Homo Digitalis in the European Parliament
On the 8th of November a conference on “Facebook and other social dangers” took place in the European Parliament. The conference was held by the parliamentary committee of the Greek member of the European Parliament, Mr. Stelios Kouloglou. Homo Digitalis was invited by Mr. Kouloglou and was represented by Anastasia Karagianni.*
The presentation by Homo Digitalis focused on hate speech and child protection on the Internet.
Specifically, in the first place we developed the definition of the hate speech and the ranges that it is based on. Subsequently to mentioning the European legal framework on constraints of the hate speech, we accentuated the role of the European Union. In particular, the Members of the European Parliament have undertaken considerable action by appealing to the European Commission for the creation of a European mechanism, which will promote legislative measures with the aim of an improved privacy regarding children’s personal data.
Despite the fact that children are considered as ‘digitally educated’, they do not possess the indispensable mechanisms for their self-protection on the internet, such as the spam exclusion and critical evaluation of the content they get in touch with. The necessity of parental consent, albeit essential for children’s protection, is, in specific occasions, in conflict with the children’s involvement in decision-making.
Among the renowned speakers, Cox Leonard, Qwant’s Vice-President for International Relations, kindly thanked Homo Digitalis for mentioning Qwant Junior as an alternative child-friendly web search engine.
In addition, the member of European Parliament Cornelia Ernst deemed significant our reference to children’s consuming relation with the social media and the necessity to protect their privacy.
In conclusion, we would like to express sincere thanks to Mr. Kouloglou and his team, who invited us as Speakers and gave us in this way the opportunity to broach the matter of children’s digital rights in social networks.
* Anastasia Karagianni is a lawyer with expertise in children’s digital rights. She is a member of Homo Digitalis and co-Creator of ChildAct with the aim of protecting children’s digital rights.
An interview with Emmanuel Tzivieris, DPO at Investment Bank of Greece
On May 25, 2018, the General Data Protection Regulation (GDPR) came into force and changed significantly the protection of personal data in our country. The GDPR establishes many rights for citizens. Among others, the Regulation provides for the creation of the position of the Data Protection Officer (known as DPO). We met with Emmanuel Tzivieris*, DPO at the Investment Bank of Greece, so that he could explain us more about this new position.
– Talk to us about the role of the DPO. Is it something new?
Many people are referring to the role of the DPO as a novelty of the GDPR, which is not entirely accurate. The term is not unknown. It also existed in the European Directive 95/46, it was also included in Greek law 3979/2011 on eGovernment, it also existed in Germany; but in practice it was not used, at least not to such an extent. This has changed with the implementation of the GDPR, which provides for the mandatory appointment of a DPO, starting on 25 May 2018, for three main categories of organizations and businesses:
(a) Public authorities and bodies other than the courts.
(b) Organizations whose core activities require regular and systematic monitoring of subjects on a large scale.
(c) Organizations processing personal data of specific categories, such as genetics, biometrics, health data e.t.c.
– You are giving me the opportunity to ask you about the level of business alertness on May 25th. Had the Greek companies and organizations already appointed DPOs?
I am not aware of the overall picture of Greek businesses and public organizations to answer your question, but there are indications that the “last minute” rule was not excluded even in the case of GDPR. At this point, I would like to emphasize that the GDPR was adopted in April 2016, which meant that all the persons in charge had more than two years to comply with its requirements, including the definition of DPO. Even the incorporation of the Regulation into the national legislation of the Member States has been delayed. Just a few days after its introduction, the European Commissioner responsible for justice has warned eight member-states (including Greece) and urged them to speed up their compliance procedures.
– How would you describe the role of DPO in an organization?
There are various interpretations of the role the DPO has to play in an organization. It has been suggested that the DPO will be the “long hand” of the Data Protection Authority, or its “eyes and ears” within the organization. It has also been heard that he will be an informal internal auditor who can carry out audits and communicate his findings to the Authority. However, we can’t confirm any of these theories when the legislative process is in progress in Greece. The only certainty is that the DPO will be a communication channel, or the link between the organization and the Supervisory Authority, and will be entrusted with the tasks assigned to it by the Regulation in Article 39, such as monitoring the organization’s compliance with the Regulation, advice to the company, staff briefing, opinion on impact assessment, etc.
