master_admin

His title merely impresses:  “Senior Director Government Affairs EMEA and APJ, Global CIP and Privacy Advisor” for Symantec, a leader company in the Cybersecurity sector.

In other words, Mr Ilias Chantzos is the person responsible for the intergovernmental relations of Symantec for almost every state of the globe (apart from America), regarding Cybersecurity and data protection issues. Symantec, is one of the leading companies of Cyber Security software worldwide, with hundreds of millions users.

After all, who is not familiar with ‘Norton Internet Security’, Symantec’s most popular and No 1 product for customer protection?

Our first contact was at Data Privacy & Protection Conference where he vividly presented the topic of security breaches and the notification of such breaches. We kindly asked him to share his views on the contemporary developments on the sector as well as the role of NGOs. Despite his busy schedule, he ardently accepted our invitation. We thank him thus, for this extremely interesting interview.

In Greece, entire generations have been brought up in the framework of ‘Rightsism’ and ‘politically correctness’ Τhe crisis we experience is both economical as well as moral.

– HD:The implementation of GDPR and NIS renders Europe as a pioneer in the creation of an integrated, prescriptive setting for Cybersecurity and data protection. What are the next steps?

IC: Initially, the first step is the full implementation of GDPR. And this will become viable through the adaptation of individual rules, such as the guidelines set by the European Data Protection Board (EBPB), the imposition of fines functioning as impediments to the non abidant organisations and through solving issues arising from data transmission, especially to America. The latter acting as a sticking point to mutual interests of great, private companies.Then, adequacy decision with other countries, such as Korea will follow, which will eventually create a great secure flow space and, of course, the final decisions regarding e-privacy Regulation.

-HD: On that occasion, let me ask you about the efforts and the enormous funds that are allegedly spent within lobbying settings from giants in the technology sector such as Google and Apple on favorable e-privacy conformation towards them. 

ΙC: Well, isn’t it reasonable for the companies to be interested about rules that concern and directly regulate them? The industry’s interests are not common, rather than different and dissenter. If, for example, a regulatory context  is favorable for company X, the same context will be less favorable for company Y which operates in a similar but not the same sector. The same happens with e-privacy.

Companies are ‘fighting’ each other because their interests are not common. Ιn Greece there is neither the conscience nor the full picture of the entrepreneurship interest due to the demonising of profit and entrepreneurship that emerges from the past’s ideological stiffness. We should not face the industry as a caricature of a bad capitalist, but realistically through the prism of complicated relations and existing interests. Τhis is the only way that bodies will perform correctly. Let’s give an example that everyone in Greece will easily understand. The legislature regarding dual tanks in sea-going tankers is supposed to protect the environment from oil leaks. This type of legislature is supported by environmental NGOs and shipyards (an industry that mostly pollutes. . . Can you spot the paradox already?) because it can be translated into brand new orders. Ιt will be supported by the coastal states of European Union but it is not useful to Greece (which has the greatest coastline and tremendous tourism), which has mostly sea-going shipping since it augments its costs while having zero income from its shipping.

Can you spot how many contradictions there are in one simple example and we haven’t even discussed about local communities that have suffered sea contamination and the tourism industry.

-HD: You mentioned fine imposition earlier. Recently, we watched huge companies such as Google, British Airways and Marriott being imposed tremendous fines leaving everyone believing that no one is immune within the Cybersecurity and protection of privacy sector. Thus, if the ultimate protection and secure processing of personal data is impossible, then what is at stake here? Why all this is happening?

IC: In the companies that you mentioned, fines were imposed for different reasons. Regarding the Google case, fines were imposed for lawfulness of data processing , and more specifically their collection and processing, whereas in Marriott and British Airlines cases fines were imposed due to restricted data protection measures. There is no absolute security to anything in life, the same stands for security. The authorities though, did evaluate that those companies should have protected data much more attentively. Unfortunately, that was not applied this way and this is the reason that fines were imposed, indicating that privacy protection is a top priority.

-HD: In Greece, why do you believe that fines are not equally high?

IC:There are many factors implicated.Up to date greek companies invested in highly essentials. In state of economic crisis you do what is necessary to ensure smooth operation. Current fines are calling for the national companies which want to sell products and services abroad to answer a critical question that every foreign client will ask: “ Can you protect my personal data effectively? ”. Ι understand that small and medium sized enterprises comprehend security mainly as a cost. It is like car insurance which you may never use.

