Homo Digitalis on the Advisory Committee of the new Jean Monnet Chair in Mediterranean Digital Societies & Law
It is a great honour and pleasure for Homo Digitalis to be a member of the Advisory Committee of the new Jean Monnet Chair in Mediterranean Digital Societies & Law, Professor Alessandro Mantelero of Politecnico di Torino.
The aim of this chair is to promote Mediterranean studies in computer law through interdisciplinarity, contributing to reduce the existing gap in the field of computer law that affects Mediterranean countries, which are often underrepresented in the global arena. The Chair wishes to strengthen the voice and participation of Mediterranean stakeholders in the debate on EU legislation and policy and the development of human-centred digital societies by harnessing the benefits of artificial intelligence.
Homo Digitalis will be represented by the Secretary of the Board of Directors, Eleftherios Chelioudakis, who will deliver the keynote speech at the opening seminar on 5 April.
You can see the full programme of the seminar in the event poster and watch the seminar at this link on the day of the event.
A major success for civil society in Greece: The Hellenic DPA launches an investigation into the Ministry of Immigration and Asylum re the YPERION and KENTAYROS IT systems
On Wednesday 2 March, the Hellenic Data Protection Authority (DPA) launched an investigation into the Ministry of Immigration and Asylum regarding the supply and installation of the YPERION and KENTAYROS systems in reception and accommodation facilities for asylum seekers.
Specifically, following the successful submission of a request submitted on 18 February by the organisations (in alphabetical order) Hellenic League for Human Rights, HIAS Greece, and Homo Digitalis together with the Lecturer of Queen Mary University of London Dr. Niovi Vavoula before the President of the Hellenic DPA, the Authority addressed a communication to the Ministry of Immigration and Asylum inviting it to inform it immediately about:
– the specific legal basis for the processing of personal data in the context of the operation of YPERION and KENTAYROS systems; and
– the carrying out of an impact assessment study on the impact of the processing on the protection of personal data, taking into account that in the case of the procurement of surveillance and monitoring systems, the carrying out of an impact assessment regarding their operation must be carried out not only before their operation, but also before their procurement, in order to comply with the principles of data protection by design and by default.
As the DPA states, together with the request for investigation we had filed, they had also received a request for information from the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE Committee) on the surveillance technologies generally used at our country’s borders.
We recall that the YPERION system will be the asylum seeker management system with regard to all the needs of the Reception and Identification Service and will be responsible for access control (entry – exit via security turnstiles), by showing an individual card of a migrant, NGO member, worker and simultaneous use of fingerprints), the monitoring of benefits per asylum seeker using an individual card (food, clothing supplies, etc.) and the movements between the centres, KIDNs and Accommodation Facilities. The KENTAYROS system will be the digital system for managing electronic and physical security around and inside the facilities, using cameras and Artificial Intelligence Behavioral Analytics algorithms.
You can read the relevant letter sent by the DPA to the Ministry of Immigration and Asylum here.
You can read more about the joint request for research filed in February here.
ΕDRi and other 70 CSOs call EU Member States to take the right approach during DSA trilogue
Ahead of the #DigitalServicesAct negotiations, EDRi, Amnesty International, Civil Liberties Union for Europe and 69 civil society organisations call on 20 ministries and state secretaries in the Netherlands, Denmark, Germany, France, Spain, Italy, Luxembourg, Austria, Croatia to BAN #DarkPatterns and pervasive online tracking practices and preserve privacy.
If done right, the #DSA can ensure that you are part of a rights-respecting online environment, in which you have the power to make truly informed choices and where the online advertising industry respects your rights and freedoms.
During the ongoing Trilogue negotiations, we urge the Member States to defend people and push against toxic #BigTech business models. .
You can read our joint letter here.
Urging EU to ban AI predictive & profiling systems in law enforcement & criminal justice
AI systems are used to profile people and areas to predict crime, leading to over-policing, surveillance and imprisoning of racialised groups.
That’s why 40+ civil rights organisations led by EDRi and Fair Trials urge the EU to BAN AI predictive & profiling systems in law enforcement & criminal justice in the #AIAct.
Affected people must have clear & effective routes to challenge the use of these systems.
Read the full statement here.
