We submitted our views to the European Commission’s public consultation on Article 30(5) GDPR
Yesterday, Homo Digitalis submitted its views as part of the European Commission’s public consultation on Article 30(5) of the GDPR.
In our submission, we call on the Commission to withdraw the proposed amendment and stress the need to ensure that the GDPR is not reopened or modified through broader deregulatory initiatives. The priority must remain on the effective application and enforcement of the existing framework, rather than on reducing the safeguards that are essential for protecting fundamental rights in the digital age.
You can read our full position here.
We filed a complaint against Alphabet before the European Commission under the provisions of the DMA, together with five organizations.
European Digital Rights, ARTICLE 19, Free Software Foundation Europe (FSFE), Gesellschaft für Freiheitsrechte e.V., Vrijschrift.org, and Homo Digitalis filed a formal complaint against Alphabet Inc. under the Digital Markets Act (DMA) before the European Commission.
Despite the DMA’s clear gatekeeper rules:
On Android, users still cannot truly uninstall Google’s pre-installed apps; they can only disable them, which leaves them on the device. Yet Alphabet misleads users by claiming this is the same as removing an app. It is not.
The disable option is buried deep in the settings and, when users do find it, Android displays vague and intimidating warnings that discourage them from switching to alternative apps, making it harder to move away from Google’s ecosystem.
We are facing a textbook case of deceptive design, which restricts user choice and reinforces Alphabet’s gatekeeper position.
With our complaint, we call on the European Commission to investigate Alphabet’s practices and order the company to fully respect end-user rights under the DMA.
You can read our complaint on EDRi’s website here.
Homo Digitalis contributes to two EU consultations on the Data Strategy and high-risk AI systems
Last Friday, July 18th, Homo Digitalis submitted detailed input to two public consultations launched by the European Commission.
The first consultation focused on collecting targeted input from stakeholders regarding the implementation of the AI Act (2024/1689) rules for high-risk AI systems. According to Article 6(5) of the AI Act, the Commission must publish guidelines on the practical implementation of the high-risk classification rules by February 2, 2026, accompanied by a list of practical examples of both high-risk and non-high-risk AI systems. Additionally, Article 96(1)(a) requires the Commission to provide guidelines on the application of obligations and responsibilities for high-risk AI systems, including those across the AI value chain, as defined in Article 25. In its submission, Homo Digitalis provided practical examples of AI systems from Greece and other countries, and highlighted key issues that should be clarified in both the classification and compliance guidelines.
The second consultation addressed the EU Data Strategy. Its three goals are to: 1) boost investment in data technologies and promote data sharing through voluntary or funded initiatives; 2) streamline existing rules and develop data tools to reduce administrative burdens; and 3) shape an international data strategy that ensures safeguards for data transfers outside the EU and encourages data inflows into the EU.
In its response, Homo Digitalis raised strong concerns about potential undermining of personal data protection under the pretext of simplification, flexibility, and competitiveness. The organisation reaffirmed its position that fundamental rights must be strengthened through the use of new technologies and rejected the framing of existing legal frameworks as a barrier to innovation. According to Homo Digitalis, the challenges lie primarily in the lack of enforcement and resources, not the laws themselves.
You can read our full submission for the first consultation here.
We thank the drafting team, Stavrina Chousou, Niki Georgakopoulou, Sofia Antonopoulou, and Eleftherios Chelioudakis, for their valuable contributions.
You can read our full submission for the second consultation here, edited by our Executive Director, Eleftherios Chelioudakis.
We sent an open letter to the EU calling for a reassessment of Israel’s adequacy decision under the GDPR
Together with European Digital Rights, Access Now, and 16 other civil society organizations, we submitted a second open letter to the European Commission, urging it to urgently reassess Israel’s adequacy status under the GDPR.
Since the Commission reconfirmed Israel’s status in January 2024, the situation has only deteriorated:
Escalating human rights violations in Gaza and the West Bank
Expansion of surveillance systems and biometric repression
Legal reforms undermining oversight of personal data processing
Ongoing data flows to Israeli companies with ties to security services
Use of AI-driven targeting systems in a context where the International Court of Justice has found plausible genocide
Application of Israeli law to occupied territories, in breach of the EU’s own policy
This is not just about technical compliance. It is about whether the EU’s data protection framework can credibly uphold fundamental rights, and whether data originating in the EU is being used to facilitate unlawful practices.
Read the letter here.
We submitted our views to the European Commission’s public consultation on Article 28 of the DSA
On June 13, Homo Digitalis submitted its responses to the European Commission’s Public Consultation regarding the guidelines for the protection of minors online, within the framework of Article 28 of the Digital Services Act.
The responses to the questionnaire were accompanied by a study, which provided a more detailed explanation of the relevant proposals and concerns.
The editorial team for this action consisted of Stavrina Chousou, Anastasios Arampatzis, Alkmιnι Gianni, Kalliroi Grammenou, and Lamprini Gyftokosta.
You can read the responses to the questionnaire here.
You can read the study here.
I HAVE RIGHTS and Homo Digitalis Publish Report on the Situation in the Samos Closed Controlled Access Centre (CCAC) One Year After the Fine Issued by the Hellenic Data Protection Authority for KENTAURUS and HYPERION Systems
The Hellenic Ministry of Migration (MoMA) continues to violate data protection rights of asylum seekers in the Samos Closed Control Access Centre (CCAC), I Have Rights and Homo Digitalis said in a report released today.
