Homo Digitalis participates in the Working Party of CEPS on Artificial Intelligence and Cybersecurity
Our organisation has the great pleasure and honour to be invited to participate in the Working Party of Centre for European Policy Studies (CEPS) on Artificial Intelligence and Cybersecurity. CEPS is a well known think tank with a great amount of research activity and impact on issues related to European Union.
The Working Party will hold its first meeting on 10 September 2019 in Brussels, while 4 more meetings will follow in the upcoming months. Its work will be completed with the publication of a study during the first months of 2020.
Members of the Scientific Council of the Working Party are:
-Joanna Bryson, tenured Associate Professor, University of Bath
-Jean-Marc Rickli, Head of Global Risk and Resilience, Geneva Centre or Security Policy (GCSP)
-Marc Ph. Stoecklin, Principal Research Scientist and Manager of Cognitive Cybersecurity Intelligence (CCSI) group, IBM T.J. Watson Research Center
-Mariarosaria Taddeo, Assistant Professor, Oxford Internet Institute, University of Oxford
We would like to thank the Head of the Working Party Mr. Lorenzo Pupillo and its Rapporteur Mr. Stefano Fnatin for such a gentle invitation. Our organisation will be represented by Mr. Lefteris Helioudakis.
You can learn more about the Working Party and its program of activities here.
Homo Digitalis in Netweek journal
In the newest Netweek issue, Homo Digitalis’s Stefanos Vitoratos gives an interview on the recent draft legislation relating to personal data implementing GDPR, which was adopted on the 26th of August 2019 by the Greek Parliament. Netweek is the monthly business journal of the modern Information Society.
The said draft law is quite carelessly drafted and Mr. S. Vitoratos points out many adverse effects that could be arisen by both the Greek State and Greek citizens.
You can find and read the interview in electronic format here (in Greek).
Statements from Homo Digitalis in the French newspaper Libération
The French newspaper Libération featured statements from our member Eleftherios Chelioudakis regarding the implementation of the iBorderCtrl research program in Greece
How to strengthen the protection of children's rights in the digital environment?
Written by Anastasia Karagianni*
One year after the entry into force of the General Regulation on the Protection of the Personal Data of the European Union.
Some may argue that the adoption of the new regulation has contributed to the effective protection of children’s rights in the digital environment, as parental consent is required for the collection, storage, processing and dissemination of the children’s personal data in order to be able to take part in the information society.
On the other hand, others can argue that the Regulation has indeed laid some groundwork for child protection in the digital world.
However, the challenges are still many and the path for the effective enforcement and protection of the children’s rights in the digital world is long.
Firstly, one of the fundamental rights of the child, that is in need of protection in the digital environment is the right to take part in the decision and the right to be heard and to take into account the child’s opinion in the decision making process. Children, even though they are active on the Internet and in general in the digital environment, are not able to participate in the decision-making process. In other words, the child is not given the opportunity to express his / her views, desires and experiences before making the political decisions that will significantly affect his / her life.
For example, Eurochild organizes and manages an annual conference for children aged 11-16, which represents each EU Member State, and expresses its views on specific issues that are being raised.
Thus, children interact with each other, as well as with specialists and politicians who, while not taking part in the council, their opinions are taken into account in the decision making process.
Unicef also sets up meetings and seminars, in which children can participate and interact with each other as well as with Unicef specialists. The material resulting from these meetings is used by Unicef in the political decision-making process.
Exercising the right of participation does not necessarily mean securing a seat, a “chair”, at the political conference. On the contrary, it means strengthening the active role of the child in issues that concern him/her and, consequently, his/her digital social responsibility in the democratic society.
The participation of children in political decisions also determines the degree of participation efficiently. Policy makers have to consult children, and to be genuinely willing to interact with them and actually listen carefully to their opinions.
The parent or the custodian” has to listen “to the child’s social and psychological needs in order to train/educate him/her properly.
In this way, the establishment of a friendly and open culture for interaction with the children enhances the reduction of digital literacy. More specifically, digital literacy is not only the learning of technical knowledge, but also the proper use of these skills. The parent or parental carer/custodian should listen to the child’s social and psychological needs in order to train/educate him/her properly. For example, if a child uses a fitness or weight loss application that needs biometric data, they should inform the child about the risks of violating their personal data handled by this application. Digital literacy, therefore, is not just information but also useful information.