Nevertheless, security can become a competitive advantage. Even if we are kind of left behind, middle sized enterprise should keep up and improve its products and services quality. Quality will make you competitive. I understand that this quality might increase your cost but you belong in the European Union. You have to play according to these rules!

-HD: How do you perceive the NGOs role in this sector? What would you advise an organisation such as Homo Digitalis in order to make their action more effective?

Do not act as ‘rightsists’. In Greece, entire generations have been brought up in the framework of ‘Rightsism’ and ‘politically correctness’ Τhe crisis we experience is both economical as well as moral.This, of course, does not mean we have to stop fighting for our rights. We ought though, with every enquiry that we make to be well informed of its losses and its gains.Which are the consequences of our choices. Not blindly ask just because we can.

It’s the so called ‘occassional cost’. Namely, you should be informed as far as possible which are the other options, that you rejected, before the finally chosen. It is not possible, for example, based on the current business model, to ask for free internet without accepting advertisements (it should be noted that I do not like them).

You don’t like advertisements? No problem, can you afford to pay for the service you receive or to ensure the share of privacy you want? Ιt’s not enough to ask. You also have obligations. Unfortunately, we are victims of the trend “I need X at all costs”, without having thought what we lose or what we accept. It is indicator of maturity and resistance to populism to be able to distinguish easy rightsism from the one that is really in our interest. This is the biggest challenge in my opinion for all NGOs.

Written by Anastasia Karagianni*

One year after the entry into force of the General Regulation on the Protection of the Personal Data of the European Union.

Some may argue that the adoption of the new regulation has contributed to the effective protection of children’s rights in the digital environment, as parental consent is required for the collection, storage, processing and dissemination of the children’s personal data in order to be able to take part in the information society.

On the other hand, others can argue that the Regulation has indeed laid some groundwork for child protection in the digital world.

However, the challenges are still many and the path for the effective enforcement and protection of the children’s rights in the digital world is long.

Firstly, one of the fundamental rights of the child, that is in need of protection in the digital environment is the right to take part in the decision and the right to be heard and to take into account the child’s opinion in the decision making process. Children, even though they are active on the Internet and in general in the digital environment, are not able to participate in the decision-making process. In other words, the child is not given the opportunity to express his / her views, desires and experiences before making the political decisions that will significantly affect his / her life.

For example, Eurochild organizes and manages an annual conference for children aged 11-16, which represents each EU Member State, and expresses its views on specific issues that are being raised.

Thus, children interact with each other, as well as with specialists and politicians who, while not taking part in the council, their opinions are taken into account in the decision making process.

Unicef also sets up meetings and seminars, in which children can participate and interact with each other as well as with Unicef specialists. The material resulting from these meetings is used by Unicef in the political decision-making process.

Exercising the right of participation does not necessarily mean securing a seat, a “chair”, at the political conference. On the contrary, it means strengthening the active role of the child in issues that concern him/her and, consequently, his/her digital social responsibility in the democratic society.

The participation of children in political decisions also determines the degree of participation efficiently. Policy makers have to consult children, and to be genuinely willing to interact with them and actually listen carefully to their opinions.

The parent or the custodian” has to listen “to the child’s social and psychological needs in order to train/educate him/her properly.

In this way, the establishment of a friendly and open culture for interaction with the children enhances the reduction of digital literacy. More specifically, digital literacy is not only the learning of technical knowledge, but also the proper use of these skills. The parent or parental carer/custodian should listen to the child’s social and psychological needs in order to train/educate him/her properly. For example, if a child uses a fitness or weight loss application that needs biometric data, they should inform the child about the risks of violating their personal data handled by this application. Digital literacy, therefore, is not just information but also useful information.

Many times, due to limited access to information and lack of technical equipment or limited access to the Internet, discriminatory behavior in the digital world, such as racist, xenophobic, homophobic and sexist events, appears.

For this reason, equal opportunities for access to digital literacy, the implementation of training/educating programs and the increase of resources for all children, for every minority group and vulnerability to access to the necessary tools and equipment contributes to the enhancement of the digital literacy.

However, it should be noted that adults, parents and parental carers also need to be trained and educated in order to familiarize themselves with the digital space and the challenges it poses.

