By Angelina Vlachou*

In 2018, all of us use the Internet quite extensively; through this extensive use a large quantity of digital data which concerns us is gathered. This data stem from profile creation in social media, from our e-mail address, from websites, which a person might use for his/her business, etc.

When the person these data concern dies, these data fall under the notion of “digital heritage”. The discussion on digital heritage is huge.

In this initial stage, it must be noted that both national and EU legal provisions on the protection of personal data -including the recent General Data Protection Regulation (GDPR) Preamble 27- concern personal data of natural living persons.

In particular, GDPR leaves in the discretion of Member States to decide whether they will extend protection to deceased persons or not. There are countries, which have already provided for such protection, i.e. Denmark.

Thus, arises the legal (and real) issue of the possibility to offer protection or not, but also the legal handling of the large volume of digital data, which constitute the digital heritage of a deceased person.

The most well-known social media platforms have already faced the necessity to solve this issue. More specifically, they have faced the question of what is going to happen to their users’ accounts, who are not alive anymore.

There are two possibilities hitherto, which slightly differ depending on the terms and conditions of each company. On the one hand, there is the possibility to totally erase the account; this possibility is usually given only to close relatives of the deceased person and it is often needed to submit an electronic form and to present some documentary evidence.

On the other hand, platforms like Facebook, Twitter and Instagram, also offer the possibility to change an account to a memorialized account. In this option, the deceased user’s profile is preserved, while some sensitive personal data, such as address and contact information, are removed. Additionally, Facebook in particular deactivates the connection information for these accounts. As a result, if someone wishes to log in an account to have access to the deceased person’s data, he/she will face the message “We cannot share the connection information for a memorialized account. Connecting to a third person’s account violates our policy in any case”.

After all these, someone can easily wonder what happens to the large volume of digital data of a deceased person, which have been gathered for years, and more particularly in the case in which his closest persons wish to get access to them, as in the case of his material and intellectual property. The Federal Court of Karlsruhe, Germany, had to answer this question on 12 July 2012. This decision has no impact on the Greek legal order, but it constitutes one of the first judicial approaches of the impugned issue.

The dispute between the parents of a 15-year old deceased girl and Facebook was brought before the Court, which had to decide on the final instance. The dispute initiated from the fact that after the death of their daughter, the parents, who knew her password – since they were the ones who had created the account under the condition that they would also have access to it- wished to read her conversations on messenger, to see if she committed suicide or not. The account had been amended to a memorialized account – unknown by who- and thus, they could not do so. Therefore, the dispute went into courts.

In the first instance, the family was vindicated. The court of first instance accepted that the legal heirs of a deceased person inherit his/her digital data alongside with the rest of his/her property. This ruling was overturned in the court of second instance, which claimed that lifting the prohibition to access to the digital data of the deceased girl would constitute an excessive interference with the right to confidentiality of communications of the users, who are alive, and were communicating with the girl.

Finally, the Federal Court lined up with the court of first instance, adjudicating that there is no justification for handling the digital data of a deceased person in a different way than the rest of his property, which passes to his/her legal heirs.

The Court decided that the underage girl had concluded a contract of use with Facebook which -due to her death- passes to her parents-heirs. Therefore, her digital data were provided to the parents and the digital heritage was assimilated to the “analogue”. In other words, it was decided that the girl’s account on the social media is one of the property elements which passed to her relatives.

Nonetheless, this decision is only the beginning of the discussion and the legal “landscape” remains vague.

On the one hand, the assimilation of digital heritage to analogue appears to be convincing, particularly if we think that after death there is no prohibition on access to the written communications of a person. On the other hand, the particularity of digital data cannot be dismissed, since in the contemporary age, where technology progresses at a great rate, passing a large volume of digital files to persons other than the initial recipient, puts many rights (i.e. the right to confidentiality of communications, right to protection of personal data, right to privacy) of a vast number of persons under excessive risk. The number of persons under threat is much bigger than the number of persons concerned by some “traditional” communication.

