From Secrecy to Transparency: The Five-Year Battle for the Publication of Police Camera Operation Decisions
Strategic legal action takes time, but its outcomes benefit society as a whole, strengthening public trust in institutions.
In December 2020, Homo Digitalis, in collaboration with Reporters United and The Press Project, formally requested access to the Hellenic Police’s decisions regarding the operation of drones and other portable cameras in public spaces, as stipulated in Article 12 of Presidential Decree 75/2020. Despite the legal obligation to publish these decisions publicly, the police refused access, disregarding the transparency required by law.
A few months later, in May 2021, we filed a joint complaint before the Hellenic Data Protection Authority (HDPA), citing repeated non-compliance by the police—at least 67 times over a short period. The HDPA launched an investigation into the legality of these practices.
In early 2024, we submitted a request for access to HDPA documents to better understand the progress of the investigation. Correspondence between the Hellenic Police and the HDPA revealed that, even as of March 2024, the police continued to argue that Presidential Decree 75/2020 did not require them to publish camera operation decisions, despite the HDPA’s opposing view.
Yesterday, through a report by journalist Giannis Bazaios in Efimerida ton Syntakton, we learned that such a decision had been published on the Hellenic Police’s website. Indeed, upon verification, we found that as of February 17, 2025, the police had changed their practice and begun publishing these decisions as required by law. The report was published today online here.
From the initial refusal in 2020, it took five years for this change to be implemented. We now eagerly await the final decision of the HDPA and the conclusion of its investigation, which will establish a definitive framework for transparency and accountability within law enforcement.
What’s Happening with the 1,000 Smart Policing Devices of the Hellenic Police, Five Years After Our Complaint to the Hellenic Data Protection Authority ?
What is the status of the 1,000 portable smart policing devices used by the Hellenic Police as part of the Smart Policing program, which incorporate artificial intelligence technologies and cost €4 million? (Spoiler alert: the news is not good!)
Journalist Eftychia Soufleri has written a detailed article for NEWS247.gr (THE MAGAZINE) shedding light on the case and highlighting the key actions taken by Homo Digitalis since 2019. Our Executive Director, Eleftherios Chelioudakis, provided statements on behalf of our organization.
Significant Revelations Emerge for the First Time!
According to the report, despite the absence of any legal framework allowing their use, the Hellenic Police:
-
Claims to have been using the devices operationally since 2021, even though the Hellenic Data Protection Authority (HDPA) has been investigating the matter since August 2020 and continues to do so today.
-
Confirms that it fully utilizes the biometric processing capabilities of these devices (facial recognition, fingerprint identification).
-
Validates what was outlined in the 2018 technical specifications document, namely that the devices are used for “preventive policing”, with the collected data potentially being used in the future to establish correlations, conclusions, and predictive analytics.
Awaiting the HDPA’s Decision
We are still awaiting the Hellenic Data Protection Authority’s decision, as its investigation has now lasted over 4 years and 7 months (initiated in August 2020). The situation is escalating rapidly, and the risks to democracy and human rights protection are extremely high.
A big thank you to the journalist for her interest in our work!
You can read the full article here.
4 million euros were spent by the Greek Police to issue fines related to violations of the Road Traffic Code
Back in 2019, we started one of our first actions in the field of artificial intelligence by bringing to light the Smart Policing program of the Greek Police in collaboration with Intracom-Telecom.
The purpose of this project? The purchase of 1,000 portable devices that would enable functions like facial recognition, fingerprint scanning, document identification, and license plate recognition in urban centers during police checks.
We acted promptly and, in March 2020, requested the Data Protection Authority to investigate the matter, as, according to our legal analysis, processing biometric data in the context of using these devices would not be legal.
Since August 2020, the Authority has been investigating the case. The State paid the 4 million euros, and the company delivered the devices to the Hellenic Police. The latest development was in October 2024, when the Hellenic Police decided, starting from the first quarter of 2025, to use the document/license plate recognition functions of the devices to issue fines for violations of the Road Traffic Code.
We are glad that our swift action and the investigation by the Data Protection Authority froze the use of the invasive facial recognition and fingerprint scanning functions of these devices. However, the relevant decision by the Authority must be published immediately.
The 4.5 years of investigation by the Data Protection Authority also reveal that the state must support the Data Protection Authority, as the high level of expertise of its inspectors is not enough, and more human and financial resources are needed. And all this without considering the increased workload expected in the coming years with the AI Act.
You can read more about this in our latest study on the AI Act, pages 51-54 here.
We call on the Greek DPA to investigate the Ministry of Interior for the use of artificial intelligence algorithms for the reallocation of employees in the public sector
On 9 July Homo Digitalis filed a request (no. 5812/9.7.2024) before the Greek Data Protection Authority, in order for the latter to exercise its investigative powers against the Ministry of Interior.