Many times, due to limited access to information and lack of technical equipment or limited access to the Internet, discriminatory behavior in the digital world, such as racist, xenophobic, homophobic and sexist events, appears.
For this reason, equal opportunities for access to digital literacy, the implementation of training/educating programs and the increase of resources for all children, for every minority group and vulnerability to access to the necessary tools and equipment contributes to the enhancement of the digital literacy.
However, it should be noted that adults, parents and parental carers also need to be trained and educated in order to familiarize themselves with the digital space and the challenges it poses.
Speaking of familiarity and parents, of course, we could refer to the role of parents and parental carers. In particular, it is important for parents to overcome the ideology of ‘protectionism’, over-reaction and one-dimensional decision-making, in essence protecting the best interests of the child, thus, leading to the fulfillment of their primary role as parents and parental carers.
Parents and guardians are called upon to meet the child’s physical, mental, spiritual and social needs by actually listening to his needs and desires.
Children have now grown up within the digital age. They are citizens of the internet and parents are also required to act under the parental care.
For this reason, parents and guardians should adapt to the digital environment, be aware of the dangers they face by asking for support from the state and civil society.
Parents and legal guardians should familiarize children with the concept of privacy and personal data from an early age and control their inexorable exposure to social media.
Of course, as long as the parents or guardians have to be attentive to the dangers of the internet, so careful they must be with their own digital behavior, for example with photos and children’s information they publish on social media and in general on the Internet. This also means that parents and parents should familiarize children with the concept of privacy and personal data from an early age and control their inexplicable exposure to social media. Only in this way can the child be protected in the digital environment.
To summarize, both the states and the private sector, marketing and advertising companies should consider children as rights holders, restrict manipulation and exploitation practices and violations of their privacy and rights.
On the other hand, children should be aware of and understand the regular and misleading forms of digital marketing in order to develop critical thinking and protect their rights as consumers.
Recognizing children as subjects of digital rights significantly determines the recognition and protection of their rights as digital workers, digital citizens, digital students, digital consumers, digital patients, digital librarians or defendants.
The regulation of an appropriate legal framework for children’s digital rights is essential for the holistic and effective protection of children’s rights.
Learn more about Homo Digitalis’s actions at the schools of the Evangelical School of Nea Smyrna here and at the Greek-French School of Piraeus “Saint Paul” here.
* Anastasia Karayanni is a lawyer with a specialization in the digital rights of children. She is a member of Homo Digitalis and co-founder of ChildAct, which aims to protect children’s digital rights. On November 8, 2018 he represented Homo Digitalis at a meeting on “Facebook and other social risks”, which took place in the European Parliament.
Schrems II Case before the CJEU
On Tuesday, 9 and Wednesday 10 of July 2019, a very important case for the protection of personal data was heard before the Grand Chamber of the European Court of Justice in Luxembourg.
The case is known as “Schrems II”, having received the name of plaintiff Max Schrems. Max Schrems is the founder of one of Europe’s largest digital rights organizations, NOYB-European Center for Digital Rights, based in Vienna, Austria. This is not the first time a case is heard by the European Court of Justice with Mr Schrems. In the case of Schrems I (C-362/14), the Court of Justice found that the US Safe Harbor Transfers of Personal Data did not provide an adequate level of security. Consequently, data transfers under this regime was illegal.
In response to this decision, the European Commission, in cooperation with the US government, has created a new framework for data transfer between the EU and the US. This box was called “Privacy Shield”.
Mr Schrems again turned against the Privacy Shield, arguing that this also does not provide a sufficient level of security for personal data transferred between the EU and the US.
Mr. Schrems makes statements to the media after the end of the case’s hearing
What are the main points of the case?
– Does the case concern all data transfers between the EU and the US? No, it only concerns data transfers subject to “mass monitoring”. In most cases, there are simple ways to avoid mass surveillance and many productive sectors (banking, aviation, commerce) are not subject to such legislative framework. Mr Schrems’ complaint is related exclusively to Facebook, which, according to the documents published by Edward Snowden in 2013, contributes to the mass surveillance carried out by the US NSA, based on the PRISM program.
– Are all data transfers in the US problematic? No. Both US and EU law make it clear that there is a significant difference between the necessary transfers and unnecessary transfers, which are done for business purposes only (outsourcing).
