From Secrecy to Transparency: The Five-Year Battle for the Publication of Police Camera Operation Decisions
Strategic legal action takes time, but its outcomes benefit society as a whole, strengthening public trust in institutions.
In December 2020, Homo Digitalis, in collaboration with Reporters United and The Press Project, formally requested access to the Hellenic Police’s decisions regarding the operation of drones and other portable cameras in public spaces, as stipulated in Article 12 of Presidential Decree 75/2020. Despite the legal obligation to publish these decisions publicly, the police refused access, disregarding the transparency required by law.
A few months later, in May 2021, we filed a joint complaint before the Hellenic Data Protection Authority (HDPA), citing repeated non-compliance by the police—at least 67 times over a short period. The HDPA launched an investigation into the legality of these practices.
In early 2024, we submitted a request for access to HDPA documents to better understand the progress of the investigation. Correspondence between the Hellenic Police and the HDPA revealed that, even as of March 2024, the police continued to argue that Presidential Decree 75/2020 did not require them to publish camera operation decisions, despite the HDPA’s opposing view.
Yesterday, through a report by journalist Giannis Bazaios in Efimerida ton Syntakton, we learned that such a decision had been published on the Hellenic Police’s website. Indeed, upon verification, we found that as of February 17, 2025, the police had changed their practice and begun publishing these decisions as required by law. The report was published today online here.
From the initial refusal in 2020, it took five years for this change to be implemented. We now eagerly await the final decision of the HDPA and the conclusion of its investigation, which will establish a definitive framework for transparency and accountability within law enforcement.
What’s Happening with the 1,000 Smart Policing Devices of the Hellenic Police, Five Years After Our Complaint to the Hellenic Data Protection Authority ?
What is the status of the 1,000 portable smart policing devices used by the Hellenic Police as part of the Smart Policing program, which incorporate artificial intelligence technologies and cost €4 million? (Spoiler alert: the news is not good!)
Journalist Eftychia Soufleri has written a detailed article for NEWS247.gr (THE MAGAZINE) shedding light on the case and highlighting the key actions taken by Homo Digitalis since 2019. Our Executive Director, Eleftherios Chelioudakis, provided statements on behalf of our organization.
Significant Revelations Emerge for the First Time!
According to the report, despite the absence of any legal framework allowing their use, the Hellenic Police:
-
Claims to have been using the devices operationally since 2021, even though the Hellenic Data Protection Authority (HDPA) has been investigating the matter since August 2020 and continues to do so today.
-
Confirms that it fully utilizes the biometric processing capabilities of these devices (facial recognition, fingerprint identification).
-
Validates what was outlined in the 2018 technical specifications document, namely that the devices are used for “preventive policing”, with the collected data potentially being used in the future to establish correlations, conclusions, and predictive analytics.
Awaiting the HDPA’s Decision
We are still awaiting the Hellenic Data Protection Authority’s decision, as its investigation has now lasted over 4 years and 7 months (initiated in August 2020). The situation is escalating rapidly, and the risks to democracy and human rights protection are extremely high.
A big thank you to the journalist for her interest in our work!
You can read the full article here.
4 million euros were spent by the Greek Police to issue fines related to violations of the Road Traffic Code
Back in 2019, we started one of our first actions in the field of artificial intelligence by bringing to light the Smart Policing program of the Greek Police in collaboration with Intracom-Telecom.
The purpose of this project? The purchase of 1,000 portable devices that would enable functions like facial recognition, fingerprint scanning, document identification, and license plate recognition in urban centers during police checks.
We acted promptly and, in March 2020, requested the Data Protection Authority to investigate the matter, as, according to our legal analysis, processing biometric data in the context of using these devices would not be legal.
Since August 2020, the Authority has been investigating the case. The State paid the 4 million euros, and the company delivered the devices to the Hellenic Police. The latest development was in October 2024, when the Hellenic Police decided, starting from the first quarter of 2025, to use the document/license plate recognition functions of the devices to issue fines for violations of the Road Traffic Code.
