We requested from the Hellenic DPA and the Hellenic Authority for Communication Security and Privacy to issue an Opinion on the Draft Presidential Decree for the procurement of spyware by Greek authorities
Today, 30.7.2024, Homo Digitalis filed a request before the President of the Hellenic Data Protection Authority (HDPA), Mr.Menoudakos (no.6277/30-07-2024), and the President of the Hellenic Authority for Communication Security and Privacy (ADAE), Mr. Rammou (no. 2755/30-07-2024), in order for the two Independent Authorities to exercise their advisory powers and issue a joint Opinion regarding the Draft Presidential Decree of Articles 13 & 47 of Law 5002 /2022 on the procurement of contracts on behalf of governmental structures for the supply of spyware or surveillance devices.
The lack of transparency and openness regarding the whole process of drafting the text of the draft Presidential Decree, as well as the absence of an informed dialogue with the independent authorities of the country and with the advisory bodies of the state , combined with its late preparation, which contradicts the explicit provision of the legislator in Articles 13 and 47 of Law 5002 /2022, create additional concerns in the public sphere, as well as in certain professional circles, such as politicians, journalists, and lawyers, whose preservation of the confidentiality of communications is vital for democracy.
Homo Digitalis considers that, in the absence of immediate intervention by the two supervisory authorities, there is a serious risk that the provisions of the Draft Presidential Decree may not meet the requirements set out in Union law and the case law of the CJEU, may contravene the values enshrined in Article 2 TEU and the Fundamental Rights enshrined in the Charter and, in particular Articles 7, 8, 11, 11, 17, 21 and 47 thereof, fail to comply with the requirements laid down in Council of Europe law, in particular the values enshrined in the ECHR and Convention 108 and the case-law of the ECtHR, and infringe Articles 9A, 14 and 19 of the Greek Constitution.
Furthermore, Homo Digitalis considers that there is a serious possibility that the provisions of the said Draft Presidential Decree will create a lower level of protection in Greece than in other EU Member States, thus hindering the exchange of data and information between Greece and other Member States and leading to the impossibility of fighting serious crime and terrorism at a cross-border level whenever the use of spyware by the Greek authorities has taken place.
You can read our request in detail here.
We call on the Greek DPA to investigate the Ministry of Interior for the use of artificial intelligence algorithms for the reallocation of employees in the public sector
On 9 July Homo Digitalis filed a request (no. 5812/9.7.2024) before the Greek Data Protection Authority, in order for the latter to exercise its investigative powers against the Ministry of Interior.
In particular, following the Authority’s Decision 16/2024 in April 2024, by which it had imposed a record fine of 400,000 euros on the Ministry of Interior for significant breaches of data protection legislation, the Ministry is again in the spotlight, this time for the artificial intelligence tool it is developing for strategic staffing planning in the public sector.
The tool concerns the reallocation of existing staff and the estimation of the needs for new staff, while it will be piloted in 9 public sector institutions, namely the Development Programmes Organisation and Management Unit, the Independent Public Expenditure Authority, the Public Employment Service, the Athens General Hospital “G. Gennimatas Hospital, the Municipality of Thessaloniki, the Region of Attica, the Ministry of Education and Religious Affairs, the Ministry of Environment and Energy and the Ministry of Culture and Sports.
The project is expected to be completed in December 2025, at a cost of €11,708,543.
Because the tool needs to include functionalities for the collection, management and analysis of personal data, Homo Digitalis had filed a letter on 15 April 2024 before the then Minister of Interior Ms.Kerameos and the Data Protection Officer of the Ministry, in which it raised key questions regarding both the compliance required with the legislation on the protection of personal data and the legislation on the use of artificial intelligence and other emerging technologies in the public sector (Law 4961/2022). However, the Ministry did not provide any response, even after a written reminder of our request on 30 May, forcing us to address the DPA to investigate thoroughly the development, implementation and piloting of this tool and the implications for the rights of public sector employees.
You can see our request here (EL).
We give a lecture at the OSCE's three-day training seminar on the protection of human rights at the borders
The OSCE Office for Democratic Institutions and Human Rights (ODIHR) organizes next week its training course for human rights defenders working at international borders in Warsaw! The three-day training course aims to enable human rights defenders to understand the human rights implications of border technologies and to improve their skills in collecting and verifying information through various means, including new technologies, for effective human rights monitoring at borders.
On a pro bono basis, Homo Digitalis and HIAS Greece will give a lecture during the training course related to our great success with the KENTAUROS and HYPERION case!
Our lecture titled “Combating Centaurs and Titans – Leveraging Data Protection Law to Counter Intrusive Surveillance in Migration” will focus on how data protection law can be strategically employed to challenge invasive surveillance technologies used in migration. Eleftherios Chelioudakis will represent Homo Digitalis in this lecture.
We would like to thank the organizers for their kind invitation, as well as HIAS Greece for the great collaboration.
You can find more information about the OSCE Office for Democratic Institutions and Human Rights (ODIHR) here.
