Hate Speech and children: an online conflict in the social network era

By Anastasia Karagianni*

Social media platforms offer to everyone the opportunity to connect and express freely their opinion and stay informed. In this way, information flows continuously, as it should be. Information though sometimes can be dangerous. The commonly said Hate Speech, according to the European legislation, could be defined as “every form of expression that disseminates, actuates, promotes or justifies racism, xenophobia, anti-semitism and other forms of hate that are based on intolerance, including the one that is expressed through the excessive nationalism and ethnocentrism, the discrimination and hostility towards minorities and the immigrants”.

A context that can define a hate speech action could be based on the character and the popularity of the speaker, the audience’s emotional situation, the content of the action itself as instigation of hatred, the social frame in which the action is manifested and the manners used for its dissemination, including the adopted language. The European Union Council Framework Decision 2008/913/JHA, issued on 28th of November 2008 concerning the elimination of racism, xenophobia and their interaction with the freedom of speech, according to which the national cooperation between the member countries is performed, mostly in article 1 paragraph 1, article 3 and article 4, played a decisive role in hate speech confrontation.

However, a conflict between human rights in the context of hate speech emerges sometimes. Specifically, according to the special regime for children’s protection, which is established in Europe Union, the article 2 of United Nation Convention on the Rights of Children about the welfare of the children is opposed to the article 13 about freedom of information. Thus the freedom of expression and speech seem to conflict with the protective measures will confine children’s access to some activities not the internet. Despite this conflict, children’s protection and the freedom of speech converge at the necessity for protection of the fundamental human rights, which are based on the fundamental values of human autonomy and dignity.

For the purpose of addressing hate speech on the internet, the European Commission agreed with Facebook, Microsoft, Twitter and Youtube on May 2016 and later on 2018 with Instagram, Google, Snapchat and Dailymotion on the adoption of a Code of Conduct, in order for these platforms to offer the opportunity for users to report hate speech incidents, by enforcing social support and coordination with the national authorities. They also agreed to submit users’ notifications according to the European and national legislation regarding hate speech and they committed themselves to extract, if necessary, the notifications assessed against the law.

Nevertheless, different risks possibly need different measures. Sonia Livingstone observes a distinction between the risks for children’s protection, detecting four types of risks: the commercial, the risk of attack or violence against children, risk of sexual abuse, exploitation etc against them and the risks that affect values, as hate speech. These risks are further distinguished according to children’s susceptibility to them: as recipients, as participants and as offenders. Both distinctions highlight the importance of a child-friendly policy making.

Such a policy is detected in articles 6 and 8 of the New Regulation on the Protection of Personal Data (GDPR), as in its Preamble 58. In more detail, in articles 6 and 8 GDPR, the Commission introduces paternal consent or consent from those with the parental responsibility as a way to legitimise the processing of children’s personal data on the internet. The age of 13 is the limit, which dictates if the processing of children’s personal data will be subject to less legal restrictions.

In practice, in this way, children are divided in two age groups: children who are able to give their consent in processing their personal data between 13-16 years of age, and the children who are dependent on paternal consent for their behaviour on the Internet, between 0 to 3 years. The establishment of such a strict line is in conflict with the stages of children’s physical and social development. In further, the paternal consent must be addressed each time from a legal standpoint, whether the proposed measure, in the present case, is proportional and if it reconciles with the framework of human rights.

Paternal consent is opposed, in some cases, with the children’s right to participate in the decision-making process relating to them, a right protected in the United Nations Convention on the Rights of the Child and also safeguarded in the European Union and its Member States. The child’s right to freedom of expression and to private life could be undermined in case that children’s access to information will be restricted and depended on parents. Furthermore, the scope of their right to privacy is shrinking, as parents will have to interfere in children’s privacy to make the corresponding decisions, for example the profile creation in social media. Accordingly, it is observed that paternal consent, occasionally infringes the fundamental principles of human right’s law established by the Convention.

Even so, the role of parents is undoubtedly important and determining for the protection of the child. Despite the fact that they are “children of the digital age”, they don’t have complete digital skills. According to a recent study of EU Kids Online, even though 43% of the children believe that they know more for the internet than their parents, they do not possess digital skills, such the blocking of an unwanted communication, the change of privacy settings in social media and the critical assessment of the information they have access to.