Speaking of familiarity and parents, of course, we could refer to the role of parents and parental carers. In particular, it is important for parents to overcome the ideology of ‘protectionism’, over-reaction and one-dimensional decision-making, in essence protecting the best interests of the child, thus, leading to the fulfillment of their primary role as parents and parental carers.

Parents and guardians are called upon to meet the child’s physical, mental, spiritual and social needs by actually listening to his needs and desires.

Children have now grown up within the digital age. They are citizens of the internet and parents are also required to act under the parental care.

For this reason, parents and guardians should adapt to the digital environment, be aware of the dangers they face by asking for support from the state and civil society.

Parents and legal guardians should familiarize children with the concept of privacy and personal data from an early age and control their inexorable exposure to social media.

Of course, as long as the parents or guardians have to be attentive to the dangers of the internet, so careful they must be with their own digital behavior, for example with photos and children’s information they publish on social media and in general on the Internet. This also means that parents and parents should familiarize children with the concept of privacy and personal data from an early age and control their inexplicable exposure to social media. Only in this way can the child be protected in the digital environment.

To summarize, both the states and the private sector, marketing and advertising companies should consider children as rights holders, restrict manipulation and exploitation practices and violations of their privacy and rights.

On the other hand, children should be aware of and understand the regular and misleading forms of digital marketing in order to develop critical thinking and protect their rights as consumers.

Recognizing children as subjects of digital rights significantly determines the recognition and protection of their rights as digital workers, digital citizens, digital students, digital consumers, digital patients, digital librarians or defendants.

The regulation of an appropriate legal framework for children’s digital rights is essential for the holistic and effective protection of children’s rights.

Learn more about Homo Digitalis’s actions at the schools of the Evangelical School of Nea Smyrna here and at the Greek-French School of Piraeus “Saint Paul” here.

* Anastasia Karayanni is a lawyer with a specialization in the digital rights of children. She is a member of Homo Digitalis and co-founder of ChildAct, which aims to protect children’s digital rights. On November 8, 2018 he represented Homo Digitalis at a meeting on “Facebook and other social risks”, which took place in the European Parliament.

Written by Konstantinos Kakavoulis

At the end of May, the Belgian Authority for the Protection of Personal Data [“L’Autorité de protection des données” (APD)] imposed a fine for violating the provisions of the General Data Protection Regulation (“GDPR”) for the first time.

You want probably to stop reading this article. If you hear the amount of the fine, you will probably stop immediately: just 2.000 euros.

However, this decision is very interesting. That’s because the Belgian Personal Data Protection Authority imposed this fine on a mayor!

The mayor had sent 2 emails to two city residents about his campaign. The two citizens had sent firstly e-mail to the mayor, in which they analyzed their idea of a project in their city. The mayor one day before the local elections responded to the emails of the two citizens by sending them his political campaign.

The Belgian Authority considered that the use of the e-mail addresses of the two citizens was abusive and imposed a fine.

“Public officials are the first to comply with the law. A mayor is expected and must know the legislation and comply with it.”

As noted by Hielke Hijmans, the President of the Belgian Authority, “the use of personal data by politicians for electoral purposes is an important issue for citizens. Public servants are the first to comply with the law. A mayor is expected and must know the legislation and comply with it. “

Personal data “are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes” (Article 5 (b) GDPR).

In this case, the mayor had received the email addresses of the two citizens for a very specific purpose. But he chose to use them for a completely different purpose. This behavior is a violation of the GDPR. Indeed, it is particularly interesting that the Belgian Authority has focused its attention on the provisions of the GDPR and not on national legislation on electronic communications.

So what did the Belgian authorities say with this decision?

That privacy is everyone’s responsibility!

The obligation to protect and correctly process personal data is not only for companies and organizations. Public servants and public officials also have a serious responsibility. They must realize that personal data that they have gathered in the exercise of public authority can not in any way be used for personal gain.

Clearly, we already knew from the scope of the GDPR that public officials also have to comply with the rules. However, this is the first time that a national authority enforces it in practice.

As the national elections are approaching at our country and we still have memories of pre-electoral messages from candidates in the municipal elections and the European elections, we expect to see if the candidates will take into account the personal data of the citizens as a worth-protecting element.

In any case, if you feel that your personal data are being violated by candidates in the upcoming elections, you can file a direct and free complaint with the Greek Data Protection Authority. In fact, the Greek Authority has recently published its decision on a similar case in which it imposed a fine of 2,000 euros to a candidate for a Member of the European Parliament.