These persons are, of course, the alive “followers-friends” of the deceased. While there is a lack of clear legal provision (in national and european level), it is deemed problematic to request from the judge to decide on permitting the transfer of digital data or not in each case. It is not an exaggeration to fear that decisions with a fundamentally different result will be issued, since these platforms have users all around the globe, in States with absolutely different legislations and legal systems.

The only way seems to be the uniform -as much as this is possible- regulation of the impugned situation, as is always suggested for the problems which arise in the digital age. The only thing that is for sure, is that the conversation has just begun.

*Angelina Vlachou is a lawyer. She holds a Master in Public Law and Political Science from the Aristoteleio University of Thessaloniki. She is a PhD candidate in the Law School of Aristoteleio University.

By Ioannis Ntokos*

The natural and mental characteristics from which we all consist of describe not only our appearance, but also our character, our temperament, our behaviour, as well as the way in which we react to persons and certain situations. Therefore, a person can be described as insightful, athletic, or consistent to his/her obligations depending on what others observe for them.

Our digital self

With the expansion of the Internet and the contemporary technological achievements, these characterizations are not confined in the traditional social environment (such as a school or the family environment of a person).

They also come in the Internet, which, through the use of means such as smartphones, facilitates the collection of a person’s data, which give him a corresponding characterization. Thus, profile creation goes beyond the real world and comes in the electronic environments we all use, influencing our lives in ways we may not understand.

The most common examples

An example of this “invisible” influence is the purchase of plane tickets online. E-shops which sell such tickets create the user’s profile, which consists from the computer brand used for the purchase, among others. The use of an expensive computer (such as Apple) is automatically recorded and the user is charged higher for the ticket; the reason for this is that since he/she owns an expensive computer, he/she can pay a more expensive ticket.

Profile creation in the digital world occurs usually in the following way: an electronic device, through appropriate software and connection to the Internet, collects personal data of its user (with, but sometimes without, his/her consent), which are stored in various means and archived depending on their content.

Youtube recommendations are a classic example. These recommendations are based on the user’s views and his/her behaviour generally in the Internet. Youtube automatically records every video that the user watches and creates the corresponding profile. For instance, Ioannis has watched 70% videos with dogs and 30% videos on football. Depending on the user’s profile, the service promotes to him/her content corresponding to his/her profile. For instance, it would promote more videos with dogs and less football videos to Ioannis.

The one side of the moon

Creation of such profiles can have positive, but also negative consequences, when used to classify someone depending on his/her characteristics (such as discretion, reliability, vitality or his/her music preferences). One of the benefits of this technique is that the created profile can be used to provide him/her with products and services, which really match him. Additionally, the profile makes the use of the platforms and services, which employ it, easier; the user has an electronic identity, which helps him to browse easier on the Internet and to get served based on it. This happens with e-shops, such as Amazon, in which the user receives notifications from the system for products, which are deemed to match his/her profile. In other words, the user is identified based on the information of his profile.

The other side of the moon

However, the creation of profiles by a person might also entail risks. A person’s profile is as accurate as the data taken into account for its creation, as well as the efficiency of the algorithm used. Inaccurate data and inefficient algorithms will create a profile which does not match reality.

The consequences

The consequences of all the above might be very significant for a person. An imprecise profile can lead to the provision and forwarding of unwanted services, products or content; it can also play an important role in the decision-making regarding the person. It is worth thinking of the consequences of the denial of a bank institution to provide a loan, for which a person has applied, based on imprecise data constituting the applicant’s profile. These imprecise data was used to process this application by electronic means.

Of course, the creation of a profile and the potential automated decision-making, does not automatically equate to discriminatory treatment by the profile creator. The discrimination will be equivalent to the precision of the created profile through the collection and processing of a person’s data. This precision is not guaranteed; as we will see in a future article, the correct and accurate processing of personal data, as well as the creation of a pertinent profile by electronic computer systems, are as strong as the impartiality and integrity of the algorithms used.

