Following the investigation by Forbiden Stories and Amnesty International and the major revelations about the #PegasusProject and the use of NSO’s services by governments and other clients for illegal spying purposes, over 170 organisations and experts, including Homo Digitalis, are today, 27 July 2021, co-signing a joint letter calling on states to suspend the purchase, transfer and use of surveillance technologies!

Read the text of the letter and learn more about the #PegasusProject here.

From August 2 to September 30, 2021, an excellent educational event will take place online, with top speakers, including many members of the Council of Europe’s Standing Committee on Artificial Intelligence (CAHAI)!

The summer school is organized by Istanbul Bilgi University under the auspices of the Global Network of Internet & Society Centers, the leading association of research centers in the field of law and new technologies worldwide.

Registration is open until Monday 26 July!

We would like to thank Prof. Leyla Keser and her team for the kind invitation and the excellent cooperation within the CAHAI working groups!

Homo Digitalis will participate in a panel taking place on September 23 along with the excellent Francesca Fanucci and Daniel Leufer from European Center for Not-for-Profit Law Stichting and Access Now respectively. Our organization will be represented by our co-founding member and board secretary Lefteris Helioudakis.

You can see the program, speakers and register ;until 26/7 here.

On 23 June 2021, the Plenary of the Personal Data Protection Authority met to examine the appeals of 5 citizens against the General Secretariat for Civil Protection. The appeals relate to the failure to satisfy the right of access to personal data, as provided for by Greek and European legislation.

Homo Digitalis represented the 5 applicants at the meeting and subsequently submitted a memorandum to the Data Protection Authority. According to European legislation the threatened fine for the GDPR is up to 20 million euros per breach.

The decision of the Data Protection Authority on the case is expected soon.

Brief Background

On 23.11.2020, the applicants proceeded to exercise their right of access to the Controller, General Secretariat for Civil Protection (GSCP), on the basis of Article 15 of the GDPR, by means of an email to the Controller’s address info@gscp.gr, as stated in the GSCP’s Privacy Policy for the use of 13033.

As set out in the GDPR (Article 12(3)), and noted in the 13033 Privacy Policy, the controller must comply with this right without delay and at the latest within one month of the request.

The GGP as controller in breach of the provisions of Article 12(1)(a) of the GDPR shall, in its capacity as controller, ensure that the data are made available to the data subject without undue delay and without undue delay and in full knowledge of the facts. 3 and 4 of the GDPR, failed to reply to the complainants within one month of receipt of the request and failed to inform them, as it was required to do, within one month of the possible impossibility of responding immediately and satisfying their request and of the reasons for the delay, requesting a further extension of the time limit, in breach of the provisions of Article 12(3) and (4) of the GDPR. Moreover, it failed to inform the applicant within one month of the reasons for its failure to act and of the possibility of lodging a complaint and bringing a legal action (Article 12(4) of the GDPR).

In view of the above, two and a half months after exercising the right of access and having received no response from the GGPD, the applicants proceeded on 8/2/2021 to lodge the complaints under consideration before the Personal Data Protection Authority (the Authority).

The Authority invited the GDPR to submit the views on 16-02-2021. The GPO did not respond to this request of the Authority either.

To date (7 months later) the applicants have not received any response to the access requests. A copy of the views of the GSC was first communicated to them on 29 June 2021 following their request to the Authority.

It is noted that the views of the GPO were submitted to the Authority on 18 June 2021 after a significant delay of more than four months. At the first meeting, the GGP submitted a request for postponement of the discussion on the sole ground that the Secretary General for Civil Protection wished to represent the GGP in person, without having presented its views on the appeals up to that point. The request was granted, but the Secretary General did not even attend the adjourned debate.

The subject matter of the appeals is the failure to provide full and correct information and the failure to satisfy the right of access under Articles 15 and 12 of the GDPR.

The European Parliamentary Research Service (EPRS), which is the internal research service and think tank of the European Parliament, makes explicit reference to our actions at national level in its new study published at the beginning of July on the use of AI in the field of border protection!

Of course, important references are also made to the European Citizens’ Initiative #ReclaimYourFace!

You can read the study completely free of charge here.

