I HAVE RIGHTS and Homo Digitalis Publish Report on the Situation in the Samos Closed Controlled Access Centre (CCAC) One Year After the Fine Issued by the Hellenic Data Protection Authority for KENTAURUS and HYPERION Systems
The Hellenic Ministry of Migration (MoMA) continues to violate data protection rights of asylum seekers in the Samos Closed Control Access Centre (CCAC), I Have Rights and Homo Digitalis said in a report released today.
The report, titled “They Never Tell Us Anything”: Ongoing Data Rights Violations in the Samos CCAC analyses the implementation of a compliance order issued by the Hellenic Data Protection Authority (HDPA) in April 2024. In this historic ruling, the HDPA had found that MoMA’s use of surveillance technologies in reception facilities across Greece, including biometric access systems and surveillance infrastructure tools violates EU data protection laws (GDPR).
Ten months after the passing of the implementation period in July 2024, the report finds that MoMA has failed to comply with the order. “The ongoing violations of data protection rights in the Samos CCAC are emblematic of a system where control and surveillance are prioritised over the rights of those seeking protection” said Réka Rebeka Rósa, Legal and Team Coordinator at I Have Rights. “The European Union should press Greek authorities to address prevailing rights violations. Otherwise, these violations risk becoming a blueprint for further (digital) rights abuse of people on the move across Europe.”
The Samos CCAC opened in September 2021 as the first of the now existing five facilities in Greece, following an agreement between the European Commission and the Greek Government in 2020. Since its opening, NGOs, international human rights experts and people held in the facility have consistently raised concerns about the facility’s securitised infrastructure, de facto detention practices, and inadequate living conditions.
These concerns are exacerbated by the overall lack of transparency in the Greek asylum procedure and opaque surveillance system in the Samos CCAC.
As one client explained about the intransparency of biometric data collection: “No, no one explains it. They only take fingerprints and take us from one place to another, and we do it without knowing why. There is no person to explain what is happening.”
Greece has legal and moral obligations to uphold fundamental rights and data protection rights of asylum seekers, as enshrined in the European Charter of Fundamental Rights and GDPR. The European Union, in particular the European Commission – given its central role in conceptualising, financing, operating, and monitoring the CCACs in Greece – bears responsibility to ensure that these standards are fully respected. “The continued lack of GDPR compliance, in terms of transparency and accountability in the deployment of the Centaur and Hyperion surveillance systems, at the Samos CCAC reflects a disturbing erosion of the fundamental rights. By failing to meet even the basic requirements of data protection in practice, MoMA is reinforcing a dangerous trend of surveillance-driven border management that dehumanizes people on the move” said Eleftherios Chelioudakis, Executive Director at Homo Digitalis.
Homo Digitalis meets with the National Commissioner for Human Rights (NCHR)
The Greek National Commission for Human Rights (GNCHR) welcomed the NGO Homo Digitalis to its offices on May 13, 2025, for a meeting focused on digital rights and artificial intelligence.
Among other topics, the discussion covered recent developments in the field of emerging technologies, the EU Artificial Intelligence Act and its implementation, as well as the role of the GNCHR under the Regulation, following its designation as one of the authorities referred to in Article 77 (Powers of Fundamental Rights Monitoring Authorities).
Participants in the meeting included Professor Maria Gavouneli, President of the GNCHR, Elli Varchalama, Second Vice-President of the GNCHR, Dr. Christos Tsevas, Special Scientist, Eleftherios Chelioudakis, Co-Founder and Executive Director of Homo Digitalis and Lambrini Gyftokosta, Director of Human Rights & Artificial Intelligence at Homo Digitalis.
From Secrecy to Transparency: The Five-Year Battle for the Publication of Police Camera Operation Decisions
Strategic legal action takes time, but its outcomes benefit society as a whole, strengthening public trust in institutions.
In December 2020, Homo Digitalis, in collaboration with Reporters United and The Press Project, formally requested access to the Hellenic Police’s decisions regarding the operation of drones and other portable cameras in public spaces, as stipulated in Article 12 of Presidential Decree 75/2020. Despite the legal obligation to publish these decisions publicly, the police refused access, disregarding the transparency required by law.
A few months later, in May 2021, we filed a joint complaint before the Hellenic Data Protection Authority (HDPA), citing repeated non-compliance by the police—at least 67 times over a short period. The HDPA launched an investigation into the legality of these practices.
In early 2024, we submitted a request for access to HDPA documents to better understand the progress of the investigation. Correspondence between the Hellenic Police and the HDPA revealed that, even as of March 2024, the police continued to argue that Presidential Decree 75/2020 did not require them to publish camera operation decisions, despite the HDPA’s opposing view.