To sum up, we observe that the main threats arising from such practices are two; firstly, the potential decision-making for the person involved and secondly, the potential inaccuracy of a profile because of a) collection of non-relevant data or b) use of biased algorithms and calculating methods. In any case, the cognizance of the existence and the nature of such practices constitute a first line of defense against their negative consequences.

If the topic of the article interests you, you can learn more information by a reading an academic paper here.

* Ioannis Ntokos holds an LL.M. in Law & Technology. He is based in the Netherlands and works in the protection of personal data and is a defender of it, as well as a defender of digital right in general.

By Alexandra Giannopoulou* and Aimilia Givropoulou

Managing intellectual property on the Internet constitutes one of the most controversial legislative issues in the European Union. In recent years, it has become obvious that the creation of a digital single market requires the creation of a legislative framework, which harmonizes the rules implemented in the Member States.

The first attempt for such a harmonization took place in 2001 with the adoption of the Directive of the European Union for the harmonization of certain aspects of the right of the creator and related rights in the information society. However, this Directive failed in achieving its objective.

From 2001 onwards, technology is rapidly evolving and the lack of contemporary regulations was obvious and necessary. For this reason, with her proposal and report, which was voted in the European Parliament, the Member of the European Parliament Julia Reda, asked the legislators to revise the anachronistic rules of the Directive and proceed with the necessary reformations.

The proposal of the European Commission of 2016 does not only fail in harmonizing the legislations of the Member States, incorporating the requisite reformations, but also provides for more rules, which are threatening the structure and function of the Internet as we know it today, as well as the fundamental right to freedom of expression.

The controversial articles of the Proposal for the Directive

The controversial articles of the text in question are articles 11 and 13. The first one introduces a new exclusive right of the publishers of the Press; the second one creates the obligation of platforms, which store and give access to content, to issue licences for publishing this content by users or prohibit it from being accessible through the introduction of automated filtering algorithms, which will track copyright violations.

There is broad scientific unanimity in the criticism of the controversial articles. Article 11 suggests the introduction of a neighbouring right for the publishers of the Press and can create exclusive rights, even in short excerpts or news titles. Reusing these excerpts will thus require explicit permission by the publisher.

Despite its promising advantages, Article 11 will impede significantly the free flow of information, which is vital to a democratic society. At the same time, the catastrophic consequences of Article 13 for freedom of expression and the ambiguity in the way automated content filters apply justify the citizens’ concern regarding the requirements of the Article.

The legislative procedure and Wednesday’s vote

According to the ordinary legislative procedure in the European Union, subsequently to the proposal by the Commission, the Parliament and the Council of Europe deliberate and after the first reading can suggest amendments to the Commission’s proposal.

In the Parliament, the committee responsible is the Legal Affairs Committee (JURI), which, after having received the opinions of other committees (LIBE, IMCO, ITRE, CULT), finalized and presented its proposal last July; the proposal was rejected by the European Parliament plenary, with a majority of 318 Members of the European Parliament voting against it. As a result, JURI’s proposal could not proceed according to the ordinary procedure in the tripartite meetings between the three legislative organs.

The proposal came back on the table of negotiations of JURI and it was also opened to all Members of the European Parliament, who can submit their own suggestions for the text. The plenary will meet on Wednesday 12 September in Strasbourg to vote the final text, which will constitute the proposal with which the Parliament will join the tripartite meetings. The proposals which will be voted on Wednesday are more than 200.

Actions – How can you influence Wednesday’s vote

Since the Proposal for the Directive was published by the Commission in 2016 until today, many civil society actors, academics and pioneers in the new technologies sector have expressed their objection both to the Commission’s text and the text, which was finally rejected by the plenary in July.