– What does this mean? Can we continue sending emails to the US or buying air tickets? Of course! Article 49 of the General Data Protection Regulation (GDPR) provides for “exemptions” which allow all data transfers, for example, if they are necessary for the performance of a contract or if the user has explicitly consented to the transfer.
For example, an email must be sent to the US if the recipient is there but it is not necessary to send emails via the US if both the sender and the recipient are located in the EU simply because the server is in the US.
– So what kind of transfers should be stopped? Basically, the outsourcing should be ceased if such processing takes place in the EU or in other countries that provide a high level of protection for personal data.
Background of the case
The case focuses on a complaint by Max Schrems, a lawyer specialised in personal data protection against Facebook in 2013. Six years ago, Edward Snowden revealed that Facebook allows US intelligence services to access Europeans’ personal data under surveillance programs such as PRISM. The complaint seeks to stop EU-US Facebook data transfers.
So far, the Irish Data Protection Commissioner has not taken any concrete steps to stop these transfers.
First refusal and decision of the European Court of Justice on Safe Harbor
The case was first dismissed by the Irish Data Protection Commissioner (DPC) in 2013, then subjected to judicial review in Ireland and referred to the Court of Justice of the European Union. The CJEU ruled in 2015 that the so-called Safe Harbor agreement allowing the transfer of EU-US data was void and that the Irish Commissioner had to investigate the case, which he had initially refused.
Information on the use of “standard contractual clauses”
Surprisingly, the Irish Commissioner informed Mr Schrems in late 2015 that Facebook has in fact never been based on the Safe Harbor agreement which was canceled but was already based in 2013 on “standard contractual clauses” (another data transfer mechanism from EU to the US). This development made the first CJEU’s decision irrelevant to the case.
Second research and education
Mr Schrems adapted his complaint to the transfers made under “standard contractual clauses” and called for the termination of data transfers to Facebook USA, based on the argument that the company gives access to data to the US NSA. The Irish Commissioner’s investigation lasted only two months: from December 2015 to spring 2016.
Instead of deciding on the complaint, the Commissioner filed a lawsuit against Facebook and Mr Schrems (both now charged) at the Irish Supreme Court in 2016, in order to put further questions to the CJEU. After more than six weeks of hearings mainly held in 2017, the Irish Supreme Court found that the US government is dealing with the “mass processing” of European citizens’ personal data and has submitted eleven questions to the CJEU for the second time in 2018. The CJEU is now called upon to answer these questions.
Next steps
The CJEU reported the case in case C-311/18 and a second hearing was held on 9 and 10 July 2019 – about six years after the filing of the original complaint. The decision is expected to be issued before the end of the year. Following the CJEU’s decision, the Irish Commissioner will eventually have to decide on Mr Schrems’s complaint. The decision can again be contested by Facebook or Mr. Schrems.
Homo Digitalis is particularly happy, as Ms. Mariliza Baka, a member of our organization and trainee lawyer at noyb, is currently in the European Court of Justice in Luxembourg and is attending the case.
We will provide you with news on this important case.
The noyb team at the Court of Justice of the European Union. First from the right is Ms. Mariliza Baka
Homo Digitalis at European Commission’s 1st Alliance Assembly for Artificial Intelligence
On Wednesday 26 June 2019, Homo Digitalis had the great honor and pleasure to participate in European Commission’s first AI Alliance Assembly in Brussels.
The Alliance enables actors from the world over to interact with the European Commission’s High Level Expert Group on AI, to comment on the deliverables of this group and to engage in educational and social events throughout Europe.
Our organization has been a member of the Alliance since its early days in June 2018.
During the event, the launch of the Piloting Process of the Expert Group’s Artificial Intelligence Guidelines was announced, while its new deliverable, “Policy and Investment Recommendations for trustworthy Artificial Intelligence” was published.
Our organization recognizes the contribution of these deliverables for the development of the systems that use technologies that are part of the broad and vague term of “Artificial Intelligence”. However, we seek the immediate resolution of the issues arising from the use of such systems in favor of the Rights and Freedoms of EU residents through concrete actions and implementation of legislative measures.
You can learn more about the event and watch videos recorded in the event here.