To sum up, social media platforms are among the most important players in the online marketplace. Their business model is based on the processing of users’ personal data. A huge and active part of them is children, which are dependent on the presence of these large companies in their everyday life and develop a strong consuming relation with them. The existence of these Codes of Conduct is really important, as it adds to the existing legal provisions and offers a high level of safety. Equally important is the use of social media for the children’s personal and social development. Thus, a fair balance must be found between freedom of expression and children’s protection.

* Anastasia Karagianni is a lawyer, specialising in children’s digital rights. She is a member of Homo Digitalis and co-creator of ChildAct with the aim of protecting children’s digital rights. On the 8th of November she represented Homo Digitalis in the session on “Facebook and other social risks”, which took place in the European Parliament.


Homo Digitalis in the European Parliament

On the 8th of November a conference on “Facebook and other social dangers” took place in the European Parliament. The conference was held by the parliamentary committee of the Greek member of the European Parliament, Mr. Stelios Kouloglou. Homo Digitalis was invited by Mr. Kouloglou and was represented by Anastasia Karagianni.*

The presentation by Homo Digitalis focused on hate speech and child protection on the Internet.

Specifically, in the first place we developed the definition of the hate speech and the ranges that it is based on. Subsequently to mentioning the European legal framework on constraints of the hate speech, we accentuated the role of the European Union. In particular, the Members of the European Parliament have undertaken considerable action by appealing to the European Commission for the creation of a European mechanism, which will promote legislative measures with the aim of an improved privacy regarding children’s personal data.

Despite the fact that children are considered as ‘digitally educated’, they do not possess the indispensable mechanisms for their self-protection on the internet, such as the spam exclusion and critical evaluation of the content they get in touch with. The necessity of parental consent, albeit essential for children’s protection, is, in specific occasions, in conflict with the children’s involvement in decision-making.

Among the renowned speakers, Cox Leonard, Qwant’s Vice-President for International Relations, kindly thanked Homo Digitalis for mentioning Qwant Junior as an alternative child-friendly web search engine.

In addition, the member of European Parliament Cornelia Ernst deemed significant our reference to children’s consuming relation with the social media and the necessity to protect their privacy.

In conclusion, we would like to express sincere thanks to Mr. Kouloglou and his team, who invited us as Speakers and gave us in this way the opportunity to broach the matter of children’s digital rights in social networks.

* Anastasia Karagianni is a lawyer with expertise in children’s digital rights. She is a member of Homo Digitalis and co-Creator of ChildAct with the aim of protecting children’s digital rights.


An interview with Emmanuel Tzivieris, DPO at Investment Bank of Greece

On May 25, 2018, the General Data Protection Regulation (GDPR) came into force and changed significantly the protection of personal data in our country. The GDPR establishes many rights for citizens. Among others, the Regulation provides for the creation of the position of the Data Protection Officer (known as DPO). We met with Emmanuel Tzivieris*, DPO at the Investment Bank of Greece, so that he could explain us more about this new position.

Talk to us about the role of the DPO. Is it something new?

Many people are referring to the role of the DPO as a novelty of the GDPR, which is not entirely accurate. The term is not unknown. It also existed in the European Directive 95/46, it was also included in Greek law 3979/2011 on eGovernment, it also existed in Germany; but in practice it was not used, at least not to such an extent. This has changed with the implementation of the GDPR, which provides for the mandatory appointment of a DPO, starting on 25 May 2018, for three main categories of organizations and businesses:

(a) Public authorities and bodies other than the courts.

(b) Organizations whose core activities require regular and systematic monitoring of subjects on a large scale.

(c) Organizations processing personal data of specific categories, such as genetics, biometrics, health data e.t.c.

– You are giving me the opportunity to ask you about the level of business alertness on May 25th. Had the Greek companies and organizations already appointed DPOs?

I am not aware of the overall picture of Greek businesses and public organizations to answer your question, but there are indications that the “last minute” rule was not excluded even in the case of GDPR. At this point, I would like to emphasize that the GDPR was adopted in April 2016, which meant that all the persons in charge had more than two years to comply with its requirements, including the definition of DPO. Even the incorporation of the Regulation into the national legislation of the Member States has been delayed. Just a few days after its introduction, the European Commissioner responsible for justice has warned eight member-states (including Greece) and urged them to speed up their compliance procedures.

– How would you describe the role of DPO in an organization?

