Civil Society Demands: EU Commission Must Close e-ID Loopholes!
The final technical design of the European Digital Identity Wallet is currently under negotiation. These blueprints will have a big impact on whether or not users will be sufficiently protected when using Europe’s upcoming digital identity system. In concrete terms, this is currently being negotiated in the eIDAS implementation acts between the EU member states and the European Commission.
The positive changes in the first batch of technical rules show: Civil society works! Together with 15 organisations we thank the negotiators and acknowledge these significant improvements for privacy and human rights safeguards. The most recent proposals, however, still have some severe privacy and transparency problems that we address in our open letter to the European Commission.
What is the problem?
The eIDAS regulation lays out concrete rules for those companies and government agencies who want to access personal information from citizens’ Wallets. This could be for example an online platform, a public transport company or your doctor. It obliges these so-called “relying parties” to register their intended use of the Wallet, that is which attributes they intend to request from users. The regulation also prohibits them from asking information that goes beyond their registration. This could mean for example that, according to its registration, an online shop is only allowed to ask for your name and address but not your birth date or other information. A porn platform might use the Wallet to verify your age, but couldn’t obtain not any other information about you or use other means to track your behaviour.
To protect everyone from such illegal requests, the EU’s Digital Identity Wallet needs to know what personal information a relying party is actually allowed to access. The EU Commission, however, proposes a loophole which would leave it to the Member State that registered the relying party to decide whether the Wallet knows about the contents of the registration or not. This would allow Facebook Ireland to circumvent the protections and ask European users for everything. Furthermore, the public register of relying parties risks being useless without harmonised specifications on how to access it and what results to expect. Ultimately, the trust we will put in the Wallet will depend on the protections and transparency that we can rely on.
15 Organisations demand: The Commission’s Loopholes Must be Closed!
If these loopholes remain, this would have disastrous consequences. Any discrimination based on illegal access to attributes in the Wallet (health, gender, income, etc.) would be unchecked. Given the track record of lax data protection enforcement in countries like Ireland, companies like Facebook Ireland would likely have a wildcard certificate, virtually empowering them to request any data they want. Member States dedicated to protecting their users from illegal requests (e.g. Germany, the Netherlands, Spain or Austria), on the other hand, would be incapable of doing so.
We therefore ask the Commission to make relying party registration certificates mandatory for all relying parties and to issue a harmonized specification to access the relying party registry of each Member State.
Joint Statement on the Upcoming European Commission Guidelines on Prohibited Practices of the AI Act
We are publishing a joint statement on the upcoming European Commission Guidelines on Prohibited Practices of the AI Act.
On December 11, 2024, the European Commission completed its public consultation on the interpretation of the definition of an AI system and on prohibited AI practices, in accordance with the provisions of Regulation 2024/1689 (AI Act). Homo Digitalis participated in the related process.
In the context of the issuance of the expected guidelines by the Commission, concerns remain about potential gaps that could jeopardize fundamental rights. For this reason, and together with more than 25 civil society organizations, academics, and other experts, we are issuing a statement today, urging the AI Office and the European Commission to ensure specific demands.
You can read our joint statement here.
We Publish Our Third Study on the AI Act, Focusing on Article 5 & Prohibited Practices
Today, Homo Digitalis publishes its third study on Regulation 2024/1689, the now widely known AI Act, titled “Artificial Intelligence Act: Analysis of Provisions on Prohibited Practices in Article 5 of Regulation 2024/1689.”
The authors of this study are Sophia Antonopoulou, Lamprini Gyftokosta, Tania Skrapaliori, Eleftherios Chelioudakis, and Stavroula Chousou.
The aim of this Homo Digitalis analysis is to systematically approach each provision of Article 5 of the AI Regulation, related to Manipulative or deceptive techniques, Exploitation of vulnerabilities, Assessment of social behavior, Facial recognition database use, Prediction of criminal offenses, Emotion detection,Biometric categorization systems, and Remote biometric identification.