We are glad that our swift action and the investigation by the Data Protection Authority froze the use of the invasive facial recognition and fingerprint scanning functions of these devices. However, the relevant decision by the Authority must be published immediately.
The 4.5 years of investigation by the Data Protection Authority also reveal that the state must support the Data Protection Authority, as the high level of expertise of its inspectors is not enough, and more human and financial resources are needed. And all this without considering the increased workload expected in the coming years with the AI Act.
You can read more about this in our latest study on the AI Act, pages 51-54 here.
Homo Digitalis Submits Urgent Letter to the Council of Europe’s Commissioner for Human Rights
Homo Digitalis submitted today a letter to the Council of Europe’s Commissioner for Human Rights.
We this letter, the Greek CSO aims to draw the Commissioner’s attention to the following three issues:
A. The imminent adoption of a Presidential Decree in Greece permitting state authorities to procure spyware.
B. The deteriorating condition of independent supervisory authorities in Greece, plagued by power struggles, understaffing, and financial constraints.
C. The latest developments in the ongoing PREDATOR scandal in Greece, which leaves critical questions unanswered regarding the surveillance of journalists, politicians, and lawyers through illegal means.
Moreover, with this letter Homo Digitalis urges the Commissioner:
- To give full and close attention to the situation in Greece,
- To take into account the facts presented above and urgently request further information and clarifications from Greek authorities,
- To examine the situation in Greece and take necessary steps to identify any shortcomings in the law and practices concerning human rights abuses, and
- To assist in strengthening the activities of national supervisory institutions and other human rights structures in Greece.
You can read the letter (EN) here.
Homo Digitalis is immediately informed by the Hellenic DPA & the Hellenic Authority for Communication Security and Privacy for their intervention re the Draft Presidential Decree on Spyware
On Tuesday July 30th η Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.
In response to our request, the response of the HDPA and ADAE has been lightning fast. Specifically, the Directorate of Supervisory Work of the HDPA informed us on the same day, 30 July 2024, that the HDPA has requested the draft presidential decree from the Ministry of Citizen Protection from 19 July 2024 in order to give its opinion on the matter, while the President of ADAE, Mr. Rammos, in a letter addressed to Homo Digitalis on August 1, 2024, informed us that ADAE, as it always does, within the framework of its constitutional and statutory competence, it goes without saying that it will exercise its advisory competence (provided for by Article 6 paragraph 1 point i of Law 3115 /2003) and on the specific draft presidential decree in the context of an institutional dialogue with all the state bodies involved in its adoption.
We await with interest the relevant developments in the near future, since, as Homo Digitalis has pointed out in its letter to the two independent authorities, the provisions of the draft presidential decree may cause irreparable risks for democracy, the rule of law and the protection of fundamental rights and freedoms in Greece.
We requested from the Hellenic DPA and the Hellenic Authority for Communication Security and Privacy to issue an Opinion on the Draft Presidential Decree for the procurement of spyware by Greek authorities
Today, 30.7.2024, Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.
The lack of transparency and openness regarding the whole process of drafting the text of the draft Presidential Decree, as well as the absence of an informed dialogue with the independent authorities of the country and with the advisory bodies of the state , combined with its late preparation, which contradicts the explicit provision of the legislator in Articles 13 and 47 of Law 5002 /2022, create additional concerns in the public sphere, as well as in certain professional circles, such as politicians, journalists, and lawyers, whose preservation of the confidentiality of communications is vital for democracy.
Homo Digitalis considers that, in the absence of immediate intervention by the two supervisory authorities, there is a serious risk that the provisions of the Draft Presidential Decree may not meet the requirements set out in Union law and the case law of the CJEU, may contravene the values enshrined in Article 2 TEU and the Fundamental Rights enshrined in the Charter and, in particular Articles 7, 8, 11, 11, 17, 21 and 47 thereof, fail to comply with the requirements laid down in Council of Europe law, in particular the values enshrined in the ECHR and Convention 108 and the case-law of the ECtHR, and infringe Articles 9A, 14 and 19 of the Greek Constitution.
