We submitted our views to the European Commission’s public consultation on Article 30(5) GDPR
Yesterday, Homo Digitalis submitted its views as part of the European Commission’s public consultation on Article 30(5) of the GDPR.
In our submission, we call on the Commission to withdraw the proposed amendment and stress the need to ensure that the GDPR is not reopened or modified through broader deregulatory initiatives. The priority must remain on the effective application and enforcement of the existing framework, rather than on reducing the safeguards that are essential for protecting fundamental rights in the digital age.
You can read our full position here.
Homo Digitalis spoke on smart farming and the AI Act
In the beginning of july, the AgriDataValue project hosted an in-depth online workshop dedicated to data privacy, legal, and ethical dimensions within the context of smart farming. Organized by Netcompany, the event brought together AgriDataValue partners, Advisory Board members, legal experts, as well as representatives from related EU-funded projects.
Homo Digitalis participated in the workshop, giving a legal presentation on the topic “Smart Agriculture from a GDPR and AI Act Perspective”. Many thanks to Ioannis Chrysakis for the kind invitation! Our Executive Director, Eleftherios Chelioudakis, represented us.
The objective of the workshop was to identify and validate key ethical, legal, social, and privacy-related topics linked to the AgriDataValue platform. It also served as an opportunity to review data flow mappings between the project’s technologies, user types, and integrated services, a vital exercise for ensuring compliance, transparency, and responsible data governance.
We spoke to the newspaper Kathimerini about the use of drones by municipalities
The municipalities of Kifisia, Agia Paraskevi, and Aigaleo have decided to deploy drones in order to protect municipal property from vandalism and to address juvenile delinquency.
In an article by journalist Alexia Kalaitzi for the newspaper Kathimerini, published in early June, Homo Digitalis provided relevant statements!
Is the use of drones by a local authority for the purpose of tackling delinquency lawful? Are citizens’ personal data protected when drones fly—sometimes in ways that may make their presence imperceptible—in public spaces, that is, in more than 150 points of interest, covering every neighborhood or even outside residents’ balconies?
Read more here.
We warmly thank the journalist for her interest in our work! Statements on behalf of Homo Digitalis were provided by our Executive Director, Eleftherios Chelioudakis.
We call the Greek DPA to temporarily block the inclusion of the Personal Number on new ID cards until the necessary risk mitigation measures are implemented!
Since June, the Hellenic Police (EL.AS.) has been issuing ID cards that display the Personal Number (P.A). for citizens who already have one. As of tomorrow, June 28, 2025, it will no longer issue an ID card to any citizen who is eligible for a P.A. but has not yet completed the required issuance process.
In its Opinion 1/2025, the Hellenic Data Protection Authority (HDPA) states that displaying the P.A. on ID cards poses risks and must therefore be accompanied by specific mitigation measures.
However, despite the fact that the Greek State proposed certain measures to the HDPA, which were approved as appropriate, it has failed to implement them, thereby exposing citizens to severe risks of identity theft.
For example, one of the proposed measures was the adoption of legal provisions prohibiting private entities from keeping photocopies of ID cards. This legislative step must be paired with coordinated and intensive public awareness campaigns to ensure that citizens know they should not allow copies of their physical ID to be retained.
At the end of its analysis, the HDPA concludes that, since the risks associated with including the P.A. on ID cards remain, once a sufficient period has passed during which mitigation measures are applied and public authorities are equipped with the necessary tools for digital reading of the P.A., the display will no longer be necessary and the obligation to display the P.A. on the ID card should be lifted.
For these reasons, on Friday, June 20, we submitted a formal request (Ref. No. Γ/ΕΙΣ/5621/20-06-2025), urging the HDPA to exercise its powers under Article 58(2)(f) of the GDPR, and impose a temporary restriction on processing, by prohibiting the display of the P.A. on ID cards until the essential mitigation measures are properly in place to address the significant risks arising from this practice.
Our request is available here (only in EL).
We sent an open letter to the EU calling for a reassessment of Israel’s adequacy decision under the GDPR
Together with European Digital Rights, Access Now, and 16 other civil society organizations, we submitted a second open letter to the European Commission, urging it to urgently reassess Israel’s adequacy status under the GDPR.
Since the Commission reconfirmed Israel’s status in January 2024, the situation has only deteriorated:
-
Escalating human rights violations in Gaza and the West Bank
-
Expansion of surveillance systems and biometric repression
-
Legal reforms undermining oversight of personal data processing
-
Ongoing data flows to Israeli companies with ties to security services
-
Use of AI-driven targeting systems in a context where the International Court of Justice has found plausible genocide
-
Application of Israeli law to occupied territories, in breach of the EU’s own policy
This is not just about technical compliance. It is about whether the EU’s data protection framework can credibly uphold fundamental rights, and whether data originating in the EU is being used to facilitate unlawful practices.
Read the letter here.
Our Joint Action with Reporters United & Vouliwatch: The Cameras at the Polytechnic Threaten Personal Data
On March 29, 2025, the National Technical University of Athens (NTUA) installed surveillance cameras at the Zografou Campus and the Patission Complex without informing the public about its data processing policy for students and staff.
