Homo Digitalis spoke at the Tech & Society Summit in Brussels
Last Tuesday 1/10, Homo Digitalis was in Brussels, participating at the Tech and Society Summit co-organised together with the European Digital Rights and more than other 40 organisations!
This event aimed to bring civil society’s voices to the forefront of EU’s digital policy debates. Together we are building this space to create a bridge between digital rights organisations and new policymakers to achieve accountable, people-focused policies that advance everyone’s digital rights.
Eleftherios Chelioudakis, represented us in the Summit speaking at the session “Visionary Round-table: Building an EU Digital Enforcement Strategy” organised by BEUC – The European Consumer Organisation and moderated by European Digital Rights’ Itxaso Domínguez de Olazábal! It was a unique opportunity for us to share our enforcement actions aiming at facilitating redress of harmed individuals in Greece!
Also, we actively participated in the Round-table Fundamental Rights in focus: Joint efforts for Spyware Regulation in the EU, organised by Centre for Democracy & Technology Europe and Amnesty International, sharing insights from the latest developments of the PREDATOR scandal in Greece and the related legislative initiatives of the Greek State.
We would like to sincerely thank the organizers for inviting Homo Digitalis to participate and share our views and actions on these important topics!
We prepared an explanatory video on the Greek DPA's Decision on the new ID cards
On Monday 23/9 the Hellenic Data Protection Authority (DPA) issued Decision 32/2024, which relates to the new identity cards for Greek citizens.
The Authority found deficiencies regarding the provision of general information to data subjects, and further found that the required data protection impact assessment was carried out late and deficient. For these reasons, it imposed an administrative fine of EUR 150,000 on the Ministry of Citizen Protection, as controller, for the above infringements, while at the same time it issued a compliance order to the Ministry within six months. Finally, the Authority pointed out the obligation to update and codify the legal framework regarding the details of the new type of identity cards for Greek citizens.
The Decision 32/2024 of the Hellenic Data Protection Authority is available here.
The Homo Digitalis team has prepared a short explanatory video in plain language to highlight some important points of this Decision.
The video is available here.
We co-organize and participate in the Tech & Society Summit in Brussels
The Tech and Society Summit is approaching and will take place on Tuesday, 1st October in Brussels! This exciting conference, co-organized by EDRi in collaboration with Homo Digitalis and over 40 other organizations, will bring together leading experts, policymakers, and human rights advocates to discuss the intersection of technology and societal impacts in Europe. The summit will cover critical issues, ranging from digital rights and climate change to AI regulations, contributing to the shaping of a fair and equitable digital future for all.
We are excited that Eleftherios Chelioudakis will represent Homo Digitalis as a speaker at the session Visionary Roundtable: Building an EU Digital Enforcement Strategy. With important laws such as the Digital Markets Act (DMA), Digital Services Act (DSA), and AI Act, Eleftherios will highlight the actions of Homo Digitalis, discussing how these regulations can effectively protect rights and boost Europe’s competitiveness in the digital space.
Additionally, Homo Digitalis has been invited to participate in the session Fundamental Rights in Focus: Joint Efforts for Spyware Regulation in the EU, co-organized by the Centre for Democracy & Technology Europe (CDT Europe) and Amnesty International. In this session, key policymakers and civil society representatives will meet to explore ways to regulate spyware in the EU, and we will discuss our experiences from the latest related developments in Greece.
You can read more about the Tech and Society Summit and view its program here.
Statements by Homo Digitalis in Kathimerini on speech recording and online advertising
Journalist Giannis Papadopoulos in his article for Kathimerini newspaper discusses the recent revelations about the “Active Listening” function of the advertising company Cox Media Group.
Specifically, in a corporate presentation trying to promote this feature to its customers, Cox Media Group claimed that it could “eavesdrop” on conversations of users of mobile phones and other smart devices and with the help of artificial intelligence create targeted ads. The Company’s existing customer base includes major technology companies, including Facebook, Google and Amazon.
Lamprini Gyftokosta and Eleftherios Chelioudakis provided statements for Homo Digitalis to the reporter regarding both mobile phone settings and the challenges that arise in protecting the personal data and privacy of users through the dark patterns used by the tech giants.