With our study, we provide targeted questions highlighting the critical aspects of individual provisions, identifying the so-called “gray areas”—points that present ambiguities, overlaps, or potential interpretative challenges. We substantiate our concerns with specific examples and pose precise questions to be addressed by the upcoming guidelines of the European Commission’s AI Office and the national legislator.
As with our first two studies (published in October and November 2024, respectively), our third study also aims to support the Ministry of Digital Governance in its mission to transpose the AI Act into Greek legislation. Additionally, through our detailed analyses and arguments, we aim to contribute to the maturation of public discourse and empower more Civil Society organizations to actively participate in it.
You can read our study, “Artificial Intelligence Act: Analysis of Provisions on Prohibited Practices in Article 5 of Regulation 2024/1689,” (available in EL) here.
Homo Digitalis participated in AI Office’s consultation on Prohibited Practices under the AI Act
In November 2024, the European Commission’s Artificial Intelligence (AI) Office launched a consultation on AI Act prohibitions and AI system definition.
The guidelines under development will help national competent authorities as well as providers and deployers in complying with the AI Act’s rules on such AI practices ahead of the application of the relevant provisions on 2 February 2025.
Homo Digitalis participated in this public consultation process by submitting our input, in an attempt to highlight challenges and provide further clarity on practical aspects and use cases.
The authors’ team of our public consultation is composed of our Director on Human Rights & Artificial Intelligence, Lamprini Gyftokosta and our members Sophia Antonopoulou and Stavrina Chousou.
You can read our input here.
Stay tuned, since our dedicated report on the AI Act and its provisions on Prohibited Practices is to be published soon!
Homo Digitalis participates in the European Commission Plenary meeting on the AI Act
September ended with important meetings for Homo Digitalis in the context of the European Regulation on Artificial Intelligence (AI Act) at European level!
Specifically, on September 30th we participated online in the first meeting organized by the AI Office of the European Commission regarding the development of a Code of Practice for General-Purpose AI Systems “Kick-off Plenary: Code of Practice for General-Purpose AI”.
Homo Digitalis has been selected to participate in the relevant working groups that will be formed in order to collaborate with Civil Society organisations and other stakeholders in the coming months in this mission to develop this Code.
We were represented at the online meeting by our Director for AI and Human Rights Lamprini Gyftokosta and our co-founder Eleftherios Chelioudakis.
We co-organize and participate in the Tech & Society Summit in Brussels
The Tech and Society Summit is approaching and will take place on Tuesday, 1st October in Brussels! This exciting conference, co-organized by EDRi in collaboration with Homo Digitalis and over 40 other organizations, will bring together leading experts, policymakers, and human rights advocates to discuss the intersection of technology and societal impacts in Europe. The summit will cover critical issues, ranging from digital rights and climate change to AI regulations, contributing to the shaping of a fair and equitable digital future for all.
We are excited that Eleftherios Chelioudakis will represent Homo Digitalis as a speaker at the session Visionary Roundtable: Building an EU Digital Enforcement Strategy. With important laws such as the Digital Markets Act (DMA), Digital Services Act (DSA), and AI Act, Eleftherios will highlight the actions of Homo Digitalis, discussing how these regulations can effectively protect rights and boost Europe’s competitiveness in the digital space.
Additionally, Homo Digitalis has been invited to participate in the session Fundamental Rights in Focus: Joint Efforts for Spyware Regulation in the EU, co-organized by the Centre for Democracy & Technology Europe (CDT Europe) and Amnesty International. In this session, key policymakers and civil society representatives will meet to explore ways to regulate spyware in the EU, and we will discuss our experiences from the latest related developments in Greece.
You can read more about the Tech and Society Summit and view its program here.
Homo Digitalis participates in the European Commission's Open Consultation on General-Purpose AI
Yesterday, 18/9 Homo Digitalis submitted its responses to the European Commission’s Open Consultation under the title “FUTURE-PROOF AI ACT: TRUSTWORTHY GENERAL-PURPOSE AI”. The consultation covered issues concerning the future implementation of the AI ACT legislation and how to make the use of General-Purpose AI models trustworthy.
