We are particularly delighted to announce, as on a basis of a proposal from the VUB University of Brussels and the d.pia.lab (Brussels Laboratory on Data Protection and Privacy Impact Assessments), that Homo Digitalis is now member of the Advisory Committee of PERSONA Project.

PERSONA Project is an innovative research project, with a duration period of 30 months, which is financially supported by the European Union in the context of Horizon 2020 programme.

PERSONA’s research team includes 11 operators, who represent 9 European States plus Israel. VUB University acts as the coordinator of the project.

The aim of PERSONA is to create a specific designed, unified method for impact assessment and to assess a range of technological tools used at the borders of states to identify people, considering ethical, legal and regulatory aspects, the right to privacy and data protection, the principle of non-discrimination and other social matters.

The Advisory Committee will monitor the project and ensure that it will be compliant with all the ethical, legal and social requirements.

Homo Digitalis’s  Mr Konstantinos Kakavoulis will represent our organisation in the Committe.

On September 26, 2019, Homo Digitalis’s Konstantinos Kakavoulis and Emmanouil Tzivieris attended the OTE Academy premises in Maroussi of Attica region, invited by the Hellenic (ISC)² Chapter and its President, Mr. Dimitrios Patsos.

They made a presentation to the members of the Hellenic (ISC)² Chapter and discussed Homo Digitalis’s interesting activities, as well as the new Greek law 4624/2019 regarding personal data processing.

After the presentation, discussion was held with the members of Hellenic (ISC)² Chapter.

The (ISC) 2 is the international professional association for information security.

We would like to wholeheartedly thank Mr. Patsos and all the members of the Hellenic (ISC)² Chapter for their invitation.

On Tuesday the 24th of September 2019 at 6 p.m. the​ Institute for Privacy Law, Data Protection, and Technology, established by the European Public Law Organization (EPLO), and the Athens Bar Association are holding an event under the name:

‘Law 4624/2019 on personal data: An initial discussion’ ​

at Athens Bar Associations’ events venue​.

As the keynote speaker,representing Homo Digitalis, Mr. Konstantinos Kakavoulis will commence a discussion regarding personal data, along with distinguished academics and professionals in the personal data sector in our country.

Participating in the event will be free of charge, but due to limited spacing you are kindly requested to make a reservation by sending an email to: ​afiumi@eplo.int​ .

Detailed Events Programme:

Greeting:

Dimitrios Vervessos​, Head of Athens Bar Association.

Speakers:

–Lilian Mitrou:​ ​Professor of Privacy and Information Law University of the Aegean (Dept. of Information and Communication Systems Engineering)

–Ioannis Iglezakis: ​Law Professor at Aristotle University of Thessaloniki

–Hara Zerva: ​Lawyer,​ ​D.E.A., GDPR expert, DPO,

–Konstantinos Kakavoulis:​ ​LLM – Lawyer, Homo Digitalis

–Panagiotis Perakis: ​Lawyer, B.O.D. member of Athens Bar Association.

Mr. Konstantinos Menoudakos, President of Hellenic Data Protection Authority (HDPA), Honorary Chairman of the Council of State, will be the events’ coordinator.

Discussion will be held afterwards.

It should be mentioned that the event will be recorded, and the proceedings will be transcribed on a later stage for their publishing. Finally, pictures will be taken.

Our organisation has the great pleasure and honour to be invited to participate in the Working Party of Centre for European Policy Studies (CEPS) on Artificial Intelligence and Cybersecurity. CEPS is a well known think tank with a great amount of research activity and impact on issues related to European Union.

The Working Party will hold its first meeting on 10 September 2019 in Brussels, while  4 more meetings will follow in the upcoming months. Its work will be completed with the publication of a study during the first months of 2020.

Members of the Scientific Council of the Working Party are:

-Joanna Bryson, tenured Associate Professor, University of Bath

-Jean-Marc Rickli, Head of Global Risk and Resilience, Geneva Centre or Security Policy (GCSP)

-Marc Ph. Stoecklin, Principal Research Scientist and Manager of Cognitive Cybersecurity Intelligence (CCSI) group, IBM T.J. Watson Research Center

-Mariarosaria Taddeo, Assistant Professor, Oxford Internet Institute, University of Oxford

We would like to thank the Head of the Working Party Mr. Lorenzo Pupillo and its Rapporteur Mr. Stefano Fnatin for such a gentle invitation. Our organisation will be represented by Mr. Lefteris Helioudakis.

