Last week, the Council of Europe’s Standing Committee on Artificial Intelligence (CAHAI) adopted at its last plenary session for 2020 the Feasibility Study of a Legal Framework for Artificial Intelligence.

Our co-founding member and secretary of the Board Eleftherios Chelioudakis, represented Homo Digitalis during the three-day plenary session (December 15-17), while also as a member of the Policy Development Group (PDG), he actively participated in the writing process of the relevant study for the last 4 months.

At the beginning of 2021 the study will be officially presented to the Committee of Ministers of the Council of Europe. The beginning of the working process of the  Legal Framework Group (LFG), which will be responsible for the preparation of specific legal proposals for adoption, is also expected. Homo Digitalis also participates as a member in this working group.

Will we have a Convention on Artificial Intelligence from the Council of Europe  in the future? Nobody knows yet, but it appears that the Council of Europe is carefully considering this option as well, unlike other bodies that insist on adopting ethical guidelines without a legal basis.

We are very happy that several of our proposals have been adopted and are being part of  the final text of the Study.

You can read more about the CAHAI Study and its work on the official website of the Council of Europe.

On Thursday, December 10, 2020, Eva Davaki and Angeliki Tiligadi represented Homo Digitalis at an online event organised by the Devstaff Community.

The two members of Homo Digitalis talked about “Privacy and processing of biometric data in public places, as well as the pan-European campaign “Reclaim Your Face””.

In particular, the campaign was launched by Homo Digitalis and 9 other European civil society organisations and aims to ban mass biometric surveillance, without transparent procedures and a clear legal framework.

Support our campaign by signing up on our website now!

The event was also attended by Caprice Community of FORTH, presenting the CAP-A platform, which enhances the privacy of Android app users.

Today, Homo Digitalis joined forces with other civil society organizations, namely Asociatia pentru Tehnologie si Internet (ApTi) from Romania, D3 – Defesa dos Direitos Digitais from Portugal, GONG from Croatia, Global Human Dignity Foundation from Malta, and the Institut d’information de Chypre from Cyprus. At the same time this morning, we lodged a complaint with the competent regulatory authorities of our countries against the harmful practices of Google Ireland and IAB Europe in the field of online behavioral advertising.

More specifically, within the behavioral advertising industry, fast, automated real-time auctions (real-time bidding, or ‘RTB’) take place, during which technology companies representing advertisers compete for their ads to appear in the advertising space of a website or an application. These RTB auctions currently operate through the retransmission of the personal data of each user who visits a website / application.

Simply put, IAB Europe and Google’s RTB systems broadcast private activities for everything we do and watch online, as well as where we are in the real world, in a large number of companies, hundreds of billions of times every day. More specifically, Google’s RTB system is active on millions of 13.5 sites, while IAB’s RTB system is active on countless others. Thus, the RTB systems of IAB Europe and Google entail a huge and ongoing breach of the legal framework for the protection of personal data.

These complaints are on top of another 15, filed in 2018 and 2019 in the following countries: Belgium, Bulgaria, France, Germany, Estonia, United Kingdom, Ireland, Spain, Italy, Luxembourg, the Netherlands, Hungary, Poland, Slovenia And the Czech Republic. Based on these complaints, investigations have already been launched by the competent supervisory authorities. This action has been organized by an alliance of organizations, namely the Civil Liberties Union for Europe (Liberties), Open Rights Group (ORG) and Panoptykon Foundation.

Some important first comments from members of Homo Digitalis and other organizations involved in the action:

• Elpida Vamvaka, co-founder and President of Homo Digitalis, reports

“Google’s RTB systems and IAB Europe result in widespread and systematic breaches of data subjects’ rights. We call on the Hellenic DPA to take action and work with the other supervisory authorities at European level to help end such abuse.”

• Eleftherios Chelioudakis, co-founder and Secretary of Homo Digitalis adds:

“The RTB industry relies on a voracious collection of different categories of personal data, which sets under the microscope every aspect of our online behavior. In particular, an ecosystem has been created in which personal data is retransmitted to a huge number of companies without the data subjects having any knowledge and control over their further data processing operations.”

