Your fact-checks will appear here
Independent body of the European Union that ensures that EU institutions and bodies comply with data protection laws and jurisdiction
The revised “Chat Control” (CSAR) proposal in late 2025 removes the Council’s earlier explicit requirement for mandatory, universal scanning of encrypted private communications but keeps obligations a...
The Entry/Exit System (EES) is now operational and mandatory for most non‑EU short‑stay travellers: it captures fingerprints and a facial image and replaces passport stamps, with full rollout by April...
Travelers can request access, rectification or deletion of their EES personal data under the applicable data‑protection framework; member‑state authorities handle initial requests and dissatisfied app...
If trilogue negotiations finish in April 2026, the EU’s “Chat Control” (CSAR) text could be adopted by the European Parliament and Council immediately thereafter and become law once published in the O...
The EU’s Entry/Exit System (EES) captures facial images and fingerprints from non‑EU travellers and links those biometrics to name, travel‑document data and entry/exit timestamps in a central automate...
Travelers who want their biometric data erased from the EU’s new Entry/Exit System (EES) must use the EU’s existing data‑protection framework: invoke the GDPR right to erasure (Article 17), identify a...
EU “Chat Control” refers to a proposed Regulation to Prevent and Combat Child Sexual Abuse (often called CSAR) that has repeatedly raised alarms because it would require platforms to detect CSAM and g...
U.S. and EU rules around tracing IP addresses in child sexual abuse material (CSAM) investigations sit in different legal ecosystems: the U.S. relies on a mix of criminal law, voluntary industry coope...
Two recent rulings of the Court of Justice of the European Union (CJEU) have become central in debates over biometric retention tied to travel and policing: the CJEU confirmed the Entry/Exit System (E...
The Court of Justice of the European Union has in recent years issued a string of rulings tightening the conditions under which biometric and other special-category personal data may be lawfully proce...
End‑to‑end encryption (E2EE) substantially reduces platforms’ technical ability to scan message content for known child sexual abuse material (CSAM), meaning traditional server‑side hashing and AI det...
National data protection authorities (DPAs) investigate complaints under the GDPR using national procedures or a coordinated “one‑stop‑shop” where a lead authority handles cross‑border cases, and comp...
EU institutions have responded to a string of CJEU decisions by insisting that biometric retention be narrowly tailored, subject to a strict “necessity” test, periodic review, and effective erasure ri...
Chat Control is the shorthand used by critics for the European Union’s proposed Regulation to Prevent and Combat Child Sexual Abuse (CSAR), a legal package that would obligate digital service provider...
Available reporting shows the EU’s latest “Chat Control 2.0” effort dropped an explicit duty to break end‑to‑end encryption and mandatory on‑device scanning, but it preserves mechanisms that critics s...
Lawmakers, regulators and platforms rely on a mix of legal limits, technical controls and process rules to try to prevent misuse of seized CSAM datasets and to protect uninvolved people — most promine...
The EU’s new Entry/Exit System (EES) began phased rollout on 12 October 2025 and will be fully deployed by April 2026; it records non‑EU travellers’ fingerprints, facial images, passport data and entr...
Travelers who believe their biometric data were processed unlawfully under the EU Entry/Exit System (EES) can rely on layered data‑protection remedies: national data protection authorities, the Europe...
GDPR treats biometric data as a special category of personal data and therefore places stricter limits on its processing — lawful grounds are narrow (explicit consent or specific public-interest bases...
Travelers who believe the EU Entry/Exit System (EES) violates their privacy can use the EU data-protection framework: file complaints with national Data Protection Authorities (DPAs), seek remedies th...