On January 7^th, a European Citizens’ Initiative (ECI) was published on the website of the European Commission, calling for a ban on biometric mass surveillance practices (protocol number ECI(2021)000001). Homo Digitalis has the great pleasure to actively participating in this initiative.

We call on the European Commission to strictly regulate the use of biometric technologies in order to avoid undue interference with fundamental rights. In particular, we ask the Commission to prohibit, in law and in practice, indiscriminate or arbitrarily-targeted uses of biometrics which can lead to unlawful mass surveillance. These intrusive systems must not be developed, deployed (even on a trial basis) or used by public or private entities insofar as they can lead to unnecessary or disproportionate interference with people’s fundamental rights.

Our goal is to collect 1 million signatures within 12 months from citizens residing in 7 different Member States, at least. Undoubtedly, this is a very difficult, but important endeavor.

We will start collecting signatures in the beginning of February, so stay tuned!

It is a great pleasure and honor for Homo Digitalis that two of our founding members are actively participating in this initiative. More precisely, Konstantinos Kakavoulis is the Data Protection Officer of this ECI, while Eleftherios Chelioudakis is one of the ECI’s citizens- members.

You can read in detail all related info on EC’s website here.

On December 27, Homo Digitalis will have the great honor to speak at Remote Chaos Experience (rC3), which is the online version of the Chaos Communication Congress for 2020, due to the pandemic.

The conference is organized by the Chaos Computer Club, which is the largest hacker association in Europe, and is the best-known European conference of its kind and has been held annually since 1984.

There, Homo Digitalis together with EDRi, HERMES Center for Transparency and Digital Human Rights and Share Foundation will talk about the ReclaimYourFace campaign, the actions in Greece, Italy and Serbia and the next stages of the campaign at European level.

Homo Digitalis will be represented by our co-founding member and secretary of the Board, Elefterios Chelioudakis, while the other organizations will be represented by Andrea Belu, Ella Jakubowska, Filip Milosevic and Riccardo Coluccini.

You can learn more about our panel here.

You can see the whole program of Remote Chaos Experience (rC3), here.

Last week, the Council of Europe’s Standing Committee on Artificial Intelligence (CAHAI) adopted at its last plenary session for 2020 the Feasibility Study of a Legal Framework for Artificial Intelligence.

Our co-founding member and secretary of the Board Eleftherios Chelioudakis, represented Homo Digitalis during the three-day plenary session (December 15-17), while also as a member of the Policy Development Group (PDG), he actively participated in the writing process of the relevant study for the last 4 months.

At the beginning of 2021 the study will be officially presented to the Committee of Ministers of the Council of Europe. The beginning of the working process of the  Legal Framework Group (LFG), which will be responsible for the preparation of specific legal proposals for adoption, is also expected. Homo Digitalis also participates as a member in this working group.

Will we have a Convention on Artificial Intelligence from the Council of Europe  in the future? Nobody knows yet, but it appears that the Council of Europe is carefully considering this option as well, unlike other bodies that insist on adopting ethical guidelines without a legal basis.

We are very happy that several of our proposals have been adopted and are being part of  the final text of the Study.

You can read more about the CAHAI Study and its work on the official website of the Council of Europe.

On Thursday, December 10, 2020, Eva Davaki and Angeliki Tiligadi represented Homo Digitalis at an online event organised by the Devstaff Community.

The two members of Homo Digitalis talked about “Privacy and processing of biometric data in public places, as well as the pan-European campaign “Reclaim Your Face””.

In particular, the campaign was launched by Homo Digitalis and 9 other European civil society organisations and aims to ban mass biometric surveillance, without transparent procedures and a clear legal framework.

Support our campaign by signing up on our website now!

The event was also attended by Caprice Community of FORTH, presenting the CAP-A platform, which enhances the privacy of Android app users.

Today, Homo Digitalis joined forces with other civil society organizations, namely Asociatia pentru Tehnologie si Internet (ApTi) from Romania, D3 – Defesa dos Direitos Digitais from Portugal, GONG from Croatia, Global Human Dignity Foundation from Malta, and the Institut d’information de Chypre from Cyprus. At the same time this morning, we lodged a complaint with the competent regulatory authorities of our countries against the harmful practices of Google Ireland and IAB Europe in the field of online behavioral advertising.