On May 26, 2025, Vouliwatch, Reporters United, and Homo Digitalis jointly submitted a Freedom of Information (FOI) Request to determine whether NTUA complies with the law, the General Data Protection Regulation (GDPR), and other national regulations. A similar request was also submitted by 61 Architecture students.
NTUA may not be fully complying with Articles 12, 13, 35, and 36 of the GDPR, which ensure transparent information for data subjects, data protection impact assessments, and the obligation of prior consultation.
In our request, we explain that NTUA has not responded to student and staff inquiries about how their personal data is being processed, and we request access to the government’s confidential security plan for universities.
In our request to NTUA, we also seek to know who is being recorded by the cameras, where their data is stored, and whether this data is being shared with the Hellenic Police (ELAS).
NTUA has a deadline to respond to our request by June 15, and to the students’ request by June 19. We will continue to monitor the issue and will follow up with further reporting. Our organizations’ FOI request and information provision document is available here.
I HAVE RIGHTS and Homo Digitalis Publish Report on the Situation in the Samos Closed Controlled Access Centre (CCAC) One Year After the Fine Issued by the Hellenic Data Protection Authority for KENTAURUS and HYPERION Systems
The Hellenic Ministry of Migration (MoMA) continues to violate data protection rights of asylum seekers in the Samos Closed Control Access Centre (CCAC), I Have Rights and Homo Digitalis said in a report released today.
The report, titled “They Never Tell Us Anything”: Ongoing Data Rights Violations in the Samos CCAC analyses the implementation of a compliance order issued by the Hellenic Data Protection Authority (HDPA) in April 2024. In this historic ruling, the HDPA had found that MoMA’s use of surveillance technologies in reception facilities across Greece, including biometric access systems and surveillance infrastructure tools violates EU data protection laws (GDPR).
Ten months after the passing of the implementation period in July 2024, the report finds that MoMA has failed to comply with the order. “The ongoing violations of data protection rights in the Samos CCAC are emblematic of a system where control and surveillance are prioritised over the rights of those seeking protection” said Réka Rebeka Rósa, Legal and Team Coordinator at I Have Rights. “The European Union should press Greek authorities to address prevailing rights violations. Otherwise, these violations risk becoming a blueprint for further (digital) rights abuse of people on the move across Europe.”
The Samos CCAC opened in September 2021 as the first of the now existing five facilities in Greece, following an agreement between the European Commission and the Greek Government in 2020. Since its opening, NGOs, international human rights experts and people held in the facility have consistently raised concerns about the facility’s securitised infrastructure, de facto detention practices, and inadequate living conditions.
These concerns are exacerbated by the overall lack of transparency in the Greek asylum procedure and opaque surveillance system in the Samos CCAC.
As one client explained about the intransparency of biometric data collection: “No, no one explains it. They only take fingerprints and take us from one place to another, and we do it without knowing why. There is no person to explain what is happening.”
Greece has legal and moral obligations to uphold fundamental rights and data protection rights of asylum seekers, as enshrined in the European Charter of Fundamental Rights and GDPR. The European Union, in particular the European Commission – given its central role in conceptualising, financing, operating, and monitoring the CCACs in Greece – bears responsibility to ensure that these standards are fully respected. “The continued lack of GDPR compliance, in terms of transparency and accountability in the deployment of the Centaur and Hyperion surveillance systems, at the Samos CCAC reflects a disturbing erosion of the fundamental rights. By failing to meet even the basic requirements of data protection in practice, MoMA is reinforcing a dangerous trend of surveillance-driven border management that dehumanizes people on the move” said Eleftherios Chelioudakis, Executive Director at Homo Digitalis.
We co-sign an CSO Open Letter on the proposed GDPR Procedural Regulation
As the trilateral negotiations at the EU level continue regarding the proposed regulation on additional procedural rules for the enforcement of the GDPR, we, together with European Digital Rights and 34 other Civil Society organizations, join our voices in an open letter to lawmakers!
We urge them to prioritize strong enforcement mechanisms that ensure individuals can effectively exercise their rights while highlighting the systemic weaknesses in the enforcement of GDPR provisions.
Read the open letter here.
Interview of Our President at Women in Digital
Elpida Vamvaká, President of Homo Digitalis and General Legal Counsel at Papaki, spoke to Women in Digital about the need to protect digital rights in Greece, the importance of technology that places people at the center, and the ways in which artificial intelligence can operate responsibly and ethically.
With a focus on the challenges of cybersecurity, the importance of education, and the promotion of gender equality in the tech field, Elpida highlights her vision for a fair, sustainable, and inclusive digital society in her interview. You can read her interview here.
Women In Digital is the editorial and conference initiative of Smarpress. The foundation was laid with the first Women In Digital conference on 8/3/21, where 40 prominent “strong women” from Technology, IT, Startups, and Digital Marketing took the stage. Readers can follow the content through the monthly newsletter or the dedicated website. WID draws its topics from the work of women, both Greek and international, who are active in the STEM sector or apply their digital skills in more traditional fields.