– How important are the personal data of the subjects that are managed and processed by a business?
There are whole business models based almost exclusively on the processing of personal data. Meanwhile, the digital world is evolving rapidly and this has resulted in creating an intangible environment for individuals, consumer preferences and needs. See what happens with electronic communications today and compare it to previous decades. Look up on what is coming with artificial intelligence. Real cosmogony. So, you understand the importance of legislation such as the GDPR that tightens the framework for the processing of personal data at a time when personal data and control are becoming decisive for sustainability, competitiveness and further development of businesses.
– What do you think is the biggest challenge for a DPO?
The challenges mainly concern the innovations introduced by the Regulation on the general functioning of an entity. As you can see, it is a piece of legislation that changes the strategy and the way in which organizations and businesses have operated so far. The DPO, therefore, as the orchestration of the compliance process, is called upon to confront the habit, which is the greatest enemy of a healthy business. It is called upon to create within the company a new culture that treats personal data with respect and a sense of responsibility.
– Can the consumer contact the DPO directly?
The Regulation provides for the obligation to process personal data in a transparent manner. In this context, the organization is required to share the DPO contact information to all data subjects, facilitating communication with him/her.
Any interested person may contact the DPO to get informed about the categories of personal data being processed, the purposes of the processing, the potential recipients of the data and, in particular, his/her rights as derived from Regulation.
– What about the public’s awareness so far? Is there a response and interest of the public for the protection of their personal data?
Remember the first days of application of the Regulation and the dozens of identical messages we received from various businesses, e-shops, social media, etc. Anyone claiming that he was not bothered by this information storm and did not delete most of these messages would not be frank. This negative atmosphere gave the impression that sending the newsletters discouraged the public rather than sensitizing it.
This climate is slowly reversing. The messages we receive from daily communication with the public, as well as the results of a recent survey on the level of awareness and information of the Greeks on personal data protection issues, are encouraging. More than 80% said they were aware of the new regulation, while 77% of respondents claimed they had become more cautious about how they shared their personal data. If the numbers tell the truth, then we are on the right track. This progress is largely due to initiatives such as yours, Homo Digitalis, aimed at raising public awareness, but mainly ensuring that the public is properly and responsibly informed.
– How do you see the future of business in this digital world?
Although I’m not good at predictions, what I can say is compliance with the GDPR is the first major test that businesses are faced with in this field. There are plenty of other more demanding tests coming. The results of this first exercise will reveal the level of alertness of organizations to adapt to the new requirements and new business models of the digital world. Those who pass the test successfully have every reason to be optimistic that they will remain competitive, unlike the others, for which, unfortunately, the future does not look promising.
*Emmanuel Tzivieris holds a Bachelor from the Law School of Athens, a Master in Public Law form the National Kapodistrian University of Athens and a Master in Law and Economics from Utrecht University. He is the DPO of the Investment Bank of Greece.
Homo Digitalis files a petition to the Greek Parliament concerning the use of the “IBORDERCTRL” system in the Greek borders
On the 5th of November, Homo Digitalis filed a petition to the Greek Parliament (protocol number: 4661) concerning the use of the “IBORDERCTRL” system at the Greek borders, posing specific questions to the responsible Minister.
According to the official page of the European Commission and the one of the “IBORDERCTRL” for the pilot application of this system in Greece, which was funded by the H2020 program with the amount of 4.501.877 euros, the system will be used in the Greek borders with Albania, Bulgaria, FYROM and Turkey in pedestrians, cars, buses, train passengers and merchandise trains that cross these borders.
For the first 3 categories responsible will be KE.ME.A, which is surveilled by the Minister of Public Safety. As for the other 2 categories KE.ME.A will be responsible in cooperation with ΤΡΑΙΝΟΣΕ.ΑΕ, which is now a limited liability company belonging to the Italian group Ferreovie dello Stato Italiane Group.
The system IBORDERCTRL is known to be able to identify false statements of the passengers based on their facial expressions. However the 10 documents that evaluate the technical specifications of this system (Requirement Analysis Report, Reference Architecture and components specifications, Data Collection Devices – specification, First version of all technological tools and subsystems, Second version of all technological tools and subsystems for integration, First version of the iBorderCtrl software platform, Second version of the iBorderCtrl software platform, Integration Plan, Early version of the integrated prototype και Experimental Design for Pilot Deployment and Evaluation) remain strictly confidential.