We are very grateful to the journalist for his interest in our posts. You can read his article here.
In a related article-opinion hosted by Kathimerini newspaper and co-authored by Lillian Mitrou, Professor at the University of the Aegean and Vassilis Karkatzounis, PhD candidate at the University of the Aegean, important observations are provided regarding the challenges arising from the application of legislation in the complex environment of online advertising. You can read the article here.
Finally, we recall that as early as 2020, Homo Digitalis has already taken strategic legal action at the European level with our complaints against Google and IAB Europe in the context of their intrusive practices of targeted behavioural advertising. Our cases are pending before the Irish and Belgian authorities respectively and we expect decisions on these cases to be issued shortly. You can read more here.
We call on the Greek DPA to investigate the Ministry of Interior for the use of artificial intelligence algorithms for the reallocation of employees in the public sector
On 9 July Homo Digitalis filed a request (no. 5812/9.7.2024) before the Greek Data Protection Authority, in order for the latter to exercise its investigative powers against the Ministry of Interior.
In particular, following the Authority’s Decision 16/2024 in April 2024, by which it had imposed a record fine of 400,000 euros on the Ministry of Interior for significant breaches of data protection legislation, the Ministry is again in the spotlight, this time for the artificial intelligence tool it is developing for strategic staffing planning in the public sector.
The tool concerns the reallocation of existing staff and the estimation of the needs for new staff, while it will be piloted in 9 public sector institutions, namely the Development Programmes Organisation and Management Unit, the Independent Public Expenditure Authority, the Public Employment Service, the Athens General Hospital “G. Gennimatas Hospital, the Municipality of Thessaloniki, the Region of Attica, the Ministry of Education and Religious Affairs, the Ministry of Environment and Energy and the Ministry of Culture and Sports.
The project is expected to be completed in December 2025, at a cost of €11,708,543.
Because the tool needs to include functionalities for the collection, management and analysis of personal data, Homo Digitalis had filed a letter on 15 April 2024 before the then Minister of Interior Ms.Kerameos and the Data Protection Officer of the Ministry, in which it raised key questions regarding both the compliance required with the legislation on the protection of personal data and the legislation on the use of artificial intelligence and other emerging technologies in the public sector (Law 4961/2022). However, the Ministry did not provide any response, even after a written reminder of our request on 30 May, forcing us to address the DPA to investigate thoroughly the development, implementation and piloting of this tool and the implications for the rights of public sector employees.
You can see our request here (EL).
We give a lecture at the OSCE's three-day training seminar on the protection of human rights at the borders
The OSCE Office for Democratic Institutions and Human Rights (ODIHR) organizes next week its training course for human rights defenders working at international borders in Warsaw! The three-day training course aims to enable human rights defenders to understand the human rights implications of border technologies and to improve their skills in collecting and verifying information through various means, including new technologies, for effective human rights monitoring at borders.
On a pro bono basis, Homo Digitalis and HIAS Greece will give a lecture during the training course related to our great success with the KENTAUROS and HYPERION case!
Our lecture titled “Combating Centaurs and Titans – Leveraging Data Protection Law to Counter Intrusive Surveillance in Migration” will focus on how data protection law can be strategically employed to challenge invasive surveillance technologies used in migration. Eleftherios Chelioudakis will represent Homo Digitalis in this lecture.
We would like to thank the organizers for their kind invitation, as well as HIAS Greece for the great collaboration.
You can find more information about the OSCE Office for Democratic Institutions and Human Rights (ODIHR) here.
Centaur & Hyperion: We asked the Greek DPA whether the Ministry of Immigration & Asylum has made the necessary compliance steps
In the framework of the Decision 13/2024 of the Greek Data Protection Authority (DPA), which was posted on its website on 2/4/2024, the Ministry of Immigration and Asylum was instructed to take all necessary steps to complete its compliance with the obligations of the controller, as described in the body of the Decision, within 3 (three) months from the date of its receipt.