• Finally, Dr. Orsolya Reich, Union of Civil Liberties for Europe (Libertés), emphasizes that:

“Real-time bidding, which is the bedrock of the online advertising industry, is an abuse of people’s right to privacy. The GDPR has been in place since 2018 and it is there precisely to give people a greater say about what happens to their data online. Today, more civil society groups are saying enough with this invasive advertising model and are asking data protection authorities to stand up against the harmful and unlawful practices they use.”

An English Q&A text for the general public is available here.

The full text of our complaint (reg. number 8478 / 10-12-2020) as filed before the Hellenic DPA is available here.

Today, on 9.12.2020, two letters were submitted to the Chief of the Hellenic Police, Mr. Karamalakis, raising key questions and requests for access to documents regarding the use of drones and portable cameras during police operations that took place in Athens on the anniversary of the Polytechnic uprising (15-18 of November 2020) and on the day of remembrance of Alexis Grigoropoulos’ death (6-7 of December 2020).

Both letters were notified to the Minister of Citizen Protection, Mr. Chrysochoidis, and to the President of the Data Protection Authority, Mr. Menoudakos.

The letters are co-signed by Greek citizens that live and work in the centre of Athens, among others journalists and lawyers actively involved in the protection of human rights and participating in organizations such as Homo Digitalis, Reporters United (link in Greek) and The Press Project.

It must be understood that the operation of portable surveillance systems, such as drones and portable cameras, can only take place when there is imminent and serious danger of commitment of specific crimes and it is always subject to the prior issuing of a specific decision by the Hellenic Police, which specifically justifies – every time – the fulfillment of the necessary conditions for operation of portable surveillance systems, explains the concrete factual elements established and details the terms of operation of the portable systems.

The first letter (link in Greek) focuses on the prohibition of all public outdoor gatherings on 15-18 of November, during which media and citizens reported that the Hellenic Police made use of camera-bearing drones in Athens in order to get an accurate picture of the situation on the streets of the city.

The citizens request to be informed whether the necessary safeguards and obligations established by national and European legislation were observed, and in particular they ask:

– If the Hellenic Police issued the necessary decision for the operation of portable surveillance systems before the use of drones,

– If the Hellenic Police conducted an impact assessment of the processing operations on the protection of personal data prior to the use of drones,

– If the Data Protection Authority had been previously consulted, and

– If the Hellenic Police possesses multicopter drones which are particularly agile and intrusive in urban environments and, if so, how have they been procured.

In addition, the citizens request access to the documents mentioned above as well as to the drone flight log of the Hellenic Police for the period at issue, in order to ascertain the fulfillment of the necessary conditions laid down by law.

The second letter (link in Greek) concerns Hellenic Police decision No 7001/2/92/1-a to operate surveillance systems on 6-7 of December in the city centre (Exarcheia – Athens University Porch – Syntagma Square) and other areas of Athens.

The decision at issue is not publicly available while the relevant announcement about the decision on the Hellenic Police website is broad and vague, without any mention whatsoever of the specific characteristics of the portable systems that were operated.

Uncertainty is, therefore, being created concerning the type of portable systems used in the operations of the Hellenic Police at that specific moment (e.g. drones, portable cameras on a stick etc) and the citizens signing the letter request to be informed about the types of portable surveillance systems that were actually used by the Hellenic Police, and are asking whether the Hellenic Police consulted with the Data Protection Authority in advance and whether it conducted an impact assessment of the envisaged data processing operations before the use of the surveillance systems.

Finally, the citizens request access to this particular decision so as to examine it for the purpose of determining that the necessary safeguards are met and, if necessary, in order to exercise the legal protection rights laid down by the relevant legislation.

If you want to learn more about Homo Digitalis’ activities with regard to the use of intrusive technologies such as drones, cameras and face recognition technologies in public spaces, you can visit our ReclaimYourFace (link in Greek) campaign.

Finally, you can also read about this action on the Reporters United webpage.

Today, December 9th 2020, Homo Digitalis requested from the Data Protection Authority an opinion on the use of special number 13033 and on the processing of personal data of all citizens within the Greek territory which takes place upon sending a message to that number.

The number is being used during the two lockdowns imposed in Greece for the prevention of COVID-19 spread, for exceptional movement.

In light of:

1) the widespread use of the service of sending SMS to 13033 by the citizens within the Greek territory in the recent past, at present and in the near future

2) the incomplete and problematic personal data protection policy issued by the General Secretariat for Civil Protection

3) the great uncertainty that has grown among citizens regarding the use of this number and the extent of intrusion into their privacy

It is imperative that the Data Protection Authority issue immediately an opinion in accordance with its competences.