More specifically, within the behavioral advertising industry, fast, automated real-time auctions (real-time bidding, or ‘RTB’) take place, during which technology companies representing advertisers compete for their ads to appear in the advertising space of a website or an application. These RTB auctions currently operate through the retransmission of the personal data of each user who visits a website / application.

Simply put, IAB Europe and Google’s RTB systems broadcast private activities for everything we do and watch online, as well as where we are in the real world, in a large number of companies, hundreds of billions of times every day. More specifically, Google’s RTB system is active on millions of 13.5 sites, while IAB’s RTB system is active on countless others. Thus, the RTB systems of IAB Europe and Google entail a huge and ongoing breach of the legal framework for the protection of personal data.

These complaints are on top of another 15, filed in 2018 and 2019 in the following countries: Belgium, Bulgaria, France, Germany, Estonia, United Kingdom, Ireland, Spain, Italy, Luxembourg, the Netherlands, Hungary, Poland, Slovenia And the Czech Republic. Based on these complaints, investigations have already been launched by the competent supervisory authorities. This action has been organized by an alliance of organizations, namely the Civil Liberties Union for Europe (Liberties), Open Rights Group (ORG) and Panoptykon Foundation.

Some important first comments from members of Homo Digitalis and other organizations involved in the action:

• Elpida Vamvaka, co-founder and President of Homo Digitalis, reports

“Google’s RTB systems and IAB Europe result in widespread and systematic breaches of data subjects’ rights. We call on the Hellenic DPA to take action and work with the other supervisory authorities at European level to help end such abuse.”

• Eleftherios Chelioudakis, co-founder and Secretary of Homo Digitalis adds:

“The RTB industry relies on a voracious collection of different categories of personal data, which sets under the microscope every aspect of our online behavior. In particular, an ecosystem has been created in which personal data is retransmitted to a huge number of companies without the data subjects having any knowledge and control over their further data processing operations.”

• Finally, Dr. Orsolya Reich, Union of Civil Liberties for Europe (Libertés), emphasizes that:

“Real-time bidding, which is the bedrock of the online advertising industry, is an abuse of people’s right to privacy. The GDPR has been in place since 2018 and it is there precisely to give people a greater say about what happens to their data online. Today, more civil society groups are saying enough with this invasive advertising model and are asking data protection authorities to stand up against the harmful and unlawful practices they use.”

An English Q&A text for the general public is available here.

The full text of our complaint (reg. number 8478 / 10-12-2020) as filed before the Hellenic DPA is available here.

Today, on 9.12.2020, two letters were submitted to the Chief of the Hellenic Police, Mr. Karamalakis, raising key questions and requests for access to documents regarding the use of drones and portable cameras during police operations that took place in Athens on the anniversary of the Polytechnic uprising (15-18 of November 2020) and on the day of remembrance of Alexis Grigoropoulos’ death (6-7 of December 2020).

Both letters were notified to the Minister of Citizen Protection, Mr. Chrysochoidis, and to the President of the Data Protection Authority, Mr. Menoudakos.

The letters are co-signed by Greek citizens that live and work in the centre of Athens, among others journalists and lawyers actively involved in the protection of human rights and participating in organizations such as Homo Digitalis, Reporters United (link in Greek) and The Press Project.

It must be understood that the operation of portable surveillance systems, such as drones and portable cameras, can only take place when there is imminent and serious danger of commitment of specific crimes and it is always subject to the prior issuing of a specific decision by the Hellenic Police, which specifically justifies – every time – the fulfillment of the necessary conditions for operation of portable surveillance systems, explains the concrete factual elements established and details the terms of operation of the portable systems.

The first letter (link in Greek) focuses on the prohibition of all public outdoor gatherings on 15-18 of November, during which media and citizens reported that the Hellenic Police made use of camera-bearing drones in Athens in order to get an accurate picture of the situation on the streets of the city.

The citizens request to be informed whether the necessary safeguards and obligations established by national and European legislation were observed, and in particular they ask:

– If the Hellenic Police issued the necessary decision for the operation of portable surveillance systems before the use of drones,

– If the Hellenic Police conducted an impact assessment of the processing operations on the protection of personal data prior to the use of drones,

– If the Data Protection Authority had been previously consulted, and

– If the Hellenic Police possesses multicopter drones which are particularly agile and intrusive in urban environments and, if so, how have they been procured.