Given that on Tuesday 2/7/2024, 3 months were completed, we decided to send a letter to the DPA on Wednesday 3/7/2024 (ref. no. G/EIS/5662/03-07-2024) requesting to be informed whether the Authority has received any relevant information from the Ministry of Immigration and Asylum regarding the completion of its compliance, as it was obliged to do.
It remains to be seen what level of compliance has been achieved in these three months in a case that is of the utmost importance.
We spoke to the newspaper Kathimerini and journalist Yannis Papadopoulos about the leak of personal data to Christie's Auction House
On 30 May, international auction house Christie’s sent an email to its customers to inform them that their personal data had been hacked, and on 3 June a lawsuit was filed in New York for damages against the international auction house.
The journalist of Kathimerini newspaper, Yiannis Papadopoulos, wrote a detailed article on this case, and Homo Digitalis provided relevant comments, with Eleftherios Chelioudakis representing us.
We thank the journalist for his interest in our views.
You can read the article here.
We submitted important questions to the Minister of Interior, Ms Kerameos, on the project "Development and operation of a tool for the strategic planning of public sector staffing in terms of artificial intelligence" and its pilot application in 9 institutions
On April 15, Homo Digitalis submitted an electronic letter to the Minister of Interior, Ms Kerameos, regarding the Ministry’s project entitled “Development and operation of a tool for strategic planning of public sector staffing in terms of artificial intelligence”.
Our letter was communicated to the President of the Personal Data Protection Authority, Mr. Menoudakos, and to the Data Protection Officer of the Ministry of Interior, Mr. Theocharis.
More specifically, this project relates to the development and operation of a tool for the strategic planning of human resources in the public sector in terms of artificial intelligence and concerns the following axes:
– Creation of an integrated framework for strategic staffing planning (optimal allocation of existing and new staff) in the public sector (including technical specifications for the implementation and revision of existing frameworks)
– Pilot implementation in 9 Public Sector Entities and more specifically in MOD SA, AADE, OAED, Athens General Hospital “G. Municipality of Thessaloniki, Region of Attica, Ministry of Education and Religious Affairs, Ministry of Environment and Energy and Ministry of Culture and Sports,
– Design of training programmes for (a) users and (b) upgrading the skills of civil servants, and
– Development of the knowledge repository of civil servants.
According to relevant information posted on the website of the Ministry of Interior and articles in various media, the Ministry of Interior is the project manager and has already contracted with Deloitte for its preparation. In fact, according to the timetable, the work has made significant progress.
In its letter, Homo Digitalis requests information from the Minister on a number of questions regarding both the legal framework for the protection of personal data (Law 4624/2019 – GDPR), and the legal framework for the use of artificial intelligence systems by the public sector (Law 4961/2022), as the pilot implementation of the project is expected to take place immediately in the 9 institutions mentioned above.
Specifically, we put the following questions to the Minister in our letter:
-Has the Ministry of Interior carried out a data protection impact assessment before the project was announced, in accordance with the principles of data protection “already by design” and “by default”?
-Has a relevant Data Protection Impact Assessment been carried out specifically in relation to the pilot implementation of the platform in the 9 public bodies?
-If the relevant Assessments have been prepared, has the Ministry considered it necessary to consult the Data Protection Authority in this respect?
-Does the Ministry consider the 9 public bodies as joint controllers and if so, has the Ministry proceeded with the relevant obligations as set out in Article 26 GDPR?
-Can the Ministry inform us of the relevant categories of personal data, the purposes of the processing for which such data are intended, and the legal basis for the processing you intend to use?
-Can the Ministry point us to the exact website where the Ministry of Interior’s contract with Deloitte is posted so that we can study the relevant provisions contained therein, especially with regard to the processing of personal data?
-Finally, has the Ministry of Interior proceeded to comply with the obligations arising from the provisions of Law 4961/2022, and in particular has an algorithmic impact assessment been carried out (Article 5), has it taken the necessary transparency measures (Article 6), has the project contractor fulfilled their obligations in this respect (Article 7), and has the Ministry kept a register (Article 8) in view of the forthcoming pilot use of the system?