The full text of the request of Homo Digitalis is available here (link in Greek).

The reactivation of 13033 brought back a lot of questions as regards the protection of personal data of citizens. Homo Digitalis sent an open letter to the General Secretariat for Civil Protection today, 2nd December 2020.

In our open letter we highlighted many gaps that exist in their Policy on the Protection of Personal Data, which is uploaded in forma.gov.gr.

Since recent statements by government officials and publications in the media have strengthened the confusion and insecurity of citizens as regards the use of the special number 13033, we deemed necessary to receive replies as regards specific questions by the General Secretariat for Civil Protection.

More specifically, our questions were:

1. Does the service of 13033 foresee a process of denial of exit from home for citizens? If so, which are the criteria considered?
2. Does autonomous decision-making or profiling take place? If yes, which are the criteria considered?
3. Which are the criteria that lead either to the final deletion or the anonymisation for statistical purposes as described in the Policy on the Protection of Personal Data?
4. Which process is followed for the anonymisation of personal data?
5. How long is data being stored?
6. Where is data being stored?
7. Does transfer of data to third-parties take place, and if yes, to which parties and for which purposes?
8. According to the Policy on the Protection of Personal Data, there is a process foreseen as regards the processing of requests by citizens in relation to the rectification or deletion of their personal data or the limitation of their processing or their right to object to the respective process. Is this process feasible in light of the provision which states that the personal data of the user are either deleted or anonymised the moment the user receives a reply on their phone?

The open letter was published to the Hellenic Data Protection Authority, the Hellenic Authority for Communication Security and Privacy (ADAE), the Minister of State and Digital Governance, Mr Pierrakakis and to the General Secretary for Trade and Consumer Protection, Mr Stampoulidis.

We would like to remind you that Homo Digitalis sent a relevant open letter during the first wave of the pandemic in our country, which remains unanswered.

The open letter is available here. (in Greek)

The pandemic forced schools all over Greece to continue their operation through distance learning. However, this is not enough to stop the reinforcement of outreach and awareness raising of the students as regards their digital rights!

On the 26th and 27th November, Homo Digitalis had the pleasure to organise presentations online to students of the 6th grade of the “Costeas Geitonas” school.

Konstantinos Kakavoulis, Stefanos Vitoratos, Panagiotis Gialis, and Ariana Rapti spoke to the students about cyberbullying and the ways of tackling it.

The students logged in from their homes and showed great interest for an issue concerning them more than ever.

We sincerely thank the teachers in charge and the school administration for the invitation and the smooth organisation!

Homo Digitalis stars in the second episode of the new season of “Defenders of Digital”.

This is a mini-documentary series of Tomorrow Unlocked with the support of Kaspersky regarding internet rights defenders.

In the series people and organizations fighting all around the world for the protection of free internet and human rights in the digital era present their stories.

The first season was a huge success with over 20 million viewers!

In the new episode Konstantinos Kakavoulis, Eleftherios Chelioudakis and Stefanos Vitoratos present the organization and talk about the battle of digital rights and the dangers deriving from algorithmic content control.

Watch the episode here and get to know our organization better!

A big thank you to the production company Giants and Titans and to the cinematographers Konstantinos Kalavrezos and Alexandros Masmanidis for the excellent results.

On the 27th November, Homo Digitalis participated in an online meeting of stakeholders organised by the European Data Protection Board (EDPB) with regard to the use of purposes for legitimate uses sought by the controller or a third-party as the legal basis of processing personal data.

It was a great pleasure and honour to take active part in the discussions that took place raising arguments and promoting the protection of subjects of the data against private interests, together with representatives of recognised organisations such as noyb and Access Now.

We focused our attention on the use of the respective legal basis for the processing of personal data in specific sectors, in which profound challenges have been observed as regards the protection of personal data of the subjects of those data, such as the sector of services of behavioural advertising online.

We are certain that the European Data Protection Board with the guidelines that they will publish in the near future will set the bar high promoting the protection of the subjects of these data.

Stay tuned, as significant activities in the field of behavioural advertising will soon be organized by the team of Homo Digitalis.