Yesterday, through a report by journalist Giannis Bazaios in Efimerida ton Syntakton, we learned that such a decision had been published on the Hellenic Police’s website. Indeed, upon verification, we found that as of February 17, 2025, the police had changed their practice and begun publishing these decisions as required by law. The report was published today online here.
From the initial refusal in 2020, it took five years for this change to be implemented. We now eagerly await the final decision of the HDPA and the conclusion of its investigation, which will establish a definitive framework for transparency and accountability within law enforcement.
What’s Happening with the 1,000 Smart Policing Devices of the Hellenic Police, Five Years After Our Complaint to the Hellenic Data Protection Authority ?
What is the status of the 1,000 portable smart policing devices used by the Hellenic Police as part of the Smart Policing program, which incorporate artificial intelligence technologies and cost €4 million? (Spoiler alert: the news is not good!)
Journalist Eftychia Soufleri has written a detailed article for NEWS247.gr (THE MAGAZINE) shedding light on the case and highlighting the key actions taken by Homo Digitalis since 2019. Our Executive Director, Eleftherios Chelioudakis, provided statements on behalf of our organization.
Significant Revelations Emerge for the First Time!
According to the report, despite the absence of any legal framework allowing their use, the Hellenic Police:
-
Claims to have been using the devices operationally since 2021, even though the Hellenic Data Protection Authority (HDPA) has been investigating the matter since August 2020 and continues to do so today.
-
Confirms that it fully utilizes the biometric processing capabilities of these devices (facial recognition, fingerprint identification).
-
Validates what was outlined in the 2018 technical specifications document, namely that the devices are used for “preventive policing”, with the collected data potentially being used in the future to establish correlations, conclusions, and predictive analytics.
Awaiting the HDPA’s Decision
We are still awaiting the Hellenic Data Protection Authority’s decision, as its investigation has now lasted over 4 years and 7 months (initiated in August 2020). The situation is escalating rapidly, and the risks to democracy and human rights protection are extremely high.
A big thank you to the journalist for her interest in our work!
You can read the full article here.
4 million euros were spent by the Greek Police to issue fines related to violations of the Road Traffic Code
Back in 2019, we started one of our first actions in the field of artificial intelligence by bringing to light the Smart Policing program of the Greek Police in collaboration with Intracom-Telecom.
The purpose of this project? The purchase of 1,000 portable devices that would enable functions like facial recognition, fingerprint scanning, document identification, and license plate recognition in urban centers during police checks.
We acted promptly and, in March 2020, requested the Data Protection Authority to investigate the matter, as, according to our legal analysis, processing biometric data in the context of using these devices would not be legal.
Since August 2020, the Authority has been investigating the case. The State paid the 4 million euros, and the company delivered the devices to the Hellenic Police. The latest development was in October 2024, when the Hellenic Police decided, starting from the first quarter of 2025, to use the document/license plate recognition functions of the devices to issue fines for violations of the Road Traffic Code.
We are glad that our swift action and the investigation by the Data Protection Authority froze the use of the invasive facial recognition and fingerprint scanning functions of these devices. However, the relevant decision by the Authority must be published immediately.
The 4.5 years of investigation by the Data Protection Authority also reveal that the state must support the Data Protection Authority, as the high level of expertise of its inspectors is not enough, and more human and financial resources are needed. And all this without considering the increased workload expected in the coming years with the AI Act.
You can read more about this in our latest study on the AI Act, pages 51-54 here.
Homo Digitalis Submits Urgent Letter to the Council of Europe’s Commissioner for Human Rights
Homo Digitalis submitted today a letter to the Council of Europe’s Commissioner for Human Rights.
We this letter, the Greek CSO aims to draw the Commissioner’s attention to the following three issues:
A. The imminent adoption of a Presidential Decree in Greece permitting state authorities to procure spyware.
B. The deteriorating condition of independent supervisory authorities in Greece, plagued by power struggles, understaffing, and financial constraints.
C. The latest developments in the ongoing PREDATOR scandal in Greece, which leaves critical questions unanswered regarding the surveillance of journalists, politicians, and lawyers through illegal means.
Moreover, with this letter Homo Digitalis urges the Commissioner:
- To give full and close attention to the situation in Greece,
- To take into account the facts presented above and urgently request further information and clarifications from Greek authorities,
- To examine the situation in Greece and take necessary steps to identify any shortcomings in the law and practices concerning human rights abuses, and
- To assist in strengthening the activities of national supervisory institutions and other human rights structures in Greece.
You can read the letter (EN) here.