Homo Digitalis participated on 1 July in the SEE Digital Rights Network event on the challenges that arise in the Balkan region for the protection of digital rights.

The event included the presentation of the relevant study by BIRN and SHARE Foundation.
Lefteris Helioudakis, founding member and Secretary of the Board of Homo Digitalis represented the organization at the event.

Σβήνεις και γράφεις εδώ…………………………

Μετά από πολλές σημαντικές συνεργασίες με κορυφαία πανεπιστήμια και ερευνητικά κέντρα σε Ελλάδα, Ευρώπη και Η.Π.Α., η Homo Digitalis επεκτείνει τις συνεργασίες της και στην Ασία.

Με μεγάλη μας χαρά υπογράψαμε μνημόνιο συνεργασίας με το ερευνητικό κέντρο Centre for Law and Technology της Νομικής Σχολής του Ziauddin University στο Πακιστάν με στόχο την ανάπτυξη κοινών εθελοντικών προγραμμάτων έρευνας και ευαισθητοποίησης του κοινού για ζητήματα που αφορούν, μεταξύ άλλων, την προστασία των προσωπικών δεδομένων, το σεβασμό της ιδιωτικής ζωής και την ελευθερία της έκφρασης στη σύγχρονη ψηφιακή εποχή

A coalition of civil society organisations consisting of Privacy International, Hermes Center, Homo Digitalis and noyb have today, 27/5/2021, filed 5 complaints before the competent authorities in Austria, France, Greece, Italy, Greece and the United Kingdom against Clearview AI, Inc. This company develops facial recognition software and claims to have “the largest known database of more than 3 billion facial images” which it collects from social media platforms and other online sources.

The complaints filed with the relevant authorities, including the Data Protection Authority (No. 3458/27.5.2021), detail how Clearview AI’s automated image collector works. It is an automated tool that visits public websites and collects any images it detects that contain human faces. Along with these images, the automated collector also collects metadata that complements these images, such as the title of the website and its source link. The collected facial images are then matched against the facial recognition software created by Clearview AI in order to build the company’s database. Clearview AI sells access to this database to private companies and law enforcement agencies, such as police authorities, worldwide.

“European law is clear regarding the purposes for which companies can use our data,” says Ioannis Kouvakas, a lawyer at Privacy International. “Mining our facial features or sharing them with the police and other companies far exceeds our expectations as internet users.”

“It seems that Clearview mistakenly believes that the internet is a public forum from which anyone can grab whatever they want,” adds Lucie Audibert, a lawyer at Privacy International. “This perception is completely wrong. Such practices threaten the open nature of the internet and the countless rights and freedoms it encompasses.”

The relevant authorities now have 3 months to respond to our complaints. We expect them to cooperate and jointly decide that Clearview AI’s practices have no place in Europe.

Clearview AI became internationally known in January 2020 when a New York Times investigation revealed its practices, which until then had been shrouded in a veil of mystery. The 5 complaints filed add to a series of investigations launched following these revelations.

“Just because something is on the internet does not mean that others can use it in any way they wish. The Data Protection Authorities need to take action,” says Alan Dahi, a privacy lawyer at noyb.

Other reports made it known that Clearview AI had developed partnerships with law enforcement authorities in several European countries. In Greece, following questions submitted by Homo Digitalis, the Greek police have officially stated that they have not used the services of this company. “It is important to intensify the control. Data Protection Authorities have strong investigative powers and we need a
coordinated response to such collaborations between public and private entities,” says Marina Zacharopoulou, a lawyer and member of Homo Digitalis.

Because of its intrusive nature, the use of facial recognition technology, and especially the business models based on it, raises significant challenges for modern societies and the protection of our freedoms. Last month, the Italian Data Protection Authority stopped the use of live facial recognition by police authorities. “Facial recognition technologies threaten our lives both online and offline” says Fabio Pietrosanti, President of Hermes Center.

People living in Europe can ask Clearview AI if their face is in the company’s database and demand that their data be deleted. Privacy International has outlined the relevant steps in detail here.

Of course, support for the European #ReclaimYourFace initiative, which aims to end mass biometric surveillance in public places, is also important.

You can read more in the respective informative articles posted by Privacy International, noyb and Hermes Center.

You can read the complaint here.