In addition, the citizens request access to the documents mentioned above as well as to the drone flight log of the Hellenic Police for the period at issue, in order to ascertain the fulfillment of the necessary conditions laid down by law.

The second letter (link in Greek) concerns Hellenic Police decision No 7001/2/92/1-a to operate surveillance systems on 6-7 of December in the city centre (Exarcheia – Athens University Porch – Syntagma Square) and other areas of Athens.

The decision at issue is not publicly available while the relevant announcement about the decision on the Hellenic Police website is broad and vague, without any mention whatsoever of the specific characteristics of the portable systems that were operated.

Uncertainty is, therefore, being created concerning the type of portable systems used in the operations of the Hellenic Police at that specific moment (e.g. drones, portable cameras on a stick etc) and the citizens signing the letter request to be informed about the types of portable surveillance systems that were actually used by the Hellenic Police, and are asking whether the Hellenic Police consulted with the Data Protection Authority in advance and whether it conducted an impact assessment of the envisaged data processing operations before the use of the surveillance systems.

Finally, the citizens request access to this particular decision so as to examine it for the purpose of determining that the necessary safeguards are met and, if necessary, in order to exercise the legal protection rights laid down by the relevant legislation.

If you want to learn more about Homo Digitalis’ activities with regard to the use of intrusive technologies such as drones, cameras and face recognition technologies in public spaces, you can visit our ReclaimYourFace (link in Greek) campaign.

Finally, you can also read about this action on the Reporters United webpage.

Today, December 9th 2020, Homo Digitalis requested from the Data Protection Authority an opinion on the use of special number 13033 and on the processing of personal data of all citizens within the Greek territory which takes place upon sending a message to that number.

The number is being used during the two lockdowns imposed in Greece for the prevention of COVID-19 spread, for exceptional movement.

In light of:

1) the widespread use of the service of sending SMS to 13033 by the citizens within the Greek territory in the recent past, at present and in the near future

2) the incomplete and problematic personal data protection policy issued by the General Secretariat for Civil Protection

3) the great uncertainty that has grown among citizens regarding the use of this number and the extent of intrusion into their privacy

It is imperative that the Data Protection Authority issue immediately an opinion in accordance with its competences.

The full text of the request of Homo Digitalis is available here (link in Greek).

The reactivation of 13033 brought back a lot of questions as regards the protection of personal data of citizens. Homo Digitalis sent an open letter to the General Secretariat for Civil Protection today, 2nd December 2020.

In our open letter we highlighted many gaps that exist in their Policy on the Protection of Personal Data, which is uploaded in forma.gov.gr.

Since recent statements by government officials and publications in the media have strengthened the confusion and insecurity of citizens as regards the use of the special number 13033, we deemed necessary to receive replies as regards specific questions by the General Secretariat for Civil Protection.

More specifically, our questions were:

1. Does the service of 13033 foresee a process of denial of exit from home for citizens? If so, which are the criteria considered?
2. Does autonomous decision-making or profiling take place? If yes, which are the criteria considered?
3. Which are the criteria that lead either to the final deletion or the anonymisation for statistical purposes as described in the Policy on the Protection of Personal Data?
4. Which process is followed for the anonymisation of personal data?
5. How long is data being stored?
6. Where is data being stored?
7. Does transfer of data to third-parties take place, and if yes, to which parties and for which purposes?
8. According to the Policy on the Protection of Personal Data, there is a process foreseen as regards the processing of requests by citizens in relation to the rectification or deletion of their personal data or the limitation of their processing or their right to object to the respective process. Is this process feasible in light of the provision which states that the personal data of the user are either deleted or anonymised the moment the user receives a reply on their phone?

The open letter was published to the Hellenic Data Protection Authority, the Hellenic Authority for Communication Security and Privacy (ADAE), the Minister of State and Digital Governance, Mr Pierrakakis and to the General Secretary for Trade and Consumer Protection, Mr Stampoulidis.

We would like to remind you that Homo Digitalis sent a relevant open letter during the first wave of the pandemic in our country, which remains unanswered.

The open letter is available here. (in Greek)