There are various interpretations of the role the DPO has to play in an organization. It has been suggested that the DPO will be the “long hand” of the Data Protection Authority, or its “eyes and ears” within the organization. It has also been heard that he will be an informal internal auditor who can carry out audits and communicate his findings to the Authority. However, we can’t confirm any of these theories when the legislative process is in progress in Greece. The only certainty is that the DPO will be a communication channel, or the link between the organization and the Supervisory Authority, and will be entrusted with the tasks assigned to it by the Regulation in Article 39, such as monitoring the organization’s compliance with the Regulation, advice to the company, staff briefing, opinion on impact assessment, etc.

– How important are the personal data of the subjects that are managed and processed by a business?

There are whole business models based almost exclusively on the processing of personal data. Meanwhile, the digital world is evolving rapidly and this has resulted in creating an intangible environment for individuals, consumer preferences and needs. See what happens with electronic communications today and compare it to previous decades. Look up on what is coming with artificial intelligence. Real cosmogony. So, you understand the importance of legislation such as the GDPR that tightens the framework for the processing of personal data at a time when personal data and control are becoming decisive for sustainability, competitiveness and further development of businesses.

– What do you think is the biggest challenge for a DPO?

The challenges mainly concern the innovations introduced by the Regulation on the general functioning of an entity. As you can see, it is a piece of legislation that changes the strategy and the way in which organizations and businesses have operated so far. The DPO, therefore, as the orchestration of the compliance process, is called upon to confront the habit, which is the greatest enemy of a healthy business. It is called upon to create within the company a new culture that treats personal data with respect and a sense of responsibility.

– Can the consumer contact the DPO directly?

The Regulation provides for the obligation to process personal data in a transparent manner. In this context, the organization is required to share the DPO contact information to all data subjects, facilitating communication with him/her.

Any interested person may contact the DPO to get informed about the categories of personal data being processed, the purposes of the processing, the potential recipients of the data and, in particular, his/her rights as derived from Regulation.

– What about the public’s awareness so far? Is there a response and interest of the public for the protection of their personal data?

Remember the first days of application of the Regulation and the dozens of identical messages we received from various businesses, e-shops, social media, etc. Anyone claiming that he was not bothered by this information storm and did not delete most of these messages would not be frank. This negative atmosphere gave the impression that sending the newsletters discouraged the public rather than sensitizing it.

This climate is slowly reversing. The messages we receive from daily communication with the public, as well as the results of a recent survey on the level of awareness and information of the Greeks on personal data protection issues, are encouraging. More than 80% said they were aware of the new regulation, while 77% of respondents claimed they had become more cautious about how they shared their personal data. If the numbers tell the truth, then we are on the right track. This progress is largely due to initiatives such as yours, Homo Digitalis, aimed at raising public awareness, but mainly ensuring that the public is properly and responsibly informed.

– How do you see the future of business in this digital world?

Although I’m not good at predictions, what I can say is compliance with the GDPR is the first major test that businesses are faced with in this field. There are plenty of other more demanding tests coming. The results of this first exercise will reveal the level of alertness of organizations to adapt to the new requirements and new business models of the digital world. Those who pass the test successfully have every reason to be optimistic that they will remain competitive, unlike the others, for which, unfortunately, the future does not look promising.

*Emmanuel Tzivieris holds a Bachelor from the Law School of Athens, a Master in Public Law form the National Kapodistrian University of Athens and a Master in Law and Economics from Utrecht University. He is the DPO of the Investment Bank of Greece.


Homo Digitalis files a petition to the Greek Parliament concerning the use of the “IBORDERCTRL” system in the Greek borders

On the 5th of November, Homo Digitalis filed a petition to the Greek Parliament (protocol number: 4661) concerning the use of the “IBORDERCTRL” system at the Greek borders, posing specific questions to the responsible Minister.

According to the official page of the European Commission and the one of the “IBORDERCTRL” for the pilot application of this system in Greece, which was funded by the H2020 program with the amount of 4.501.877 euros, the system will be used in the Greek borders with Albania, Bulgaria, FYROM and Turkey in pedestrians, cars, buses, train passengers and merchandise trains that cross these borders.

For the first 3 categories responsible will be KE.ME.A, which is surveilled by the Minister of Public Safety.  As for the other 2 categories KE.ME.A will be responsible in cooperation with ΤΡΑΙΝΟΣΕ.ΑΕ, which is now a limited liability company belonging to the Italian group Ferreovie dello Stato Italiane Group.