Among the civil society actors is the Non-Governmental Organization European Digital Rights, which focuses on digital rights in Europe, and the European Consumer Organization, BEUC. Additionally, Internet pioneers, such as the creator of the World Wide Web Tim Berners-Lee and the co-founder of Wikipedia Jimmy Wales, as well as organs, like the Special Rapporteur for the promotion and protection of the right to freedom of expression David Kaye, have noted the negative consequences that the initial text of the Commission and the subsequent text by JURI, will have on the structure and function of the Internet.

In Greece, the non-governmental organization EELLAK, is also alert and informs regularly through its website on the latest news.

As already mentioned, the exercise of pressure from the citizens to the distinguished Members of the Parliament did not go unnoticed before July’s vote. With the upcoming elections for the Members of the European Parliament being only 8 months away, the activation of citizens is necessary and useful. Homo Digitalis sent its message to the Greek Members of the European Parliament and many citizens contacted our representatives in the Parliament.

The #SaveYourInternet movement focusing on the erasure of Article 13, offers all the required information and tools to make communication with the Members of the European Parliament easier. The outcome of Wednesday’s vote is still unclear. Participation of the people is important and necessary, since it can influence the final result and raise the legislator’s awareness.

To follow further the news you can follow our posts and the information by shadowy rapporteur Julia Reda. On Twitter, the discussions continue with the hashtags #SaveYourInternet and #FixCopyright.

* Alexandra Giannopoulou holds a PhD in Law from the University of Paris II Panthéon Assas and a lawyer. She works as a researcher in Blockchain and Society Policy Lab, in the Institute for Information Law (IViR) of the University of Amsterdam. She is an associate researcher in Humboldt Institute for Internet and Society (HIIG) in Berlin and in the Institute for Communication Sciences (CNRS-ISCC) in Paris.

* Aimilia Givropoulou is a lawyer holding an LL.M. in the Law of the Internet. She works as Legal Adviser in digital policy issues in the Greens/EFA group in the European Parliament. In the past, she has worked with the Non-Governmental Organization European Digital Rights.

Processing of personal data by the police and other law enforcement authorities

By Lefteris Chelioudakis

General Regulation 2016/679 for the processing of personal data (GDPR) has monopolised interest recently. You may have already read articles by Homo Digitalis on GDPR or have read articles on newspapers, websites, etc.

But what do you know about GDPR’s younger sister, Directive 2016/680? Probably nothing.

EU Directive 2016/680 regulates a very important part of the processing of personal data, which must concern every citizen of a democratic country. The Directive concerns the processing of data by the national law enforcement authorities for the prevention, investigation, tracking or prosecution of crimes or the implementation of criminal sanctions.

Which are these authorities? Greek Police, the Hellenic Coast Guard and the Special Secretary of the Economic Crime Prosecution Authority, which is part of the Ministry of Economics, are some of them. Furthermore, Directive 2016/680 also applies on the activities of the national judiciary.

Regarding the judiciary, the acts and procedures of processing of personal data, which are included in court decisions or archives of criminal procedures, may be further elaborated by every EU Member States through its national legislation on criminal procedure (i.e. the Criminal Procedure Code in Greece).

The same national rules should regulate the implementation of the right to get informed, the right to access, the right to correction, the right to erasure and the right to limit the processing of personal data in the context of a criminal investigation and criminal procedure in the national courts.

Additionally, to safeguard the impartiality of the judiciary, the national monitoring authorities (such as the Authority for the Protection of Personal Data in Greece) do not have jurisdiction upon the processing of personal data when the courts act under their judicial power.

Furthermore, the EU Member States may provide that the national monitoring authorities do not have jurisdiction upon the processing of personal data by other judicial authorities, which act in their judicial power, such as the prosecuting authorities.

It must be noted though that the proper implementation of the Directive 2016/680 by courts and other judicial authorities should always be subject to impartial inspection, according to the EU Charter of Fundamental Rights Article 8, paragraph 3.

So, why is Directive 2016/680 important?

