, and the student’s room and desk. Due to restrictions or concerns related to the pandemic, students do not have a real and meaningful choice to opt out of being monitored.

Gesellschaft für Freiheitsrechte (GFF) are taking litigation in Germany against one or more universities using this proctoring software for online exams. The aim is obtaining a ruling that processing personal data through automated online proctoring software is unlawful.

In 2020, An initial application for a temporary injunction against video recording at the University of Hagen was rejected by the administrative court. However, the court did not examine the legal situation in detail, but merely decided the harms to the plaintiff were not sufficient to merit a temporary stop to the use of the software.

On 20 October 2022, On October 20, GFF filed a complaint against the University of Erfurt at the Erfurt Regional Court for the use of proctoring software. For the lawsuit they are cooperating with the “freier zusammenschluss von student*innenschaften” (fzs), the nationwide umbrella organisation of student associations.

Strategic Goal

Universities, employers and other institutions in Germany stop using automated online proctoring software and use less intrusive, privacy-friendly alternatives, such as open book exams.

  • Germany
  • Privacy and data protection

Photo by Chokniti Khongchum on Pexels

Gesellschaft für Freiheitsrechte (Society for Civil Rights)

In Germany, public health insurance providers will soon begin transferring the pseudonymised health data of millions of people to scientific and other institutions for research purposes. GFF believe that the security standards for the storage and transfer of this data are too weak and there is a high risk of privacy breaches. In particular, they are concerned that the pseudonymised data of people in marginalised groups, such as those suffering from rare diseases, becomes re-personalised by research institutions. This is an increasingly important issue as health data is being processed on a huge scale to deal with the COVID-19 pandemic.

Gesellschaft für Freiheitsrechte (GFF) are taking litigation in Germany against one or more health insurance providers aimed at ensuring greater security over how health data is shared with research institutions and allowing insured people to object to the reuse of their data for research purposes.

GFF filed two legal submissions in May 2022 against the mass processing of health data. In both cases they asked for and were granted interim relief meaning that no health data of the two plaintiffs will be transmitted for the remainder of the proceedings. The first hearing took place in October 2022, and the second will follow in early 2023.

Strategic Goal

To improve the security standards and retention periods for health data generally, and strengthen the rights of marginalised groups (such as those with rare diseases) to oppose the processing of their health data by third parties. GFF also aim to increase public awareness that health data can be used for the good of society without having to sacrifice data privacy and security standards.

  • United Kingdom
  • Privacy and data protection; accountability, transparency, and the adherence to human rights in the use and design of technology

Photo by Cottonbro on Pexels

Open Knowledge Foundation

Due to the COVID-19 pandemic many educational institutions in the UK have moved exams online and are turning to remote proctoring as a monitoring solution. This potentially results in a number of intrusive and discriminatory impacts, including the collection of personal data through room scanning and tracking cookies, unfair algorithms used to identify students and analyse their behaviour, and data security risks.

Open Knowledge Foundation planned to take litigation against a number of institutions using remote proctoring software to prevent its use until the data rights and equality issues are resolved. For organisational reasons, the litigation was ended early.

Some success was achieved with an independent inquiry being launched in 2021 based on Open Knowledge Foundation‘s litigation, and finding that the UK Bar Standards Board must adhere to a framework of recommendations protecting data and equality rights in any future use of the technology.

Open Knowledge Foundation created and held a series of monthly data law workshops using their experience of litigation on remote proctoring software. They also launched a launched a monthly community drop-in meeting. They found the legal arguments, organised around data and equality rights, to be transferable throughout many topical domains of the law where algorithms are in play.

Strategic Goal

To set a precedent showing that, during the COVID-19 pandemic and beyond, remote proctoring and monitoring software should not be used unless it does not violate data protection and equality rights.