We submitted a FOIA before the Greek Ministry of Education for its Memorandum of Cooperation with OpenAI
At Homo Digitalis, we support the innovations brought by new technologies and believe that they can significantly contribute to the improvement of our society, provided that their use complies with the applicable legal framework and aims to promote and protect our rights and freedoms. We envision a better world, where the adoption of technological solutions is the result of critical thinking as well as informed and balanced decision-making.
In this light, we were concerned by the signing, on Friday, September 5, of the “OpenAI for Greece” Memorandum of Cooperation by the Ministry of Education, Religious Affairs and Sports with OpenAI and other stakeholders, for the pilot use of the ChatGPT Edu tool by teachers and students in 20 high schools across the country.
How will teachers and students feel when asked to use tools provided by a company such as OpenAI, which has already been fined €15 million for violations of data protection legislation in Italy and is currently under investigation for possible violations in other countries, such as Austria?
And on what grounds are Artificial Intelligence systems based on proprietary software from US tech giants being prioritized over equivalent tools that could be developed with free and open-source software by research centers and institutions in Greece? Such a choice disregards the European Union’s strategy to strengthen openness, transparency, and technological sovereignty, and, in the case of widespread adoption, will inevitably lead to the dependency of our education system on proprietary software and foreign companies.
In light of the above, today we submitted (protocol number 108260/8/92025) before the Ministry of Education, Religious Affairs and Sports a request for access to documents and information, in which we set out our concerns in detail and request access both to the Memorandum of Cooperation and to other related legal deliverables that should have been drawn up regarding the obligations arising from Law 4624/2019 and Law 4961/2022.
You can see our request here (EL).
We spoke to POLITICO about our work in the field of Artificial Intelligence
Homo Digitalis spoke to Ellen O’Regan and POLITICO Europe for our actions in the field of border management next to prominent academics (Niovi Vavoula & Derya Ozkul), civil society organisations (European Digital Rights, Chloé Berthélémy Border Violence Monitoring Network, Pauline Fritz and Equinox: Racial Justice Initiative, Sarah Chander), EU Bodies & Agencies (European Commission, Europol, Claire Georges, Frontex) and the hashtagHellenic hashtagDPA!
Our Executive Director Eleftherios Chelioudakis, LL.M, M.Sc, represented us in this interview.
According to the article, the Hellenic DPA “wants to wrap up two long-running investigations this September, one into the Greek police’s use of portable face and fingerprint scanning tools, and another into the Greek coast guard’s adoption of social media monitoring software.” We are glad to hear that important progress has been made in these two cases initiated by Homo Digitalis and its allies, researcher Phoebus Simeonidis (omniatv), HIAS Greece, Hellenic League for Human Rights, and Privacy International.
Many thanks to the journalist for her interest in our work! Read the full article here.
We filed a complaint against Alphabet before the European Commission under the provisions of the DMA, together with five organizations.
European Digital Rights, ARTICLE 19, Free Software Foundation Europe (FSFE), Gesellschaft für Freiheitsrechte e.V., Vrijschrift.org, and Homo Digitalis filed a formal complaint against Alphabet Inc. under the Digital Markets Act (DMA) before the European Commission.
Despite the DMA’s clear gatekeeper rules:
-
On Android, users still cannot truly uninstall Google’s pre-installed apps; they can only disable them, which leaves them on the device. Yet Alphabet misleads users by claiming this is the same as removing an app. It is not.
-
The disable option is buried deep in the settings and, when users do find it, Android displays vague and intimidating warnings that discourage them from switching to alternative apps, making it harder to move away from Google’s ecosystem.
We are facing a textbook case of deceptive design, which restricts user choice and reinforces Alphabet’s gatekeeper position.
With our complaint, we call on the European Commission to investigate Alphabet’s practices and order the company to fully respect end-user rights under the DMA.
You can read our complaint on EDRi’s website here.
We call the Greek DPA to temporarily block the inclusion of the Personal Number on new ID cards until the necessary risk mitigation measures are implemented!
Since June, the Hellenic Police (EL.AS.) has been issuing ID cards that display the Personal Number (P.A). for citizens who already have one. As of tomorrow, June 28, 2025, it will no longer issue an ID card to any citizen who is eligible for a P.A. but has not yet completed the required issuance process.
In its Opinion 1/2025, the Hellenic Data Protection Authority (HDPA) states that displaying the P.A. on ID cards poses risks and must therefore be accompanied by specific mitigation measures.