Homo Digitalis’ position paper on the Consultation was prepared by our organisation’s AI & Human Rights Director, Lamprini Gyftokosta and our member Tania Skrapaliori
You can read our statement here.
The European Union must keep funding free software
Open Letter to the European Commission.
Since 2020, Next Generation Internet (NGI) programmes, part of European Commission’s Horizon programme, fund free software in Europe using a cascade funding mechanism (see for example NLnet’s calls). This year, according to the Horizon Europe working draft detailing funding programmes for 2025, we notice that Next Generation Internet is not mentioned any more as part of Cluster 4.
NGI programmes have shown their strength and importance to supporting the European software infrastructure, as a generic funding instrument to fund digital commons and ensure their long-term sustainability. We find this transformation incomprehensible, moreover when NGI has proven efficient and economical to support free software as a whole, from the smallest to the most established initiatives. This ecosystem diversity backs the strength of European technological innovation, and maintaining the NGI initiative to provide structural support to software projects at the heart of worldwide innovation is key to enforce the sovereignty of a European infrastructure.
Contrary to common perception, technical innovations often originate from European rather than North American programming communities, and are mostly initiated by small-scaled organizations.
Previous Cluster 4 allocated 27 million euros to:
- “Human centric Internet aligned with values and principles commonly shared in Europe” ;
- “A flourishing internet, based on common building blocks created within NGI, that enables better control of our digital life” ;
- “A structured ecosystem of talented contributors driving the creation of new internet commons and the evolution of existing internet commons”.
In the name of these challenges, more than 500 projects received NGI funding in the first 5 years, backed by 18 organisations managing these European funding consortia.
NGI contributes to a vast ecosystem, as most of its budget is allocated to fund third parties by the means of open calls, to structure commons that cover the whole Internet scope – from hardware to application, operating systems, digital identities or data traffic supervision. This third-party funding is not renewed in the current program, leaving many projects short on resources for research and innovation in Europe.
Moreover, NGI allows exchanges and collaborations across all the Euro zone countries as well as “widening countries” [1:1], currently both a success and an ongoing progress, likewise the Erasmus programme before us. NGI also contributes to opening and supporting longer relationships than strict project funding does. It encourages implementing projects funded as pilots, backing collaboration, identification and reuse of common elements across projects, interoperability in identification systems and beyond, and setting up development models that mix diverse scales and types of European funding schemes.
While the USA, China or Russia deploy huge public and private resources to develop software and infrastructure that massively capture private consumer data, the EU can’t afford this renunciation.
Free and open source software, as supported by NGI since 2020, is by design the opposite of potential vectors for foreign interference. It lets us keep our data local and favors a community-wide economy and know-how, while allowing an international collaboration.
This is all the more essential in the current geopolitical context: the challenge of technological sovereignty is central, and free software allows addressing it while acting for peace and sovereignty in the digital world as a whole.
We participated in European Commission’s roundtable on the DSA enforcement
Last Monday, the 8th of July, Homo Digitalis was invited to participate in the European Commission’s Roundtable on the implementation of the Digital Services Act.
During the roundtable, the European Commission presented an updated of the various steps taken on DSA enforcement so far, highlighting how Civil Society Organizations can act as an important ally in this field. Also, the EC provided an updated on the A.28 Guidelines with regard to the Protection of Minors.
Next, the CSOs that participated in the roundtable had the opportunity to share with the European Commission their current activities, expertise and project capacities in key areas of the implementation of the DSA and exchange views on activities and plans.
We would like to thank the European Commission for this important opportunity to engage with CSOs and their kind invitation to participate in this roundtable. It remains to be seen if national authorities at Greek level, will follow a similar approach and invite Homo Digitalis and other CSOs to a fruitful dialogue with regard to the enforcement of the DSA and the Greek Law 5099/2024.
Our team was represented in the roundtable by Eleftherios Chelioudakis.