As a result, it is impossible for the scientific experts to inspect and confirm the claims of the developers of this system. Therefore, its credibility and reliability cannot be proven.
Moreover, all the research concerning its progress and development (Periodic Progress Report, Annual Report, Periodic Progress Report 2, Annual Report 2) also remain confidential, fact that makes the inspection of its technical specifications impossible.
Finally, all the files of legal and ethics evaluation also remain confidential (Ethics advisor’s first report, Ethics of profiling, the risk of stigmatization of individuals and mitigation plan, Ethics Advisor, EU wide legal and ethical review report) thus nobody can confirm if that system is compatible with the legislation of the European Union.
Specifically, it is impossible to control and inspect if there is a specific notice for the subject of the data concerning the right of reassurance of human interference, the right of expressing an opinion, the right to claim the reasoning of the decision made from the evaluation of the system IBORDERCTRL and the right to challenge that decision.
Furthermore, due to the confidential character of the legal and ethics evaluation research, there is no guarantee that the system IBOREDERCTRL doesn’t conclude in a decision based on personality traits parameters, which are naturally sensitive concerning the fundamental rights and liberties according to the articles 10 and 11 of the Directive 2016/680 and the terms established by the Articles 21 and 52 of the EU Fundamental Rights Charter.
Therefore, the European citizens payed 4.501.877 euros for this system via the H2020 program having zero access to its technical specifications to control the credibility of the system, nor can they confirm if its use is actually legal as access to any legal review is confidential as we mentioned above.
On the contrary, according to the European Commission website, the entities that participated may gain the amount of 118 billion euros due to the technical know-how that they provided and the growing market of the border security systems.
You can see the whole content of our Report and our questions to the Minister in charge in Greek HERE.
Homo Digitalis became an observer-member of EDRi
We are very pleased and proud to announce that Homo Digitalis is now an observer-member of European Digital Rights – EDRi. EDRi, founded in 2002, is the biggest union of digital rights organizations in the world.
Homo Digitalis is the first Greek organization to get accepted by EDRi and we feel very honoured about this. As observer-member we will have the opportunity to participate alongside EDRi and its members in joint actions, to exchange knowledge and opinions with renowned specialists from all around the globe and increase our organization’s influence.
We would like to warmly thank epicenter.works and Bits of Freedom, which supported us from the first moment with their reference letters, as well as all the EDRi members, which voted in our favour.
Learn more on EDRi and its members on: https://edri.org/members/
Homo Digitalis's first seminar was successfully completed
The first seminar organized by Homo Digitalis, entitled “European Cyber Security Month: Real Challenges-Legal and Technical Solutions”, was successfully completed. More than 150 academics, professionals, students and citizens participated.
With the predominant message of the need for better information on the legal and technical aspects of cybersecurity, the seminar took place on Wednesday, October 31, at the Athens Bar Association.
In the framework of the European Cybersecurity Month, the workshop entitled “Real Challenges-Legal and Technical Solutions” brought together more than 150 academics, professionals and students from both legal and computer science backgrounds as well as several citizens with a keen interest in this particular issue. Particularly important was the presence of representatives from the Ministry of Digital Policy, the Data Protection Authority, the Authority for the Confidentiality of Communications, the Electronic Crime Prosecution Division and the judiciary.
In the first session of the seminar, the legal challenges and obligations of cyberspace were analyzed, while the second included a demonstration of social engineering and the presentation of the national cyber security team. The lecturers of the conference were prominent lawyers and computer professionals and demonstrated the necessary collaboration between the two fields to achieve fuller user protection.
We want to thank by heart the Athens Bar Association for its hospitality and support, as well as our outstanding speakers and collaborators, without which this event could not take place.
We are particularly grateful to the Attorney General of the Supreme Court, the Director of the Electronic Crime Investigation Department, the Data Protection Authority, the Ministry of Digital Policy and all the organizations that honored us through their presence.
We gratefully thank all of you who attended the seminar and showed us that the interest in digital rights is constantly increasing in our country.
You can see photos from the seminar here:
Seminar: “European Cybersecurity Month: Real Challenges-Legal and Technical Solutions”
In the context of the European Cyber Security Month campaign under the auspices of the European Network and Information Security Agency (ENISA) and the European Commission, Homo Digitalis organizes a conference entitled “European Cyber Security Month: Real Challenges – Legal and Technical Solutions “.