In particular, following the Authority’s Decision 16/2024 in April 2024, by which it had imposed a record fine of 400,000 euros on the Ministry of Interior for significant breaches of data protection legislation, the Ministry is again in the spotlight, this time for the artificial intelligence tool it is developing for strategic staffing planning in the public sector.
The tool concerns the reallocation of existing staff and the estimation of the needs for new staff, while it will be piloted in 9 public sector institutions, namely the Development Programmes Organisation and Management Unit, the Independent Public Expenditure Authority, the Public Employment Service, the Athens General Hospital “G. Gennimatas Hospital, the Municipality of Thessaloniki, the Region of Attica, the Ministry of Education and Religious Affairs, the Ministry of Environment and Energy and the Ministry of Culture and Sports.
The project is expected to be completed in December 2025, at a cost of €11,708,543.
Because the tool needs to include functionalities for the collection, management and analysis of personal data, Homo Digitalis had filed a letter on 15 April 2024 before the then Minister of Interior Ms.Kerameos and the Data Protection Officer of the Ministry, in which it raised key questions regarding both the compliance required with the legislation on the protection of personal data and the legislation on the use of artificial intelligence and other emerging technologies in the public sector (Law 4961/2022). However, the Ministry did not provide any response, even after a written reminder of our request on 30 May, forcing us to address the DPA to investigate thoroughly the development, implementation and piloting of this tool and the implications for the rights of public sector employees.
You can see our request here (EL).
We submitted important questions to the Minister of Interior, Ms Kerameos, on the project "Development and operation of a tool for the strategic planning of public sector staffing in terms of artificial intelligence" and its pilot application in 9 institutions
On April 15, Homo Digitalis submitted an electronic letter to the Minister of Interior, Ms Kerameos, regarding the Ministry’s project entitled “Development and operation of a tool for strategic planning of public sector staffing in terms of artificial intelligence”.
Our letter was communicated to the President of the Personal Data Protection Authority, Mr. Menoudakos, and to the Data Protection Officer of the Ministry of Interior, Mr. Theocharis.
More specifically, this project relates to the development and operation of a tool for the strategic planning of human resources in the public sector in terms of artificial intelligence and concerns the following axes:
– Creation of an integrated framework for strategic staffing planning (optimal allocation of existing and new staff) in the public sector (including technical specifications for the implementation and revision of existing frameworks)
– Pilot implementation in 9 Public Sector Entities and more specifically in MOD SA, AADE, OAED, Athens General Hospital “G. Municipality of Thessaloniki, Region of Attica, Ministry of Education and Religious Affairs, Ministry of Environment and Energy and Ministry of Culture and Sports,
– Design of training programmes for (a) users and (b) upgrading the skills of civil servants, and
– Development of the knowledge repository of civil servants.
According to relevant information posted on the website of the Ministry of Interior and articles in various media, the Ministry of Interior is the project manager and has already contracted with Deloitte for its preparation. In fact, according to the timetable, the work has made significant progress.
In its letter, Homo Digitalis requests information from the Minister on a number of questions regarding both the legal framework for the protection of personal data (Law 4624/2019 – GDPR), and the legal framework for the use of artificial intelligence systems by the public sector (Law 4961/2022), as the pilot implementation of the project is expected to take place immediately in the 9 institutions mentioned above.
Specifically, we put the following questions to the Minister in our letter:
-Has the Ministry of Interior carried out a data protection impact assessment before the project was announced, in accordance with the principles of data protection “already by design” and “by default”?
-Has a relevant Data Protection Impact Assessment been carried out specifically in relation to the pilot implementation of the platform in the 9 public bodies?
-If the relevant Assessments have been prepared, has the Ministry considered it necessary to consult the Data Protection Authority in this respect?
-Does the Ministry consider the 9 public bodies as joint controllers and if so, has the Ministry proceeded with the relevant obligations as set out in Article 26 GDPR?
-Can the Ministry inform us of the relevant categories of personal data, the purposes of the processing for which such data are intended, and the legal basis for the processing you intend to use?
-Can the Ministry point us to the exact website where the Ministry of Interior’s contract with Deloitte is posted so that we can study the relevant provisions contained therein, especially with regard to the processing of personal data?
-Finally, has the Ministry of Interior proceeded to comply with the obligations arising from the provisions of Law 4961/2022, and in particular has an algorithmic impact assessment been carried out (Article 5), has it taken the necessary transparency measures (Article 6), has the project contractor fulfilled their obligations in this respect (Article 7), and has the Ministry kept a register (Article 8) in view of the forthcoming pilot use of the system?
We published our successful Report for the five-year period 2018-2023
In 2018, we started with 6 founding members, 25 volunteers and 1,000 euros in the organization’s account. Nobody knew us, but we knew what we wanted to achieve, what gap we were trying to fill, where we wanted to go.Today, we celebrate our 6 years of operation and publish our 5-year report, about everything we have achieved in the period 2018 -2023. The detailed Report contains the beginning of our story, information about the mission, vision and values of Homo Digitalis, and a thorough review of all our major successes by pillar of action, namely a) Awareness, b) Advocay , and c) Legal Actions and Interventions. Finally, in order to enhance transparency about our financial accounts, we have also included all of our Financial Reports for the entire five years period!