The Hellenic DPA is requested to take action again the deployment of ICT systems IPERION & KENTAUROS in facilities hosting asylum seekers in Greece
Homo Digitalis together with The Hellenic League for Human Rights, HIAS Greece and Dr. Niovi Vavoula, Lecturer at Queen Mary University of London submitted before the President of the Hellenic Data Protection Authority (HDPA) on 18.2.2022, a request for the exercise of its investigative powers regarding the deployment of the ICT systems IPERION and KENTAUROS in facilities hosting asylum seekers in Greece (protocol number 2515/18.02.2022).
In particular, as described in the relevant website of the Ministry of Digital Governance for the area of migration and asylum, as well as in the annual action plan of the Ministry of Immigration and Asylum:
-The ΙPERION system will be the asylum seekers’ management system with regard to all the needs of the Reception and Identification Services. It will include a detailed record of the data of asylum seekers and it will be interconnected with the ALKYONI II system with regard to the asylum application. In addition, it will be the main tool for the operation of all related facilities as it will be responsible for access control (entry – exit through security turnstiles, with the presentation of an individual card of a migrant, NGO member, worker and simultaneous use of fingerprints), the monitoring of benefits per asylum seeker using an individual card (food, clothing supplies, etc.) and movements between the different facilities. At the same time, the project includes the creation of a mobile phone application that will provide personalized information to the user, will be his/her electronic mailbox regarding his/her asylum application process and will enable the Service to provide personalized information. It is important to note that the IPERION system is presented by the Ministry of Digital Governance as a system that will be completed in the medium term and its construction – installation is already underway. Furthermore, explicit reference is made to this system in Article 7(2) of the General Regulation on the Operation of Closed Controlled Island Facilities. Therefore, it is understood that the IPERION system will process biometric and biographical data of asylum seekers, as well as of NGO members visiting the relevant structures and of people working in them.
-The KENTAUROS system will be a digital system for managing electronic and physical security around and inside the facilities, using cameras and Artificial Intelligence Behavioral Analytics algorithms. It includes centralised management from the headquarters of the Ministry of Digital Governance and the following services: Signaling perimeter breach alarms using cameras and motion analysis algorithms; signaling of illegal behavior alarms of individuals or groups of individuals in assembly areas inside the facility; and use of unmanned aircraft systems to assess incidents inside the facility without human intervention, among other functions. It is noted that the KENTAUROS system is presented by the Ministry of Digital Governance as a system that will be completed in the medium term and its construction – installation is planned. Therefore, it is understood that the KENTAUROS system is incorporating highly intrusive technologies, such as behaviour analysis algorithms, drones and closed circuit surveillance cameras, which create important for challenges for the protection of privacy, personal data and other rights
It is worth noting that Homo Digitalis submitted on 13 October 2021 a request for information re IPERION and KENTAUROS systems before the Secretary General for Asylum Seekers of the Ministry of Immigration and Asylum, Mr Logothetis. Nevertheless, Homo Digitalis did not receive a response from the competent bodies, even though the relevant deadline for reply has already expired.
Based on all of the above, it is understood that there is a serious risk that the installation of these systems could violate the European Union legislation on the processing of personal data and the provisions of Law 4624/2019, while there is also a significant risk that the installation of these systems without the preparation of the necessary Data Protection Impact Assessment may cause a serious violation of the rights and freedoms of data subjects who are hosted in this facilities, visit the facilities, or are employed in them. Finally, the possible creation of databases (including biometric data and other special categories of data) to assist the operation of these systems is not foreseen by any national legal rule providing the necessary safeguards for the rights of data subjects, thus raising significant challenges.
The Hellenic Coast Guard wants to acquire social media monitoring software: The Hellenic DPA is urged to exercise its investigative and supervisory powers
Homo Digitalis together with The Hellenic League for Human Rights, HIAS Greece, Privacy International and the researcher Phoebus Simeonidis submitted before the President of the Hellenic Data Protection Authority (HDPA) on 14.2.2022, a request for the exercise of its investigative powers regarding a procurement tender published by the Hellenic Coast Guard for the acquisition of a Social Media Data Collection Software (protocol number 2322/15/2/22 ).