Furthermore, Homo Digitalis considers that there is a serious possibility that the provisions of the said Draft Presidential Decree will create a lower level of protection in Greece than in other EU Member States, thus hindering the exchange of data and information between Greece and other Member States and leading to the impossibility of fighting serious crime and terrorism at a cross-border level whenever the use of spyware by the Greek authorities has taken place.
You can read our request in detail here.
We call on the Greek DPA to investigate the Ministry of Interior for the use of artificial intelligence algorithms for the reallocation of employees in the public sector
On 9 July Homo Digitalis filed a request (no. 5812/9.7.2024) before the Greek Data Protection Authority, in order for the latter to exercise its investigative powers against the Ministry of Interior.
In particular, following the Authority’s Decision 16/2024 in April 2024, by which it had imposed a record fine of 400,000 euros on the Ministry of Interior for significant breaches of data protection legislation, the Ministry is again in the spotlight, this time for the artificial intelligence tool it is developing for strategic staffing planning in the public sector.
The tool concerns the reallocation of existing staff and the estimation of the needs for new staff, while it will be piloted in 9 public sector institutions, namely the Development Programmes Organisation and Management Unit, the Independent Public Expenditure Authority, the Public Employment Service, the Athens General Hospital “G. Gennimatas Hospital, the Municipality of Thessaloniki, the Region of Attica, the Ministry of Education and Religious Affairs, the Ministry of Environment and Energy and the Ministry of Culture and Sports.
The project is expected to be completed in December 2025, at a cost of €11,708,543.
Because the tool needs to include functionalities for the collection, management and analysis of personal data, Homo Digitalis had filed a letter on 15 April 2024 before the then Minister of Interior Ms.Kerameos and the Data Protection Officer of the Ministry, in which it raised key questions regarding both the compliance required with the legislation on the protection of personal data and the legislation on the use of artificial intelligence and other emerging technologies in the public sector (Law 4961/2022). However, the Ministry did not provide any response, even after a written reminder of our request on 30 May, forcing us to address the DPA to investigate thoroughly the development, implementation and piloting of this tool and the implications for the rights of public sector employees.
You can see our request here (EL).
We give a lecture at the OSCE's three-day training seminar on the protection of human rights at the borders
The OSCE Office for Democratic Institutions and Human Rights (ODIHR) organizes next week its training course for human rights defenders working at international borders in Warsaw! The three-day training course aims to enable human rights defenders to understand the human rights implications of border technologies and to improve their skills in collecting and verifying information through various means, including new technologies, for effective human rights monitoring at borders.
On a pro bono basis, Homo Digitalis and HIAS Greece will give a lecture during the training course related to our great success with the KENTAUROS and HYPERION case!
Our lecture titled “Combating Centaurs and Titans – Leveraging Data Protection Law to Counter Intrusive Surveillance in Migration” will focus on how data protection law can be strategically employed to challenge invasive surveillance technologies used in migration. Eleftherios Chelioudakis will represent Homo Digitalis in this lecture.
We would like to thank the organizers for their kind invitation, as well as HIAS Greece for the great collaboration.
You can find more information about the OSCE Office for Democratic Institutions and Human Rights (ODIHR) here.
Centaur & Hyperion: We asked the Greek DPA whether the Ministry of Immigration & Asylum has made the necessary compliance steps
In the framework of the Decision 13/2024 of the Greek Data Protection Authority (DPA), which was posted on its website on 2/4/2024, the Ministry of Immigration and Asylum was instructed to take all necessary steps to complete its compliance with the obligations of the controller, as described in the body of the Decision, within 3 (three) months from the date of its receipt.
Given that on Tuesday 2/7/2024, 3 months were completed, we decided to send a letter to the DPA on Wednesday 3/7/2024 (ref. no. G/EIS/5662/03-07-2024) requesting to be informed whether the Authority has received any relevant information from the Ministry of Immigration and Asylum regarding the completion of its compliance, as it was obliged to do.
It remains to be seen what level of compliance has been achieved in these three months in a case that is of the utmost importance.