The report, titled “They Never Tell Us Anything”: Ongoing Data Rights Violations in the Samos CCAC analyses the implementation of a compliance order issued by the Hellenic Data Protection Authority (HDPA) in April 2024. In this historic ruling, the HDPA had found that MoMA’s use of surveillance technologies in reception facilities across Greece, including biometric access systems and surveillance infrastructure tools violates EU data protection laws (GDPR).
Ten months after the passing of the implementation period in July 2024, the report finds that MoMA has failed to comply with the order. “The ongoing violations of data protection rights in the Samos CCAC are emblematic of a system where control and surveillance are prioritised over the rights of those seeking protection” said Réka Rebeka Rósa, Legal and Team Coordinator at I Have Rights. “The European Union should press Greek authorities to address prevailing rights violations. Otherwise, these violations risk becoming a blueprint for further (digital) rights abuse of people on the move across Europe.”
The Samos CCAC opened in September 2021 as the first of the now existing five facilities in Greece, following an agreement between the European Commission and the Greek Government in 2020. Since its opening, NGOs, international human rights experts and people held in the facility have consistently raised concerns about the facility’s securitised infrastructure, de facto detention practices, and inadequate living conditions.
These concerns are exacerbated by the overall lack of transparency in the Greek asylum procedure and opaque surveillance system in the Samos CCAC.
As one client explained about the intransparency of biometric data collection: “No, no one explains it. They only take fingerprints and take us from one place to another, and we do it without knowing why. There is no person to explain what is happening.”
Greece has legal and moral obligations to uphold fundamental rights and data protection rights of asylum seekers, as enshrined in the European Charter of Fundamental Rights and GDPR. The European Union, in particular the European Commission – given its central role in conceptualising, financing, operating, and monitoring the CCACs in Greece – bears responsibility to ensure that these standards are fully respected. “The continued lack of GDPR compliance, in terms of transparency and accountability in the deployment of the Centaur and Hyperion surveillance systems, at the Samos CCAC reflects a disturbing erosion of the fundamental rights. By failing to meet even the basic requirements of data protection in practice, MoMA is reinforcing a dangerous trend of surveillance-driven border management that dehumanizes people on the move” said Eleftherios Chelioudakis, Executive Director at Homo Digitalis.
Article 77 of the AI Act: 6 months after the designation of the Fundamental Rights Authorities
On the first official deadline set by the Artificial Intelligence Regulation (AI Act), it required member states to appoint one or more authorities in accordance with Article 77 for the protection of fundamental rights by November 2, 2024.
Today, May 2, 2025 — six months after the deadline — 25 out of the 27 European countries have appointed a total of 210 authorities, a number that seems staggering and at the same time sends a strong message about how seriously these countries take the issue of fundamental rights. But does it reflect reality?
With this brief study, we aim to provide answers to the following questions:
What is the purpose of Article 77 of the AI Regulation?
Which authorities have been appointed by the member states to date?
What powers does the AI Regulation actually grant to these regulatory authorities, and what obligations arise from Article 78 of the AI Regulation regarding the confidentiality of information?
Who are the four national authorities that have taken on this role, what are their existing and new powers under the AI Regulation?
Through a case study, our Director on Fundamental Rights and AI, Lamprini Gyftokosta, attempts to explore how these authorities will cooperate, while also raising some questions that will undoubtedly concern us over time.
You can read our study here (EL).
We publish our 4th Study on the AI ACT – Comparative overview of the provisions on the rights of affected individuals
Today, April 11, 2025, Homo Digitalis publishes its fourth study on the provisions of Regulation 2024/1689 on Artificial Intelligence (AI), widely known as the AI Act.
This study focuses on the right to explanation and the right of individuals not to be subject to automated decision-making.
Specifically, the use of artificial intelligence systems for making automated decisions is continuously expanding in both the public and private sectors, with significant impacts on the individuals subjected to them.
Therefore, this study examines the legal remedies available to individuals affected by decisions made through the use of AI. The analysis focuses on the right to an explanation of individual decision-making as provided in Article 86 of Regulation 2024/1689. However, since the protection of affected individuals is not limited solely to these provisions, the analysis extends to the right to contest individual decision-making, which—under appropriate interpretation—is based on Article 22 of Regulation 2016/679, known as the GDPR.
The study’s authors are two distinguished legal professionals and volunteer members of Homo Digitalis: Maria-Evangelia Konstantopoulou and Stratygia-Danai Skevi (listed alphabetically).
You can read our 4th study here.
We remind you that we have published three previous studies on Regulation 2024/1689 and its transposition into the Greek legal order: in October (impact assessment on fundamental rights), November (AI governance and competent supervisory authorities), and December (prohibited practices) of 2024, respectively.
This intensive effort aims to contribute constructively to the public dialogue in Greece and at the EU level in the field of artificial intelligence, and it is the result of significant support from the European Artificial Intelligence & Society Fund.
Read the Pocket Guide on Protecting Your Privacy During Protests
Today, Friday, February 28, marks two years since the Tempi train tragedy. Strikes and work stoppages have been organized across Greece and abroad to honor the memory of the 57 victims, demand justice, and hold those responsible accountable.
But what about your devices and personal data? How can you take steps to protect them during a protest?
Homo Digitalis, in collaboration with Software Makers, a nonprofit organization based in Heraklion, Crete, has translated and adapted the Electronic Frontier Foundation’s (EFF) Pocket Guide to Greek legal and practical realities. The guide provides essential steps to take before, during, and after a protest to help you safeguard both yourself and your data.
We stand in solidarity and offer our unwavering support!
The guide is available for download and printing here.