Specifically, as pointed out on 2/2/2022 by researcher Phoebus Simeonidis, in the framework of the European Commission’s “Internal Security Fund” (ISF) program, the Coast Hellenic Guard – Ministry of Maritime Affairs published a tender for the “Upgrade/maintenance of the computer room of the Directorate of Maritime Border Security and Protection” with a total estimated contract value of seven hundred and thirty thousand euros #730.000,00€# (including VAT and other deductions).
One of the deliverables described in this call for tender (see page 34 et seq.) is the supply of Social Media Data Collection Software (hereinafter referred to as Software). As explicitly stated by the Ministry of Maritime Affairs in this notice, the Software should support the social networks Facebook, Twitter, VK, Xing, Instagram, and Telegram, and some of the necessary features as described are:
– The creation of a visualization of multiple correlations (friends, comments, posts, likes and followers).
– The identification of user identifiers including their searches, and
– The simulation of human activity to avoid account blocking.
Specifically for Facebook, the software should allow, among other functions, storage of a profile’s public contact list, storage of all 2nd degree public contacts, storage of public timeline posts (including images, videos, linked YouTube videos, comments and reactions), storage of image galleries, storage of published account information (employer, residences, education), and searching accounts for specific personal characteristics.
With respect to Twitter, the Software should, among other functions, allow for the storage of audience following a profile list, storage of all public contacts of the 2nd degree (Followers List), and storage of public messages (including images, videos, linked YouTube videos, and likes).
For Instagram, the Coast Guard is seeking the Software to allow, among other things, storage of the follower list, storage of the public list following a profile, storage of public comments per profile by time sequence including images, videos, linked YouTube videos, and storage of timelines and Profile Stories.
With regard to Telegram, the software must allow the storage of participants in group conversations (up to 10,000 participants), as well as the storage of the full content of each group conversation (text and photos or other material shared in them).
It is therefore clear that the software in question seeks to monitor an indeterminately large number of users of the social networks in question, and to collect, process and analyse their information, without indicating the purpose of the processing operations, the legal bases that allow them and any other safeguards for the protection of personal data, as the European Data Protection Supervisor has expressly stated in a case of similar software maintained by the European Support Office for It is also worth noting that the European Border and Coast Guard Agency (FRONTEX) had in 2019 withdrawn a related call for tender for the procurement of similar social media data collection software, following a successful action by Privacy International.
Thus, the procurement of this software will be a clear challenge to the right to the protection of personal data and respect for the principle of lawfulness of processing, the principle of purpose limitation and the principle of proportionality (data minimisation) as outlined in EU and national legislation, as well as the rights to respect for privacy and freedom of expression.
Also, the creation of a fake account simulating human activity is contrary to the terms of use of social media and messaging mentioned in the tender, while the logging of searches of third party accounts is a highly intrusive activity. Of course, highly intrusive is also the recording and monitoring of group conversations on Telegram.
References to Homo Digitalis in a new study by AlgorithmWatch
The new study by AlgorithmWatch as part of the Tracing the Tracers project is now a fact. Researchers cover technological developments in a number of EU member states, with our very own Eleftherios Chelioudakis, co-founder of Homo Digitalis and Secretary of our Board of Directors, covering the research for Greece and Cyprus.
Significant references are made to Homo Digitalis’ actions on a number of important issues regarding the use of algorithms and other technologies to address the pandemic by the Greek authorities.
You can read the text of the study for free here.
Joint Announcement by the Hellenic League for Human Rights & Homo Digitalis: A Missed Opportunity for the Education of Students Facing the Challenges of the Digital Age
On 16 November, the Independent Authority for the Protection of Personal Data (hereinafter the Authority), in the context of its constitutionally enshrined role, published its decision No 50/2021 on the implementation of the e-learning system in primary and secondary education during the pandemic. In this decision, the Authority examined ex officio the compliance of the Ministry of Education with the recommendations of its Opinion No 4/2020 and identified certain shortcomings and violations of personal data legislation, for which it reprimanded the competent Ministry of Education and Religious Affairs, setting a deadline for compliance.
In particular, the Authority examined the updated Data Protection Impact Assessment and found deficiencies in areas such as: (a) as regards the Ministry’s detailed investigation of the legitimacy of the processing purposes; (b) the information provided to data subjects on the operation of the system; (c) the security measures in place; (d) the expression of the opinion of data subjects or their representatives on the envisaged processing; (e) the proper assessment of the transfer of data to countries outside the EU.
