Your fact-checks will appear here
Independent body of the European Union that ensures that EU institutions and bodies comply with data protection laws and jurisdiction
The revised “Chat Control” (CSAR) proposal in late 2025 removes the Council’s earlier explicit requirement for mandatory, universal scanning of encrypted private communications but keeps obligations a...
The Entry/Exit System (EES) is now operational and mandatory for most non‑EU short‑stay travellers: it captures fingerprints and a facial image and replaces passport stamps, with full rollout by April...
Travelers can request access, rectification or deletion of their EES personal data under the applicable data‑protection framework; member‑state authorities handle initial requests and dissatisfied app...
If trilogue negotiations finish in April 2026, the EU’s “Chat Control” (CSAR) text could be adopted by the European Parliament and Council immediately thereafter and become law once published in the O...
The EU’s Entry/Exit System (EES) captures facial images and fingerprints from non‑EU travellers and links those biometrics to name, travel‑document data and entry/exit timestamps in a central automate...
data protection authorities — meaning national DPAs, the and the — act largely as guardians and critics rather than as certifying engineers: they advise, issue guidance, demand impact assessments and ...
A final "" regulation would face predictable, multi‑front legal assault grounded in Charter rights to privacy and data protection, established precedents against generalized surveillance, and principl...
Available reporting shows the EU’s latest “Chat Control 2.0” effort dropped an explicit duty to break end‑to‑end encryption and mandatory on‑device scanning, but it preserves mechanisms that critics s...
U.S. and EU rules around tracing IP addresses in child sexual abuse material (CSAM) investigations sit in different legal ecosystems: the U.S. relies on a mix of criminal law, voluntary industry coope...
Travelers who want their biometric data erased from the EU’s new Entry/Exit System (EES) must use the EU’s existing data‑protection framework: invoke the GDPR right to erasure (Article 17), identify a...
EU “Chat Control” refers to a proposed Regulation to Prevent and Combat Child Sexual Abuse (often called CSAR) that has repeatedly raised alarms because it would require platforms to detect CSAM and g...
Two recent rulings of the Court of Justice of the European Union (CJEU) have become central in debates over biometric retention tied to travel and policing: the CJEU confirmed the Entry/Exit System (E...
The EU Entry/Exit System (EES) normally retains biometric data (facial images and fingerprints) for after a traveller’s last recorded entry or exit, with the retention clock renewed on each new crossi...
embeds Fundamental Rights Impact Assessments (FRIAs) as a core safeguard for high‑risk AI systems, requiring deployers to identify risks and put in place technical, procedural and governance measures ...
Independent oversight of exists in patches around the world: data protection authorities in the (and the ’s ICO) exercise supervisory powers over biometric processing under the framework, several coun...
The Court of Justice of the European Union has in recent years issued a string of rulings tightening the conditions under which biometric and other special-category personal data may be lawfully proce...
End‑to‑end encryption (E2EE) substantially reduces platforms’ technical ability to scan message content for known child sexual abuse material (CSAM), meaning traditional server‑side hashing and AI det...
National data protection authorities (DPAs) investigate complaints under the GDPR using national procedures or a coordinated “one‑stop‑shop” where a lead authority handles cross‑border cases, and comp...
EU institutions have responded to a string of CJEU decisions by insisting that biometric retention be narrowly tailored, subject to a strict “necessity” test, periodic review, and effective erasure ri...
Chat Control is the shorthand used by critics for the European Union’s proposed Regulation to Prevent and Combat Child Sexual Abuse (CSAR), a legal package that would obligate digital service provider...