The first reason is that it replaces a very poor legislative framework, Decision 2008/977/ΔΕΥ, which unfortunately has a very limited scope – the transboundary exchange of data between law enforcement authorities of the EU Member States- and did not strike a fair balance between the necessities of law enforcement authorities in the context of their investigations and the rights of the persons involved in these investigations. As a result, the legal values on processing of personal data, were not respected and the rights of the data subjects were significantly weakened.

The second reason is that it constitutes the first step for the residents of the EU area to enjoy an equal level of protection when their personal data are processed by the police and the other law enforcement authorities. For the first time, a legal act regulates in a uniform fashion in the EU the way that the police officer in your neighborhood, the border guards, etc. may process your personal data. Therefore, when incorporated in the Greek legal order, the provisions of Directive 2016/680 must clearly regulate the way in which you will be able to exercise your rights before the police or the other law enforcement authorities.

It is for sure that in relation to the GDPR, your rights and the legal values regarding the processing of your personal data are significantly weaker.

However, there are provisions in which Directive 2016/680 is stricter than the GDPR. For instance, the recordings (Article 25) constitute one of these provisions. Thanks to them, when a police officer searches or shares information on you, your identity, the reason for his act and the precise date and time on which this act occurred must be recorded. Thus, these recorded files may subsequently be used to verify the legality of the processing, as well as the protection of objectivity and the safety of personal data in the context of criminal proceedings. Recordings constitute an extra obligation, which adds to the one of simple filing of the acts of processing (Directive 2016/680, Article 24 and GDPR Article 30).

Caution! Directive 2016/680 does not concern the processing of your personal data by intelligence services of the EU Member States, such as the National Intelligence Service in Greece. This happens because Directive 2016/680 is part of the EU legislation and EU law does not include issues of national security in its scope; these remain on the exclusive legislative discretion of each Member State. In this case, national law must be harmonized with the Council of Europe law and more particularly the European Convention on Human Rights kai the Convention on the protection of natural persons from automated processing of their personal data (“Convention 108”), which includes national intelligence services in its scope.

Directive 2016/680 must be transposed by all Member States in their national legal orders; this transposition is very important for the interpretation of its provision in the national level.

Although Member States should have adopted and published the necessary national legal reforms to comply with this Directive until 6 May 2018, until the day when this article was published, Greece had not adopted any law on the issue. Only Czech Republic, Ireland, Croatia, France, Italy, Austria, Luxembourg, Malta, Portugal, Germany, Lithuania, Sweden, United Kingdom and Slovakia have done so until today.

Homo Digitalis watches closely the procedure regarding the draft law for the Protection of Personal Data to comply with EU Regulation 2016/679 and incorporate EU Directive 2016/680. Thus, when the procedure is completed and the final provisions are voted, Homo Digitalis will inform you on your rights and the obligations of the law enforcement authorities.

What has happened until now?

On the 5th of July, a big win for the freedom of online expression and information was achieved.

Specifically, 318 MEPs (members of the European Parliament) voted against the proposed directive for copyrights in the Digital Market. Therefore, the directive was rejected.

At this point, we would like to remind you that the changes that the directive would cause on copyrights could considerably limit the freedom of expression and information on the Internet.

Those changes had the potential to even change the shape of the Internet as we know it.

What will happen now?

The total of 751 members of the European Parliament will now have the possibility to examine in detail the copyrights reform and submit amendments until the 5th of September.

Subsequently, the initial Proposal alongside with the new recommendations will be introduced in the European Parliament plenary on 12 September for a vote.

What can we do?

The majority of the Greek Parliament Members rejected the proposed directive at the 5th of July.

Thanks to the emails they received and the pressure by Greek voters and other Greek institutions –Homo Digitalis among them– they were informed and sensitized for the protection of the freedom of expression.

We can do the same now! By using the very simple tool that is offered here we can send mass messages to the Greek Parliament Members in order to put pressure on them to propose amendments for the proposed directive in favor of the protection of the freedom of online expression and information.