You can read our Homo Digitalis’ “Five Year Report 2018-2023” in Greek here or in English here. The report was curated by our Director on Human Rights and AI, Lambrini Gyftokosta.
Looking back we are happy, proud and excited, because until the summer of 2023, we: gained over 130 volunteers, have steadily increased our revenue by 353% every year, filed over 20 complaints with Greek and European authorities, managed to fine Clearview AI €20 million (the largest in Greece), visited more than 30 schools and raised awareness with our actions for more than 3500 students and citizens, gave more than 40 media interviews in Greece and Europe, supported more than 50 joint actions with other Greek and European organisations in the field of digital rights, acquired more than 10.000 followers on social media (LinkedIn, Facebook, Instagram, X), published more than 150 articles of scientific, technical and legal interest on our website with the contribution of our volunteers, became the first and only organisation from Greece to be a member of EDRi, the European Digital Rights Network; and although we started as a purely voluntary organisation, we managed to hire our first employee!
On this journey we were not alone. One of our greatest successes is our collaboration with a large network of universities, organisations, institutions, research centres and all our member volunteers who helped us take our actions one step further!
Looking ahead we are optimistic. We are moving forward dynamically, conquering small and big goals that will bring us even closer to the world we dream of and want to build together!
The Hellenic Data Protection Authority fines the Ministry of Migration and Asylum for the "Centaurus" and "Hyperion" systems with the largest penalty ever imposed to a Greek public body
Two years ago, in February 2022, Homo Digitalis had filed a complaint against the Ministry of Immigration and Asylum for the “Centaurus” and “Hyperion” systems deployed in the reception and accommodation facilities for asylum seekers, in cooperation with the civil society organizations Hellenic League for Human Rights and HIAS Greece, as well as the academic Niovi Vavoula.
Today, the Hellenic Data Protection Authority identified significant GDPR violations in this case by the Ministry of Immigration and Asylum and decided to impose a fine of €175.000 euro – the highest ever imposed against a public body in the country.
The detailed analysis of the GDPR highlights the significant shortcomings that the Ministry of Immigration and Asylum had fallen into in the context of preparing a comprehensive and coherent Data Protection Impact Assessment, and demonstrates the significant violations of the GDPR that have been identified and relate to a large number of subjects who have a real hardship in being able to exercise their rights.
Despite the fact that the DPA remains understaffed, with a reduced budget, facing even the the risk of eviction from its premises, it manages to fulfil its mission and maintain citizens’ trust in the Independent Authorities. It remains to be seen how long the DPA will last if the state does not stand by its side.
Of course, nothing ends here. A high fine does not in itself mean anything. The Ministry of Immigration and Asylum must comply within 3 months with its obligations. However, the decision gives us the strength to continue our actions in the field of border protection in order to protect the rights of vulnerable social groups who are targeted by highly intrusive technologies.
You can read our press release here.
You can read Decision 13/2024 on the Authority’s website here.
We participated at DFF’s Annual Strategy Meeting (ASM24)
We participated at DFF’s Annual Strategy Meeting (ASM24)
Two weeks ago, Homo Digitalis’ President, Elpida Vamvaka, was in Berlin at Digital Freedom Fund’s Annual Strategy Meeting (ASM24). We are grateful for the chance to engage in enriching dialogue with such inspiring fellow digital rights defenders working to propel human rights forward!
The meeting’s goals were to share meaningful exchanges and updates on digital rights topics, explore new opportunities to organise and collaborate at the intersection of racial, social, economic and environmental justice, to centre care, to safeguard well-being and to build resilience.
The meeting featured peer-driven highlights from DFF’s network, discussions mapping the 2024 landscape and beyond on digital rights issues, knowledge and skill sharing sessions, and a powerful panel on war crimes & digital rights. Stay tuned for the video coming soon!
Topics ranged from queer & trans*, labour, disability, environmental, welfare, prisoners’, children’s and migrants’ rights, to spyware, surveillance, digital policing, platform accountability, movement lawyering, organising for digital justice, and many more.
We would like to extend a heartfelt thank you to the organizers for inviting us, as well as to all individual participants and represented organisations for making this year’s Annual Strategy Meeting a success.
Our new action before the European Data Protection Board on its case regardin Meta's Pay Or Okay model
Last Thursday, 7 March, together with European Digital Rights and other important civil society organisations, we submitted an Open Letter to the European Data Protection Board (EDPS) on Meta’s #PayOrOkay model.
We call on the EDPS in its opinion to condemn these commercial subscription models that allow those with the money to pay for their privacy and those without to be at the mercy of the voracious data collection practices of big tech companies.
You can read our letter in detail here. This is Homo Digitalis’ second relevant action against Meta’s Pay or Okay model on a pan-European level.