However, despite the fact that the Greek State proposed certain measures to the HDPA, which were approved as appropriate, it has failed to implement them, thereby exposing citizens to severe risks of identity theft.
For example, one of the proposed measures was the adoption of legal provisions prohibiting private entities from keeping photocopies of ID cards. This legislative step must be paired with coordinated and intensive public awareness campaigns to ensure that citizens know they should not allow copies of their physical ID to be retained.
At the end of its analysis, the HDPA concludes that, since the risks associated with including the P.A. on ID cards remain, once a sufficient period has passed during which mitigation measures are applied and public authorities are equipped with the necessary tools for digital reading of the P.A., the display will no longer be necessary and the obligation to display the P.A. on the ID card should be lifted.
For these reasons, on Friday, June 20, we submitted a formal request (Ref. No. Γ/ΕΙΣ/5621/20-06-2025), urging the HDPA to exercise its powers under Article 58(2)(f) of the GDPR, and impose a temporary restriction on processing, by prohibiting the display of the P.A. on ID cards until the essential mitigation measures are properly in place to address the significant risks arising from this practice.
Our request is available here (only in EL).
Our Joint Action with Reporters United & Vouliwatch: The Cameras at the Polytechnic Threaten Personal Data
On March 29, 2025, the National Technical University of Athens (NTUA) installed surveillance cameras at the Zografou Campus and the Patission Complex without informing the public about its data processing policy for students and staff.
On May 26, 2025, Vouliwatch, Reporters United, and Homo Digitalis jointly submitted a Freedom of Information (FOI) Request to determine whether NTUA complies with the law, the General Data Protection Regulation (GDPR), and other national regulations. A similar request was also submitted by 61 Architecture students.
NTUA may not be fully complying with Articles 12, 13, 35, and 36 of the GDPR, which ensure transparent information for data subjects, data protection impact assessments, and the obligation of prior consultation.
In our request, we explain that NTUA has not responded to student and staff inquiries about how their personal data is being processed, and we request access to the government’s confidential security plan for universities.
In our request to NTUA, we also seek to know who is being recorded by the cameras, where their data is stored, and whether this data is being shared with the Hellenic Police (ELAS).
NTUA has a deadline to respond to our request by June 15, and to the students’ request by June 19. We will continue to monitor the issue and will follow up with further reporting. Our organizations’ FOI request and information provision document is available here.
Developments Regarding the Programmatic Agreement Between the Ministry of Health and Private Entities Concerning the Provision of Newborns’ Genetic Material
There are new developments concerning the significant revelations published by Reporters United in early April, regarding the programmatic agreement between the Ministry of Health and private entities, which involves the provision of newborns’ genetic material for testing purposes and the potential creation of a biobank—as well as the complaint submitted by Homo Digitalis to the Hellenic Data Protection Authority (HDPA) on the matter.
On Friday, May 9, the HDPA issued a press release, stating that it has taken up the case and is awaiting the Ministry of Health’s response to a relevant official document it has sent.
On the same day, the Advisory and Compliance Tools Department of the HDPA, following up on our communication on April 25, informed Homo Digitalis that the case is currently under preliminary investigation, based on Article 57(1)(a) and (h) of the GDPR.
According to these provisions, the HDPA monitors and enforces the application of the GDPR in Greece and may conduct investigations, including those based on information received from other supervisory or public authorities.
To further raise awareness about the challenges arising from the processing of genetic data, our member Anastasios Arampatzis has prepared an article on the 23andMe case in the U.S., describing the events surrounding a major data breach affecting approximately 6.9 million users.
We Submitted a Request to the Hellenic Data Protection Authority (HDPA) to Investigate the Programmatic Agreement Between the Ministry of Health and the Company Real Genix and the NGO Beginnings - Newborn Sequencing Initiative
On Friday, April 11, the newspaper Efimerida ton Syntakton and the network Reporters United revealed the programmatic agreement between the Ministry of Health and the company Real Genix along with the NGO Beginnings – Newborn Sequencing Initiative.
The agreement concerns the privatization of neonatal screening and involves the processing of special categories of personal data, specifically genetic data.
Based on the content of the programmatic agreement, there appears to be insufficient reference to compliance with data protection legislation. The roles of the involved parties are not clearly defined, and there is no information provided to inspire public trust regarding the seriousness with which research projects involving special categories of personal data should be handled.