As the use of the Internet and IT is constantly increasing, the creation of a secure infrastructure and service environment is particularly important. However, unilateral legal compliance, despite the important legislative initiatives of the European Union, does not completely shield the organizations against cyber attacks. The concept of cyber security has been drastically enhanced since it first developed and a thorough risk assessment is the first important step towards the security of network and information systems. Through the interdisciplinary approach of the workshop, the aim is to highlight the need for the synergy of legal and technical tools to achieve the utmost protection of users.
The seminar will be held on October 31, 2018, at 18:00, at the Athens Bar Association’s ceremonial hall (60 Akadimias Street, 106 79 Athens). It has been announced on the official website of the European Cyber Security Month campaign under the auspices of the European Network and Information Security Agency (ENISA) and the European Commission.
The event is open to the public and admission is free of charge. It concerns all public and private organizations, academic institutions, lawyers and professionals in the computer industry as well as all citizens interested in enhancing cyber security and its respective legal and technical extensions.
The eminent speakers who honour us with their presence are distinguished professionals in their field (lawyers, judges, computer engineers) with years of experience and inherent interest in cyber security challenges and solutions.
Homo Digitalis signs EPIC's Universal Guidelines for Artificial Intelligence
Today «Electronic Privacy Information Center» (EPIC) published the Universal Guidelines for Artificial Intelligence, in Brussels at the Public Voice symposium “AI, Ethics, and Fundamental Rights.” The symposium is part of the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC 2018).
The Universal Guidelines set out 12 principles to “inform and improve the design and use of AI. The Guidelines are intended to maximize the benefits of AI, to minimize the risk, and to ensure the protection of human rights.
Homo Digitalis is one of the organizations and experts around the world that has signed and endorsed EPIC’s Universal Guidelines for Artificial Intelligence.
You can access the full document and the list of endorsements here.
You can access the related press release here.
Homo Digitalis submits a report to the Greek Parliament for the negotiations concerning ePrivacy
On 23/10/18 in the context of the negotiations for the reform of the established legislature (Directive 2002/58/EC) with regard to the processing of personal data and the protection of privacy in digital communications, Homo Digitalis submitted a report to the President and the Vice-Presidents of the Greek Parliament, posing specific questions to the responsible Minister.
The questions as they were submitted in the report:
-
- Given the growing importance of the principles of protection of privacy already from the design and the protection of private life from scratch for the security of the integrity and credibility of digital communication, the Greek Government supports the adaptation of these principles in the text of the proposed European regulation for the protection of private life in digital communications?
- Given the important decisions taken by the Court of the European Union concerning the retention of data produced or being subjected to processing in light of the provision of available ones to the public of the services of digital communication —(ECJ, Joint cases C-293/12 and C-594/12, Digital Rights and others, 8 April 2014, and ECJ, Joint cases C-203/15 and C-698/15, Tele2 Sverige AB v. Post- och telestyrelsen and UK Home Office v. Tom Watson and others, 21 December 2016)—-, the Greek Government vouches to oppose in any kind of reform of the text of the proposed European Regulation, which will diverge from these decisions?
- Given the need of a common legal framework, which will regulate with clarity the private data processing and the protection of privacy in digital communications, the Greek Government believes that the creation of 2 different and diverge legal frameworks for communications, one that will regulate the communications having an impartation role and a second which will regulate communications stored inside the companies providing digital communication services, consists a correct approach of the legal issues that may derive?
- Finally, given the need of the creation of a special legal system which will empower the provisions of the GDPR and will provide with enhanced protection concerning the private data processing and the protection of privacy in digital communications, does the Greek Government guarantee for the fast finalization of the negotiable text of the European Regulation for the protection of privacy in digital communications?
Homo Digitalis encourages the Greek Parliament members to adopt this Report.
At the same day Homo Digitalis submitted a letter to the Minister of Justice, Mr. M. Kalogirou.
You can see the full content of the Report in Greek HERE.
Can machines replace judges?
A philosophical approach by Philippos Kourakis*
There are various ways in which technology could change the way people who are involved in the legislative process and law enforcement work. In this text we will focus on the question of machines taking over the judiciary, and if that could be in line with Ronald Dworkin’s right solution thesis.