Homo Digitalis is immediately informed by the Hellenic DPA & the Hellenic Authority for Communication Security and Privacy for their intervention re the Draft Presidential Decree on Spyware
On Tuesday July 30th η Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.
In response to our request, the response of the HDPA and ADAE has been lightning fast. Specifically, the Directorate of Supervisory Work of the HDPA informed us on the same day, 30 July 2024, that the HDPA has requested the draft presidential decree from the Ministry of Citizen Protection from 19 July 2024 in order to give its opinion on the matter, while the President of ADAE, Mr. Rammos, in a letter addressed to Homo Digitalis on August 1, 2024, informed us that ADAE, as it always does, within the framework of its constitutional and statutory competence, it goes without saying that it will exercise its advisory competence (provided for by Article 6 paragraph 1 point i of Law 3115 /2003) and on the specific draft presidential decree in the context of an institutional dialogue with all the state bodies involved in its adoption.
We await with interest the relevant developments in the near future, since, as Homo Digitalis has pointed out in its letter to the two independent authorities, the provisions of the draft presidential decree may cause irreparable risks for democracy, the rule of law and the protection of fundamental rights and freedoms in Greece.
We requested from the Hellenic DPA and the Hellenic Authority for Communication Security and Privacy to issue an Opinion on the Draft Presidential Decree for the procurement of spyware by Greek authorities
Today, 30.7.2024, Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.
The lack of transparency and openness regarding the whole process of drafting the text of the draft Presidential Decree, as well as the absence of an informed dialogue with the independent authorities of the country and with the advisory bodies of the state , combined with its late preparation, which contradicts the explicit provision of the legislator in Articles 13 and 47 of Law 5002 /2022, create additional concerns in the public sphere, as well as in certain professional circles, such as politicians, journalists, and lawyers, whose preservation of the confidentiality of communications is vital for democracy.
Homo Digitalis considers that, in the absence of immediate intervention by the two supervisory authorities, there is a serious risk that the provisions of the Draft Presidential Decree may not meet the requirements set out in Union law and the case law of the CJEU, may contravene the values enshrined in Article 2 TEU and the Fundamental Rights enshrined in the Charter and, in particular Articles 7, 8, 11, 11, 17, 21 and 47 thereof, fail to comply with the requirements laid down in Council of Europe law, in particular the values enshrined in the ECHR and Convention 108 and the case-law of the ECtHR, and infringe Articles 9A, 14 and 19 of the Greek Constitution.
Furthermore, Homo Digitalis considers that there is a serious possibility that the provisions of the said Draft Presidential Decree will create a lower level of protection in Greece than in other EU Member States, thus hindering the exchange of data and information between Greece and other Member States and leading to the impossibility of fighting serious crime and terrorism at a cross-border level whenever the use of spyware by the Greek authorities has taken place.
You can read our request in detail here.
We call on the Greek DPA to investigate the Ministry of Interior for the use of artificial intelligence algorithms for the reallocation of employees in the public sector
On 9 July Homo Digitalis filed a request (no. 5812/9.7.2024) before the Greek Data Protection Authority, in order for the latter to exercise its investigative powers against the Ministry of Interior.
In particular, following the Authority’s Decision 16/2024 in April 2024, by which it had imposed a record fine of 400,000 euros on the Ministry of Interior for significant breaches of data protection legislation, the Ministry is again in the spotlight, this time for the artificial intelligence tool it is developing for strategic staffing planning in the public sector.
The tool concerns the reallocation of existing staff and the estimation of the needs for new staff, while it will be piloted in 9 public sector institutions, namely the Development Programmes Organisation and Management Unit, the Independent Public Expenditure Authority, the Public Employment Service, the Athens General Hospital “G. Gennimatas Hospital, the Municipality of Thessaloniki, the Region of Attica, the Ministry of Education and Religious Affairs, the Ministry of Environment and Energy and the Ministry of Culture and Sports.
The project is expected to be completed in December 2025, at a cost of €11,708,543.
Because the tool needs to include functionalities for the collection, management and analysis of personal data, Homo Digitalis had filed a letter on 15 April 2024 before the then Minister of Interior Ms.Kerameos and the Data Protection Officer of the Ministry, in which it raised key questions regarding both the compliance required with the legislation on the protection of personal data and the legislation on the use of artificial intelligence and other emerging technologies in the public sector (Law 4961/2022). However, the Ministry did not provide any response, even after a written reminder of our request on 30 May, forcing us to address the DPA to investigate thoroughly the development, implementation and piloting of this tool and the implications for the rights of public sector employees.
You can see our request here (EL).