The system IBORDERCTRL is known to be able to identify false statements of the passengers based on their facial expressions. However the 10 documents that evaluate the technical specifications of this system (Requirement Analysis Report, Reference Architecture and components specifications, Data Collection Devices – specification, First version of all technological tools and subsystems, Second version of all technological tools and subsystems for integration, First version of the iBorderCtrl software platform, Second version of the iBorderCtrl software platform, Integration Plan, Early version of the integrated prototype και Experimental Design for Pilot Deployment and Evaluation) remain strictly confidential.

As a result, it is impossible for the scientific experts to inspect and confirm the claims of the developers of this system. Therefore, its credibility and reliability cannot be proven.

Moreover, all the research concerning its progress and development (Periodic Progress Report, Annual Report, Periodic Progress Report 2, Annual Report 2) also remain confidential, fact that makes the inspection of its technical specifications impossible.

Finally, all the files of legal and ethics evaluation also remain confidential (Ethics advisor’s first report, Ethics of profiling, the risk of stigmatization of individuals and mitigation plan, Ethics Advisor, EU wide legal and ethical review report) thus nobody can confirm if that system is compatible with the legislation of the European Union.

Specifically, it is impossible to control and inspect if there is a specific notice for the subject of the data concerning the right of reassurance of human interference, the right of expressing an opinion, the right to claim the reasoning of the decision made from the evaluation of the system IBORDERCTRL and the right to challenge that decision.

Furthermore, due to the confidential character of the legal and ethics evaluation research, there is no guarantee that the system IBOREDERCTRL doesn’t conclude in a decision based on personality traits parameters, which are naturally sensitive concerning the fundamental rights and liberties according to the articles 10 and 11 of the Directive 2016/680 and the terms established by the Articles 21 and 52 of the EU Fundamental Rights Charter.

Therefore, the European citizens payed 4.501.877 euros for this system via the H2020 program having zero access to its technical specifications to control the credibility of the system, nor can they confirm if its use is actually legal as access to any legal review is confidential as we mentioned above.

On the contrary, according to the European Commission website, the entities that participated may gain the amount of 118 billion euros due to the technical know-how that they provided and the growing market of the border security systems.

You can see the whole content of our Report and our questions to the Minister in charge in Greek HERE.


Homo Digitalis became an observer-member of EDRi

We are very pleased and proud to announce that Homo Digitalis is now an observer-member of European Digital Rights – EDRi. EDRi, founded in 2002, is the biggest union of digital rights organizations in the world.

Homo Digitalis is the first Greek organization to get accepted by EDRi and we feel very honoured about this. As observer-member we will have the opportunity to participate alongside EDRi and its members in joint actions, to exchange knowledge and opinions with renowned specialists from all around the globe and increase our organization’s influence.

We would like to warmly thank epicenter.works and Bits of Freedom, which supported us from the first moment with their reference letters, as well as all the EDRi members, which voted in our favour.

Learn more on EDRi and its members on: https://edri.org/members/


Homo Digitalis's first seminar was successfully completed

The first seminar organized by Homo Digitalis, entitled “European Cyber Security Month: Real Challenges-Legal and Technical Solutions”, was successfully completed. More than 150 academics, professionals, students and citizens participated.

With the predominant message of the need for better information on the legal and technical aspects of cybersecurity, the seminar took place on Wednesday, October 31, at the Athens Bar Association.

In the framework of the European Cybersecurity Month, the workshop entitled “Real Challenges-Legal and Technical Solutions” brought together more than 150 academics, professionals and students from both legal and computer science backgrounds as well as several citizens with a keen interest in this particular issue. Particularly important was the presence of representatives from the Ministry of Digital Policy, the Data Protection Authority, the Authority for the Confidentiality of Communications, the Electronic Crime Prosecution Division and the judiciary.

In the first session of the seminar, the legal challenges and obligations of cyberspace were analyzed, while the second included a demonstration of social engineering and the presentation of the national cyber security team. The lecturers of the conference were prominent lawyers and computer professionals and demonstrated the necessary collaboration between the two fields to achieve fuller user protection.

We want to thank by heart the Athens Bar Association for its hospitality and support, as well as our outstanding speakers and collaborators, without which this event could not take place.

We are particularly grateful to the Attorney General of the Supreme Court, the Director of the Electronic Crime Investigation Department, the Data Protection Authority, the Ministry of Digital Policy and all the organizations that honored us through their presence.