Centaur & Hyperion: We asked the Greek DPA whether the Ministry of Immigration & Asylum has made the necessary compliance steps
In the framework of the Decision 13/2024 of the Greek Data Protection Authority (DPA), which was posted on its website on 2/4/2024, the Ministry of Immigration and Asylum was instructed to take all necessary steps to complete its compliance with the obligations of the controller, as described in the body of the Decision, within 3 (three) months from the date of its receipt.
Given that on Tuesday 2/7/2024, 3 months were completed, we decided to send a letter to the DPA on Wednesday 3/7/2024 (ref. no. G/EIS/5662/03-07-2024) requesting to be informed whether the Authority has received any relevant information from the Ministry of Immigration and Asylum regarding the completion of its compliance, as it was obliged to do.
It remains to be seen what level of compliance has been achieved in these three months in a case that is of the utmost importance.
Interview of Homo Digitalis in mononews about our great success and the 175.000 euro fine of the Greek DPA to the Ministry of Asylum and Migration
Homo Digitalis spoke to mononews and journalist Alexianna Tsotsou for her report on our complaint against the KENTAUROS and YPERION systems and the 175,000 euro fine imposed by the Greek Data Protection Authority on the Ministry of Asylum and Migration. Comments on Homo Digitalis were provided by our Co-Founder and Lawyer, Eleftherios Chelioudakis
You can read the article here.
We would like to thank the journalist for her cooperation, her detailed reporting and her interest in our actions.
Homo Digitalis' interview with Computer Weekly about our great success and the 175,000 euro fine imposed by the Hellenic Data Protection Authority to the Ministry of Asylum and Migration
Homo Digitalis spoke to Computer Weekly and journalist Lydia Emmanouilidou for her report on our complaint against the KENTAUROS and YPERION systems and the 175,000 euro fine imposed by the Greek Data Protection Authority on the Ministry of Asylum and Migration. Comments on Homo Digitalis were provided by our Co-Founder and Lawyer, Eleftherios Chelioudakis.
You can read the article here.
We would like to thank the journalist for her cooperation, her revealing report and her interest in our actions.
Interview of Homo Digitalis on Netzpolitik.org about our great success and the 175.000 euro fine of the Hellenic Data Protection Authority to the Ministry of Asylum and Migration
Homo Digitalis spoke to Netzpolitik.org and journalist Chris Kover for their report on our complaint against the KENTAUROS and YPERION systems and the 175,000 euro fine imposed by the Greek Data Protection Authority on the Ministry of Asylum and Migration. Comments on Homo Digitalis were provided by our Co-Founder and Lawyer, Eleftherios Chelioudakis
You can read the article here.
We would like to thank the journalist for her cooperation and interest in our actions.
Interview of Homo Digitalis to SOLOMON for our great success and the 175.000 euro fine of the Hellenic DPA to the Ministry of Asylum and Migration
Homo Digitalis spoke to SOLOMON and journalists Lydia Emmanouilidou and Apostolis Fotiadis for their report on our complaint against the KENTAUROS and YPERION systems and the 175,000 euro fine imposed by the Greek Data Protection Authority on the Ministry of Migration and Asylum. Comments on Homo Digitalis were provided by our Co-Founder and Lawyer, Eleftherios Chelioudakis.
You can read the article and the journalists’ important revelations here.
We sincerely thank the journalists for their cooperation and interest in our actions.
The Hellenic Data Protection Authority fines the Ministry of Migration and Asylum for the "Centaurus" and "Hyperion" systems with the largest penalty ever imposed to a Greek public body
Two years ago, in February 2022, Homo Digitalis had filed a complaint against the Ministry of Immigration and Asylum for the “Centaurus” and “Hyperion” systems deployed in the reception and accommodation facilities for asylum seekers, in cooperation with the civil society organizations Hellenic League for Human Rights and HIAS Greece, as well as the academic Niovi Vavoula.
Today, the Hellenic Data Protection Authority identified significant GDPR violations in this case by the Ministry of Immigration and Asylum and decided to impose a fine of €175.000 euro – the highest ever imposed against a public body in the country.
The detailed analysis of the GDPR highlights the significant shortcomings that the Ministry of Immigration and Asylum had fallen into in the context of preparing a comprehensive and coherent Data Protection Impact Assessment, and demonstrates the significant violations of the GDPR that have been identified and relate to a large number of subjects who have a real hardship in being able to exercise their rights.
Despite the fact that the DPA remains understaffed, with a reduced budget, facing even the the risk of eviction from its premises, it manages to fulfil its mission and maintain citizens’ trust in the Independent Authorities. It remains to be seen how long the DPA will last if the state does not stand by its side.
Of course, nothing ends here. A high fine does not in itself mean anything. The Ministry of Immigration and Asylum must comply within 3 months with its obligations. However, the decision gives us the strength to continue our actions in the field of border protection in order to protect the rights of vulnerable social groups who are targeted by highly intrusive technologies.
You can read our press release here.
You can read Decision 13/2024 on the Authority’s website here.