A simple reading of the Authority’s 46-page detailed decision shows the extreme moderation in its tone, the high degree of restraint and its generally mild character, which is also apparent from the emphasis it places on the objective nature of its remarks. The Authority also took its decision at a time when tele-education was not in operation, so as not to disturb the smooth functioning of the educational instruction. It leaves no doubt in the mind of a bona fide observer that the purpose and spirit of the Authority is to improve the system so that, if it should, by any chance, have to be reopened, it will be under improved conditions of protection of users’ personal data. It should be noted that the reprimand that the Authority has issued is one of its most lenient remedial powers, as the General Data Protection Regulation (GDPR) allows for very high administrative fines, which can amount to several million euros per violation.
The Authority has provided the Ministry with an ideal opportunity to use its findings, in particular with regard to the information provided to data subjects, the security measures in place and the expression of data subjects’ views on the processing, so that the Ministry can integrate them into the educational process in order to deepen the education of pupils on their rights in the face of the challenges of digital technology. In this way, the Ministry would set a good example, showing that the public authority is always trying to improve and enhance the level of protection of the personal data of the users of its services.
Unfortunately, the Ministry of Education and Religious Affairs did not seize this opportunity. It issued a statement in an extremely strong tone and, what is worse, included in it its response to the Official Opposition, revealing an attempt to question the independence of the Authority in order to politicise it. The Ministry of the Interior has committed a serious institutional faux pas and committed a major institutional impropriety by manifesting, quite unjustifiably, a spirit of antagonism towards the Authority and by using strong language, such as: “Due to the sudden change of course on the part of the Authority and bypassing its ongoing dialogue with the Ministry of Education and Religious Affairs”, “no deviations from the data protection rules were ever pointed out, and certainly not those just invoked for the first time by the Authority to justify its new decision”, ‘while tele-education is no longer applied and our schools have returned to normal, an extraordinary meeting is curiously convened’, ‘to date, no failure has ever been pointed out by the Authority in relation to the information provided in the midst of the pandemic’, ‘the Ministry of Education and Religious Affairs certainly respects the Decisions of the Independent Authorities.
Unfortunately, the Ministry of Education and Religious Affairs did not seize the opportunity. However, these decisions are subject to judicial review.” The Hellenic League for Human Rights calls on the Executive and in particular the Government and the Ministries not to undermine the position and work of the Independent Authorities and to accept the constitutional role of the Independent Authorities which are the guardians of citizens’ rights and stand by society against public and private authorities that threaten fundamental rights, especially in the digital age. Already many of the Independent Authorities face significant challenges as they operate with limited financial and human resources. Ministers must learn to be accountable to the Independent Authorities and must cooperate with them, because ultimately the Independent Authorities derive their authority from the enlarged majority of the Parliament that has elected them and from the authority of the fundamental rights enshrined in the Constitution, the ECHR and the EU.
The public questioning of the work of the constitutionally guaranteed Independent Authorities by Ministers, with expressions and positions that constitute a direct accusation of a lack of integrity and independence, may damage the credibility of the Independent Authorities, the foundations of their operation and ultimately the protected trust of citizens.
Such actions directly challenge the popular mandate for the establishment and functioning of the constitutionally enshrined Independent Authorities and are within the limits of the democratic order, if not beyond it.Ministers do not exercise hierarchical control over the Independent Authorities. They are well advised to respect the few remaining counterweights to authority in this country, for the sake of the citizens.
Instead of these actions, Ministers should seek to strengthen the Independent Authorities that have greater needs with further financial resources and human resources. Such a development would clearly be very positive in terms of strengthening the control of the executive, with the direct effect of strengthening the foundations of our democratic constitution.
The work of CAHAI was completed
After more than 18 months of active involvement in the work of the Council of Europe’s Ad Hoc Committee on Artificial Intelligence (CAHAI), Homo Digitalis has completed its cycle of activities.
Our organisation had the great honour and pleasure to actively participate both in the plenary sessions of CAHAI and in specific working groups, such as the Policy Development Group and the Legal Frameworks Group, together with important civil society organisations.
Homo Digitalis’ representative at all CAHAI proceedings was co-founder and Board Secretary Eleftherios Chelioudakis.
You can see the composition of CAHAI here and find out more relevant information here.