We gratefully thank all of you who attended the seminar and showed us that the interest in digital rights is constantly increasing in our country.

You can see photos from the seminar here:


Seminar: “European Cybersecurity Month: Real Challenges-Legal and Technical Solutions”

In the context of the European Cyber Security Month campaign under the auspices of the European Network and Information Security Agency (ENISA) and the European Commission, Homo Digitalis organizes a conference entitled “European Cyber Security Month: Real Challenges – Legal and Technical Solutions “.

As the use of the Internet and IT is constantly increasing, the creation of a secure infrastructure and service environment is particularly important. However, unilateral legal compliance, despite the important legislative initiatives of the European Union, does not completely shield the organizations against cyber attacks. The concept of cyber security has been drastically enhanced since it first developed and a thorough risk assessment is the first important step towards the security of network and information systems. Through the interdisciplinary approach of the workshop, the aim is to highlight the need for the synergy of legal and technical tools to achieve the utmost protection of users.

The seminar will be held on October 31, 2018, at 18:00, at the Athens Bar Association’s ceremonial hall (60 Akadimias Street, 106 79 Athens). It has been announced on the official website of the European Cyber ​​Security Month campaign under the auspices of the European Network and Information Security Agency (ENISA) and the European Commission.

The event is open to the public and admission is free of charge. It concerns all public and private organizations, academic institutions, lawyers and professionals in the computer industry as well as all citizens interested in enhancing cyber security and its respective legal and technical extensions.

The eminent speakers who honour us with their presence are distinguished professionals in their field (lawyers, judges, computer engineers) with years of experience and inherent interest in cyber security challenges and solutions.


Homo Digitalis signs EPIC's Universal Guidelines for Artificial Intelligence

Today «Electronic Privacy Information Center» (EPIC) published the Universal Guidelines for Artificial Intelligence, in Brussels at the Public Voice symposium “AI, Ethics, and Fundamental Rights.” The symposium is part of the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC 2018).

The Universal Guidelines set out 12 principles to “inform and improve the design and use of AI. The Guidelines are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights.

Homo Digitalis is one of the organizations and experts around the world that has signed and endorsed EPIC’s Universal Guidelines for Artificial Intelligence.

You can access the full document and the list of endorsements here.

You can access the related press release here.


Homo Digitalis submits a report to the Greek Parliament for the negotiations concerning ePrivacy

On 23/10/18 in the context of the negotiations for the reform of the established legislature (Directive 2002/58/EC) with regard to the processing of personal data and the protection of privacy in digital communications, Homo Digitalis submitted a report to the President and the Vice-Presidents of the Greek Parliament, posing specific questions to the responsible Minister.

The questions as they were submitted in the report:

    1. Given the growing importance of the principles of protection of privacy already from the design and the protection of private life from scratch for the security of the integrity and credibility of digital communication, the Greek Government supports the adaptation of these principles in the text of the proposed European regulation for the protection of private life in digital communications?
    2. Given the important decisions taken by the Court of the European Union concerning the retention of data produced or being subjected to processing in light of the provision of available ones to the public of the services of digital communication —(ECJ, Joint cases C-293/12 and C-594/12, Digital Rights and others, 8 April 2014, and ECJ, Joint cases C-203/15 and C-698/15, Tele2 Sverige AB v. Post- och telestyrelsen and UK Home Office v. Tom Watson and others, 21 December 2016)—-, the Greek Government vouches to oppose in any kind of reform of the text of the proposed European Regulation,  which will diverge from these decisions?
    3. Given the need of a common legal framework, which will regulate with clarity the private data processing and the protection of privacy in digital communications, the Greek Government believes that the creation of 2 different and diverge legal frameworks for communications, one that will regulate the communications having an impartation role and a second which will regulate communications stored inside the companies providing digital communication services, consists a correct approach of the legal issues that may derive?
    4. Finally, given the need of the creation of a special legal system which will empower the provisions of the GDPR and will provide with enhanced protection concerning the private data processing and the protection of privacy in digital communications, does the Greek Government guarantee for the fast finalization of the negotiable text of the European Regulation for the protection of privacy in digital communications?

Homo Digitalis encourages the Greek Parliament members to adopt this Report.

At the same day Homo Digitalis submitted a letter to the Minister of Justice, Mr. M. Kalogirou.

You can see the full content of the Report in Greek HERE.