You can learn more about the Working Party and its program of activities here.

On Tuesday, 9 and Wednesday 10 of July 2019, a very important case for the protection of personal data was heard before the Grand Chamber of the European Court of Justice in Luxembourg.

The case is known as “Schrems II”, having received the name of plaintiff Max Schrems. Max Schrems is the founder of one of Europe’s largest digital rights organizations, NOYB-European Center for Digital Rights, based in Vienna, Austria. This is not the first time a case is heard by the European Court of Justice with Mr Schrems. In the case of Schrems I (C-362/14), the Court of Justice found that the US Safe Harbor Transfers of Personal Data did not provide an adequate level of security. Consequently, data transfers under this regime was illegal.

In response to this decision, the European Commission, in cooperation with the US government, has created a new framework for data transfer between the EU and the US. This box was called “Privacy Shield”.

Mr Schrems again turned against the Privacy Shield, arguing that this also does not provide a sufficient level of security for personal data transferred between the EU and the US.

Mr. Schrems makes statements to the media after the end of the case’s hearing

What are the main points of the case?

– Does the case concern all data transfers between the EU and the US?  No, it only concerns data transfers subject to “mass monitoring”. In most cases, there are simple ways to avoid mass surveillance and many productive sectors (banking, aviation, commerce) are not subject to such legislative framework. Mr Schrems’ complaint is related exclusively to Facebook, which, according to the documents published by Edward Snowden in 2013, contributes to the mass surveillance carried out by the US NSA, based on the PRISM program.

– Are all data transfers in the US problematic? No. Both US and EU law make it clear that there is a significant difference between the necessary transfers and unnecessary transfers, which are done for business purposes only (outsourcing).

– What does this mean? Can we continue sending emails to the US or buying air tickets? Of course! Article 49 of the General Data Protection Regulation (GDPR) provides for “exemptions” which allow all data transfers, for example, if they are necessary for the performance of a contract or if the user has explicitly consented to the transfer.

For example, an email must be sent to the US if the recipient is there but it is not necessary to send emails via the US if both the sender and the recipient are located in the EU simply because the server is in the US.

– So what kind of transfers should be stopped? Basically, the outsourcing should be ceased if such processing takes place in the EU or in other countries that provide a high level of protection for personal data.

Background of the case

The case focuses on a complaint by Max Schrems, a lawyer specialised in personal data protection against Facebook in 2013. Six years ago, Edward Snowden revealed that Facebook allows US intelligence services to access Europeans’ personal data under surveillance programs such as PRISM. The complaint seeks to stop EU-US Facebook data transfers.

So far, the Irish Data Protection Commissioner has not taken any concrete steps to stop these transfers.

First refusal and decision of the European Court of Justice on Safe Harbor

The case was first dismissed by the Irish Data Protection Commissioner (DPC) in 2013, then subjected to judicial review in Ireland and referred to the Court of Justice of the European Union. The CJEU ruled in 2015 that the so-called Safe Harbor agreement allowing the transfer of EU-US data was void and that the Irish Commissioner had to investigate the case, which he had initially refused.

Information on the use of “standard contractual clauses”

Surprisingly, the Irish Commissioner informed Mr Schrems in late 2015 that Facebook has in fact never been based on the Safe Harbor agreement which was canceled but was already based in 2013 on “standard contractual clauses” (another data transfer mechanism from EU to the US). This development made the first CJEU’s decision irrelevant to the case.

Second research and education

Mr Schrems adapted his complaint to the transfers made under “standard contractual clauses” and called for the termination of data transfers to Facebook USA, based on the argument that the company gives access to data to the US NSA. The Irish Commissioner’s investigation lasted only two months: from December 2015 to spring 2016.

Instead of deciding on the complaint, the Commissioner filed a lawsuit against Facebook and Mr Schrems (both now charged) at the Irish Supreme Court in 2016, in order to put further questions to the CJEU. After more than six weeks of hearings mainly held in 2017, the Irish Supreme Court found that the US government is dealing with the “mass processing” of European citizens’ personal data and has submitted eleven questions to the CJEU for the second time in 2018. The CJEU is now called upon to answer these questions.

Next steps

The CJEU reported the case in case C-311/18 and a second hearing was held on 9 and 10 July 2019 – about six years after the filing of the original complaint. The decision is expected  to be issued before the end of the year. Following the CJEU’s decision, the Irish Commissioner will eventually have to decide on Mr Schrems’s complaint. The decision can again be contested by Facebook or Mr. Schrems.