For this reason, on April 14, we submitted a request before the Hellenic Data Protection Authority (HDPA) to investigate the matter, as significant challenges arise regarding the protection of sensitive personal data under this agreement. You can read our full submission here.
Furthermore, following our request to the Data Protection Authority, on April 15, we sent an electronic letter to the DPO (Data Protection Officer) of the Ministry of Health, in which we call on him to:
A) Inform us of the actions taken in the context of their duties as DPO of the Ministry of Health, specifically regarding this programmatic agreement:
-
Let us know whether they have issued guidance or provided information to the Minister of Health or other relevant departments of the Ministry concerning this agreement;
-
Inform us whether they have provided advice regarding the need for a Data Protection Impact Assessment (DPIA) in relation to this project, either to the Minister or other competent services within the Ministry;
-
Inform us whether they have contacted the HDPA about this programmatic agreement and the associated project.
Additionally, if the DPO has issued any written guidance or communications to the Minister or other Ministry departments in relation to points A1 and A2, we respectfully request access to these documents, in accordance with our right as Greek citizens to access public records, as defined in Article 5(5) of the Code of Administrative Procedure (Law 2690/1999, A’ 45), as currently in force, taking into account the relevant Ministerial Decision of the Minister of the Interior (No. 21797/31-12-2024).
We look forward to receiving the relevant responses.
From Secrecy to Transparency: The Five-Year Battle for the Publication of Police Camera Operation Decisions
Strategic legal action takes time, but its outcomes benefit society as a whole, strengthening public trust in institutions.
In December 2020, Homo Digitalis, in collaboration with Reporters United and The Press Project, formally requested access to the Hellenic Police’s decisions regarding the operation of drones and other portable cameras in public spaces, as stipulated in Article 12 of Presidential Decree 75/2020. Despite the legal obligation to publish these decisions publicly, the police refused access, disregarding the transparency required by law.
A few months later, in May 2021, we filed a joint complaint before the Hellenic Data Protection Authority (HDPA), citing repeated non-compliance by the police—at least 67 times over a short period. The HDPA launched an investigation into the legality of these practices.
In early 2024, we submitted a request for access to HDPA documents to better understand the progress of the investigation. Correspondence between the Hellenic Police and the HDPA revealed that, even as of March 2024, the police continued to argue that Presidential Decree 75/2020 did not require them to publish camera operation decisions, despite the HDPA’s opposing view.
Yesterday, through a report by journalist Giannis Bazaios in Efimerida ton Syntakton, we learned that such a decision had been published on the Hellenic Police’s website. Indeed, upon verification, we found that as of February 17, 2025, the police had changed their practice and begun publishing these decisions as required by law. The report was published today online here.
From the initial refusal in 2020, it took five years for this change to be implemented. We now eagerly await the final decision of the HDPA and the conclusion of its investigation, which will establish a definitive framework for transparency and accountability within law enforcement.
What’s Happening with the 1,000 Smart Policing Devices of the Hellenic Police, Five Years After Our Complaint to the Hellenic Data Protection Authority ?
What is the status of the 1,000 portable smart policing devices used by the Hellenic Police as part of the Smart Policing program, which incorporate artificial intelligence technologies and cost €4 million? (Spoiler alert: the news is not good!)
Journalist Eftychia Soufleri has written a detailed article for NEWS247.gr (THE MAGAZINE) shedding light on the case and highlighting the key actions taken by Homo Digitalis since 2019. Our Executive Director, Eleftherios Chelioudakis, provided statements on behalf of our organization.
Significant Revelations Emerge for the First Time!
According to the report, despite the absence of any legal framework allowing their use, the Hellenic Police:
-
Claims to have been using the devices operationally since 2021, even though the Hellenic Data Protection Authority (HDPA) has been investigating the matter since August 2020 and continues to do so today.
-
Confirms that it fully utilizes the biometric processing capabilities of these devices (facial recognition, fingerprint identification).
-
Validates what was outlined in the 2018 technical specifications document, namely that the devices are used for “preventive policing”, with the collected data potentially being used in the future to establish correlations, conclusions, and predictive analytics.
Awaiting the HDPA’s Decision
We are still awaiting the Hellenic Data Protection Authority’s decision, as its investigation has now lasted over 4 years and 7 months (initiated in August 2020). The situation is escalating rapidly, and the risks to democracy and human rights protection are extremely high.
A big thank you to the journalist for her interest in our work!
You can read the full article here.