Homo Digitalis on PARAPOLITICA 90,1 FM radio
On June 26 2019, Homo Digitalis’s Katerina Pouliou, had an interview on PARAPOLITICA 90,1 FM radio with the journalist G. Houdalakis from “Noris” (Early) radio broadcast and discussed the currently interesting issues arisen from elections and the processing of personal data!
You can now listen to the interview on our YouTube channel here (in Greek).
The GDPR is applicable to all
Written by Konstantinos Kakavoulis
At the end of May, the Belgian Authority for the Protection of Personal Data [“L’Autorité de protection des données” (APD)] imposed a fine for violating the provisions of the General Data Protection Regulation (“GDPR”) for the first time.
You want probably to stop reading this article. If you hear the amount of the fine, you will probably stop immediately: just 2.000 euros.
However, this decision is very interesting. That’s because the Belgian Personal Data Protection Authority imposed this fine on a mayor!
The mayor had sent 2 emails to two city residents about his campaign. The two citizens had sent firstly e-mail to the mayor, in which they analyzed their idea of a project in their city. The mayor one day before the local elections responded to the emails of the two citizens by sending them his political campaign.
The Belgian Authority considered that the use of the e-mail addresses of the two citizens was abusive and imposed a fine.
“Public officials are the first to comply with the law. A mayor is expected and must know the legislation and comply with it.”
As noted by Hielke Hijmans, the President of the Belgian Authority, “the use of personal data by politicians for electoral purposes is an important issue for citizens. Public servants are the first to comply with the law. A mayor is expected and must know the legislation and comply with it. “
Personal data “are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes” (Article 5 (b) GDPR).
In this case, the mayor had received the email addresses of the two citizens for a very specific purpose. But he chose to use them for a completely different purpose. This behavior is a violation of the GDPR. Indeed, it is particularly interesting that the Belgian Authority has focused its attention on the provisions of the GDPR and not on national legislation on electronic communications.
So what did the Belgian authorities say with this decision?
That privacy is everyone’s responsibility!
The obligation to protect and correctly process personal data is not only for companies and organizations. Public servants and public officials also have a serious responsibility. They must realize that personal data that they have gathered in the exercise of public authority can not in any way be used for personal gain.
Clearly, we already knew from the scope of the GDPR that public officials also have to comply with the rules. However, this is the first time that a national authority enforces it in practice.
As the national elections are approaching at our country and we still have memories of pre-electoral messages from candidates in the municipal elections and the European elections, we expect to see if the candidates will take into account the personal data of the citizens as a worth-protecting element.
In any case, if you feel that your personal data are being violated by candidates in the upcoming elections, you can file a direct and free complaint with the Greek Data Protection Authority. In fact, the Greek Authority has recently published its decision on a similar case in which it imposed a fine of 2,000 euros to a candidate for a Member of the European Parliament.
Homo Digitalis at the 4th Data Privacy & Protection Conference
On the 25th of June 2019, Homo Digitalis had the great pleasure to participate as a scientific partner at the 4th Data Privacy & Protection Conference.
One year after the enforcement of GDPR at national and European level, the 4th Data Privacy & Protection Conference noted the changes and new rules that have emerged.
Homo Digitalis participated both as member of the conference organizing committee and as speaker. Our organization’s Vice-President, Mr. Stefanos Vitoratos represented it, who analyzed the protection of personal data as a form of social corporate responsibility and as leverage to boost the reputation and businesses’ profits.
Mr. Stefanos Vitoratos during his speech at the 4th Data Privacy & Protection Conference
More than 40 reputable speakers from Greece and abroad participated in the conference and exchanged significant experiences of how to exploit the power of data through responsible use, economic growth and social benefits.
It was a great honor for Homo Digitalis to be among the most respected professionals and academics who are involved in the field of privacy and the protection of personal data.
The following members of our organization attended the conference: Ms. Elpida Vamvaka, Mr. Konstantinos Kavavoulis, Mr. Emmanouil Mandrakis, Ms. Maria-Alexandra Papoutsi, Mr. Emmanouil Tzivieris, Mr. Vassilis Vassilopoulos, Ms. Athena Mavridou, Mr. Michalis Drakoulakis and Mr. Dimitris Patsos.
We would like to thank Ms. Stella Tsitsoula and Boussias Communications for the excellent co-organization!