Homo Digitalis is particularly happy, as Ms. Mariliza Baka, a member of our organization and trainee lawyer at noyb, is currently in the European Court of Justice in Luxembourg and is attending the case.

We will provide you with news on this important case.

The noyb team at the Court of Justice of the European Union. First from the right is Ms. Mariliza Baka

On Wednesday 26 June 2019, Homo Digitalis had the great honor and pleasure to participate in European Commission’s first AI Alliance Assembly in Brussels.

The Alliance enables actors from the world over to interact with the European Commission’s High Level Expert Group on AI, to comment on the deliverables of this group and to engage in educational and social events throughout Europe.

Our organization has been a member of the Alliance since its early days in June 2018.

During the event, the launch of the Piloting Process of the Expert Group’s Artificial Intelligence Guidelines was announced, while its new deliverable, “Policy and Investment Recommendations for trustworthy Artificial Intelligence” was published.

Our organization recognizes the contribution of these deliverables for the development of the systems that use technologies that are part of the broad and vague term of “Artificial Intelligence”. However, we seek the immediate resolution of the issues arising from the use of such systems in favor of the Rights and Freedoms of EU residents through concrete actions and implementation of legislative measures.

You can learn more about the event and watch videos recorded in the event here.

The European Union Agency for Fundamental Rights (‘FRA’) published its new report on Human Rights on June 6.

The report summarizes and analyzes the most significant developments in the field of Human Rights in 2018 in the European Union and includes specific proposals and suggestions for action.

One of the most important pillars of the report that is of particular interest is Chapter Seven (7), which specifically is related to information society and privacy and personal data protection issues.

In this year’s edition of the report, Chapter Seven focuses on the implementation of the GDPR provisions, on developments in artificial intelligence and cyber-security, on case-law/legislation developments on the preservation of electronic communications metadata, and on cross-border access to data related to law enforcement authorities.

The report also includes chapters related to: the EU Charter of Fundamental Rights and its use by the Member States, equality and non-discrimination, racism, xenophobia and related forms of intolerance, Roma inclusion, asylum, borders and immigration, children’s rights, access to justice and the implementation of the UN Convention on the rights of the people with disabilities.

On June 11, FRA published its new study on Artificial Intelligence. The study focuses on the importance of data quality used by mechanical learning algorithms for automated decision making.

At the beginning of this week, our organisation had the great pleasure and honour to participate in the conference organised by the European Network and Information Security Agency (“ENISA”), under the title: “Artificial intelligence: An opportunity for the EU cyber-crisis management”.

At this conference, we had the pleasure to exchange ideas and opinions with specialists from Greece and abroad, representatives of the institutions and bodies of the European Union, Academics and private operators.

You can see the full program of the Conference here.

We want to wholeheartedly thank the organisers of the Conference for this event, which was free of charge and of high level of quality. It is of paramount importance such actions to take place in Greece so as to enhance the dialogue between the involved stakeholders and to forge significant partnerships.

In May 2019, our organisation had the pleasure to participate in events of high importance in Europe and the United States of America; there we discussed, exchanged points of views and concerns regarding the protection of Human Rights with academics and representatives of important organisations of civil society.

At the beginning of May, we attended  the two-day seminar in Vienna, which was organised by noyb and Access Now under the auspices of Digital Freedom Fund on the implementation of the provisions of GDPR.

In mid-May, we had the pleasure to participate in CopyrightX Summit held by Harvard Law School and its Research Center Berkman Klein Center about the arising challenges in relation to intellectual property rights through the use of new technologies, and to attend the presentation of the investigator’s David Weinberger book “Everyday Chaos”, which concerns the influence of Artificial Intelligence on the development and establishment of modern societies.

We, also, participated in the TILTing Perspectives 2019 Conference, organised by the Research centre of Tilburg Institute for Law, Technology, and Society (TILT) in the Netherlands. This specific three-day conference takes place every two years and is one of the most important academic events for law and new technologies researchers.

At the end of May, we accepted the invitation to attend the international conference “Malta Al and Blockchain Summit”, which brings together a large number of private operators and addresses the recent trends and the new technological advancements in the field of Artificial Intelligence and Blockchain.

May of 2019 was, for sure, a month of major events and meetings, during which common strategies have been designed and cooperations have been forged between our organisation and various well-known private organisations for the future.

Stay tuned for more news!