Using a specific algorithm
Lawyers Casey and Niblett [1] describe a hypothetical future situation in which the information and predictions we can derive from technology will be of such precision where we can assign the judge’s role to machines. The process, as they say, will be the following: in some US states, an algorithm is already being used by judges to predict the possibility that the accused will not appear before the court. Although this algorithm has not replaced the judges, it is reasonable to assume that the more effective it will be, the more the judges will rely on it, until they ultimately depend entirely on it.
Τhere is a question through this (hypothetical) scenario on how such a move would be in harmony with the very nature of law. To give an answer, we will turn to Dworkin’s work and in particular to his theory regarding the right solution thesis.
The theory of the right solution and its possible misinterpretation
Dworkin in his early career has shaken the philosophical and rigorous currents of his time, arguing that always, even in the most controversial and difficult cases, there is a right solution [2]. At first, this position seems to be largely expressed by those who support the replacement of judges by machines if the right solution seems reasonable to emerge from a mechanistic process of the highest precision. However, this approach is a misinterpretation of Dworkin’s position.
Dworkin himself had predicted such a misinterpretation. In the Empire of the Law (1986), he wrote [3]:
“I have never designed an algorithm to be used in the courtroom. No computer wizard could draw from my arguments a program which, after gathering all the facts of the case and all the texts of previous laws and judgments, would give us a verdict that would find everyone in agreement.”
Dworkin’s statement stems from his belief that the correct method of hearing cases is an exercise that is fundamentally interpretative and worthwhile and, as such, is based on principles. The judge can find the right solution in each case, but only by finding the best possible interpretation.
The best interpretation is expressed by those who, according to the letter of the law, can legitimately justify the coercion imposed by the law on its companions. In this process, Dworkin argues that the judge tries to preserve the integrity of the law by interpreting it in its best light, having in mind that the law is the creation of a community in which the unifying element is the attempt to justify state coercion.
Dworkin believed that each case had a right solution, but nevertheless, every case is difficult, and finding a solution is a very important exercise of political ethics. Therefore, despite the formalist texture of the philosopher’s belief in a correct solution to each case, he realized that the legal system, being an organic unit, is constantly changing with its individual elements being as constant as possible between them.
Will technology replace judges?
The question that arises from the above is whether the pace of technology development and the path it has taken will lead to machines effectively replacing judges, finding the right answer even in difficult cases. Machine Learning can indeed redirect a set of rules so that a more general goal can be served, which is something that may well be ethically welcomed. From this perspective, Machine Learning is dynamic and structured with continuity. Therefore, if it was used to deal with real assumptions, it would do so with some kind of integrity that would be mechanical in its nature.
Nonetheless, the desired goals would remain intact. The static nature of political ethics, on which the legal system would be based, would detract from legality, in Dworkin’s view. For the philosopher, integrity has the meaning that all parts of the legal system can be revised, since the argumentative disagreement reaches the foundations of legality by looking at basic questions such as how citizens should be taxed and whether they should be taxed or if there should be policies of positive discrimination [4]. Following this reasoning, legislative policies are based on principles that arise through the interpretation of difficult cases. This process aims to consolidate past decisions in a way that would justify state coercion on the part of the interpretive community.
The conclusion
To sum up, it is understandable that the prospect of technology through Machine Learning could hardly be in harmony with legality as expressed by Dworkin. Machine Learning does not work on principles. It operates on statistical relationships that do not reflect ethical principles. Its operation would therefore be abolished to the extent that a system (the legal) would require it to act fundamentally morally.
*Philippos Kourakis is a lawyer with a specialization in Philosophy of Law and Criminology. He holds a Bachelor from the Law School of Athens and a Master from Oxford University in Criminology as well as a Master in Philosophy of Law from the National Kapodistrian University of Athens.
[1] Casey, Anthony J. and Niblett, Anthony, Self-Driving Laws (June 5, 2016). Available at SSRN: https://ssrn.com/abstract=2804674
[2] Ronald Dworkin,Taking Rights Seriously(London: Duckworth, 1978), chapter 4
[3] Ronald Dworkin,Law’s Empire (Cambridge, MA: Harvard University Press, 1986) p. 412
[4] Ibid, p. 73