Your fact-checks will appear here
Body of the European Union ensure that data privacy laws are consistently applied in the EU countries
The revised “Chat Control” (CSAR) proposal in late 2025 removes the Council’s earlier explicit requirement for mandatory, universal scanning of encrypted private communications but keeps obligations a...
EU governments have negotiated a contentious package known as the Child Sexual Abuse Regulation (nicknamed “Chat Control”) that aims to curb online child sexual abuse material (CSAM) but has been repe...
The legal basis for the Entry/Exit System (EES) is Regulation (EU) 2017/2226, adopted in November 2017 and in force since December 2017; eu‑LISA is responsible for development and operation . After re...
Brazil’s General Personal Data Protection Law (LGPD) remains the country’s cornerstone data-privacy framework, aligned in many respects with the EU’s GDPR and enforced by the National Data Protection ...
The EU’s biometric rules for travellers center on the Entry/Exit System (EES), which mandates collection of facial images and fingerprints from non‑EU short‑stay visitors and started phased operations...
Several countries use facial recognition at international borders; the U.S., China and many European states deploy it at airports for arrivals and departures, and some places require it for certain cl...
Travelers dealing with EU biometric checks face a mix of specific system rules and broader data-protection rights: the Entry/Exit System (EES) will collect fingerprints and facial images and store the...
UK and EU age‑verification rules do not mandate a single retention schedule but consistently require strict data‑minimisation, purpose limitation and avoidance of unnecessary storage: platforms must d...
GDPR protections apply to non-EU visitors whose personal data is processed in the EU when organizations “offer goods or services” to them or “monitor” their behaviour; the EU Entry/Exit System (EES) c...
The European Data Protection Board (EDPB) has nominated "transparency and information obligations" under Articles 12–14 GDPR as the topic for its 2026 coordinated enforcement action, and national data...
Countries that lack specific "explicit-content" statutes generally rely on a patchwork of existing laws, industry codes, and regulator guidance to protect children online, while pressing platforms to ...
The Court of Justice of the European Union (CJEU) upheld the validity of the EU PNR Directive but substantially narrowed how member states may process Passenger Name Record (PNR) data: broad, undiffer...
Available reporting shows the EU’s latest “Chat Control 2.0” effort dropped an explicit duty to break end‑to‑end encryption and mandatory on‑device scanning, but it preserves mechanisms that critics s...
Brazil’s General Data Protection Law (LGPD) gives data subjects rights to access, correct and withdraw consent, and the national digital ID is governed by government programs (gov.br, Serpro/QuarkID) ...
Brazil’s digital identity and data-sharing landscape is governed principally by the General Data Protection Law (LGPD), which requires a lawful legal basis (including consent) for processing personal ...
Brazil’s digital-ID program combines a centralized National Civil Identification (ICN/DNI) and the gov.br account tiers with mandatory and optional biometric checks, and recent moves to use blockchain...
Data protection authorities (DPAs) in EU member states handle individual requests about Entry/Exit System (EES) data through existing GDPR pathways: individuals may request access, rectification or de...
GDPR treats biometric data as a special category of personal data and therefore places stricter limits on its processing — lawful grounds are narrow (explicit consent or specific public-interest bases...
Travelers who believe the EU Entry/Exit System (EES) violates their privacy can use the EU data-protection framework: file complaints with national Data Protection Authorities (DPAs), seek remedies th...
The EDPS between 2023–2025 consistently stressed that processing by EU institutions must rest on a clear GDPR legal basis and that consent has limits — it can be appropriate in some cases (e.g., short...