Let’s not forget that the European elections are not far off (23 and 26 May 2019). The more messages the Parliament Members receive, the more attention they will show for the retention of the Internet as we know it.

Send your message now. It will only take a minute but its impact can literally last for years!

Watch also the very interesting video of the campaign #SaveYourInternet.

By Konstantinos Kakavoulis

Can I express whatever I think or believe anywhere on the Internet? Are there limits in this right?

If you expect that in the end of this article you will read that the limits of online expression range from point A to point B, you will be disappointed. However, if you continue reading until the end, you will realize that there are limits to freedom of online expression and that they are clear.

“It is not an exaggeration to claim that the content of the Internet varies as much as human thought”

These words are part of the landmark decision of the US Supreme Court, Reno vs. American Civil Liberties Union. Based on this thought, the Supreme Court decided that freedom of online expression enjoys the same protection with oral or written speech.

Of course a US Supreme Court decision does not have any impact on the Greek legal order.

Nevertheless, the aforementioned quote of this decision expresses a global truth. Freedom of online expression is not a new right, born with the creation of the Internet.

Freedom of online expression is an aspect of the right to freedom of expression.

Freedom of expression is a universal, but also relevant right. It is protected under the International Covenant on Civil and Political Rights Article 19, the European Convention on Human Rights Article 10 and, as far as Greece is concerned, under Greek Constitution Article 14.

However, freedom of expression is not unlimited. Everyone has the right to express freely his opinion anywhere and at any time, as far as he/she does not violate the rights of others or the public. Therefore, freedom of online expression has limits: respecting the rights of others.

You are now probably thinking: “So, everything that is now on the Internet in the name of freedom of online expression does not violate the right of any third person?

Do racist and sexist comments, existing mainly on social media and as commentary in various sites, not infringe any right? Is bullying or the -so famous recently- fake news protected under freedom of online expression?

The answer is clear: NO

While racist comments are easily conceived by everyone, it is not equally easy to understand the fakeness of some news on the first sight. Therefore, there must be someone to decide on this, as well as on whether this news is protected under freedom of expression.

The only one who could do so with significant chances of success is the judge. However, it is not possible to expect from the judges to decide if everything that appears every day on the Internet is protected under freedom of expression.

The content production rate on the Internet is excessively bigger than the one that the highly-skilled and properly-educated judiciary can follow. Judges should definitely decide on the most important cases.

But who will check the limits of freedom of online expression on the rest of the cases?

The big Internet corporations (such as Facebook, Twitter, Microsoft, Apple, Google, etc.) have developed algorithms to track and erase content, which violates the rights of other users of rights of the public.

These algorithms have been very effective in regards to tracking and erasure of racist or sexist content, using computer vision to recognize photos which depict such content. They have also achieved in restricting bullying or hate speech.

The counterargument in such cases is that these companies establish in this way the right to freely censor content; this is a realistic risk.

What should be done in these cases is striking a fair balance between the right to privacy, freedom of expression, the right to conduct business, the right to a fair trial, as well as the necessity to combat hate speech, racist, sexist, false and any other form of bad speech.

Such a balance should be made on a case-by-case scenario and should not be done in a general fashion. It is obvious that this is far from being easy.

What we should all understand is that the Internet offers us unlimited opportunities. Under no circumstances does the right to violate the rights of other persons “because we enjoy freedom of expression” belongs to these opportunities.

 In the words of Nelson Mandela:

“To live free does not mean to live without chains, but to live and behave in a way which respects and endorses the freedoms of others”.

Freedom of expression is not protected solely in the name of legality. It is mainly protected to protect the values expressed in a society.

The first and most important thing we should learn is that freedom of online is expression is not absolute. It has limits; and it is not only my freedom of online expression or yours that has limits.

There are limits to the freedom of online expression for all Internet users. This happens because without limits, it will cease to exist; not only freedom of online expression, but also the Internet as we know it. And this is something that -I at least- have not met anyone who wants it.