The Centre for European Policy Studies – CEPS working group on Cybersecurity and Artificial Intelligence has published its final study! More than 100 pages of analysis, the result of hard work, are now freely available!

We would like to thank the main authors of the study Lorenzo Pupillo, Stefano Fantin, Afonso Ferreira and Carolina Polito for their excellent collaboration from 2019 to date, as well as for the explicit mention of Homo Digitalis’ contribution to the chapter on privacy and data governance.

Homo Digitalis has been a member of the working group since September 2019 and during this time we have had the opportunity to exchange views and ideas with leading actors by actively participating in meetings, conferences and presentations and promoting the protection of human rights in our field of action.

Our representative in the CEPS Working Group on Cybersecurity and Artificial Intelligence was our co-founding member and secretary of our Board, Lefteris Chelioudakis.

You can read the study here.

A coalition of civil society organisations consisting of Privacy International, Hermes Center, Homo Digitalis and noyb have today, 27/5/2021, filed 5 complaints before the competent authorities in Austria, France, Greece, Italy, Greece and the United Kingdom against Clearview AI, Inc. This company develops facial recognition software and claims to have “the largest known database of more than 3 billion facial images” which it collects from social media platforms and other online sources.

The complaints filed with the relevant authorities, including the Data Protection Authority (No. 3458/27.5.2021), detail how Clearview AI’s automated image collector works. It is an automated tool that visits public websites and collects any images it detects that contain human faces. Along with these images, the automated collector also collects metadata that complements these images, such as the title of the website and its source link. The collected facial images are then matched against the facial recognition software created by Clearview AI in order to build the company’s database. Clearview AI sells access to this database to private companies and law enforcement agencies, such as police authorities, worldwide.

“European law is clear regarding the purposes for which companies can use our data,” says Ioannis Kouvakas, a lawyer at Privacy International. “Mining our facial features or sharing them with the police and other companies far exceeds our expectations as internet users.”

“It seems that Clearview mistakenly believes that the internet is a public forum from which anyone can grab whatever they want,” adds Lucie Audibert, a lawyer at Privacy International. “This perception is completely wrong. Such practices threaten the open nature of the internet and the countless rights and freedoms it encompasses.”

The relevant authorities now have 3 months to respond to our complaints. We expect them to cooperate and jointly decide that Clearview AI’s practices have no place in Europe.

Clearview AI became internationally known in January 2020 when a New York Times investigation revealed its practices, which until then had been shrouded in a veil of mystery. The 5 complaints filed add to a series of investigations launched following these revelations.

“Just because something is on the internet does not mean that others can use it in any way they wish. The Data Protection Authorities need to take action,” says Alan Dahi, a privacy lawyer at noyb.

Other reports made it known that Clearview AI had developed partnerships with law enforcement authorities in several European countries. In Greece, following questions submitted by Homo Digitalis, the Greek police have officially stated that they have not used the services of this company. “It is important to intensify the control. Data Protection Authorities have strong investigative powers and we need a
coordinated response to such collaborations between public and private entities,” says Marina Zacharopoulou, a lawyer and member of Homo Digitalis.

Because of its intrusive nature, the use of facial recognition technology, and especially the business models based on it, raises significant challenges for modern societies and the protection of our freedoms. Last month, the Italian Data Protection Authority stopped the use of live facial recognition by police authorities. “Facial recognition technologies threaten our lives both online and offline” says Fabio Pietrosanti, President of Hermes Center.

People living in Europe can ask Clearview AI if their face is in the company’s database and demand that their data be deleted. Privacy International has outlined the relevant steps in detail here.

Of course, support for the European #ReclaimYourFace initiative, which aims to end mass biometric surveillance in public places, is also important.

You can read more in the respective informative articles posted by Privacy International, noyb and Hermes Center.

You can read the complaint here.

Today, a petition was filed before the President of the Hellenic Data Protection Authority (Hellenic Data Protection Authority), Mr. Menoudakos, by Homo Digitalis, Reporters United and The Press Project (No. Prot. G/EIS/3129/12-05-2021), in which at least sixty-four (64) violations of the provisions of the legislation concerning the use of portable cameras in public places are complained of by the Hellenic Police (Hellenic Police). At the same time, the organizations are requesting that the HACCP exercise its investigative, corrective and advisory powers on this important issue.

In particular, in accordance with the provisions of Article 12 para. 2 of Decree 75/2020, the Hellenic Police, as the controller, must each time before the operation of a surveillance system in a public place, issue and notify the decision to operate this system at least on its website, specifying obligatorily: a) the time of activation, b) the duration of its operation, c) the range of its operation, d) its specific characteristics, and e) the justification of the feasibility of its use.

However, the Hellenic Police has not complied with the obligation to publish on its website the decisions to operate the surveillance systems it uses in public places. On the contrary, in breach of its statutory obligations, the Hellenic Police Service has consistently confined itself to publishing a simple notice on its website, which indicates only the number of each operating decision, the duration of operation of the surveillance systems and their place of operation in a general and vague manner.

In other words, that notice does not communicate the content of the operating decision and does not make any reference to the important information required by Article 12(1)(b). 2 of Decree 75/2020, namely the scope of operation of the surveillance system, its specific characteristics and the justification for its use. This last element is particularly important in the context of the principle of lawfulness of processing, as Article 5 of Decree 75/2020 requires that there are sufficient indications that specific criminal offences are being or will be committed in the public place in question and that there is a reasonable belief that there is a serious risk to public security.

Moreover, the EL.AΣ. denies access to these operating decisions even after filing requests for access to documents that citizens and members of the organizations Homo Digitalis, Reporters United and The Press Project had brought before it in December 2020. Therefore, it is obvious that the EL.AΣ. manages these operating decisions as confidential documents that it does not publish and to which it does not allow access, in violation of the provisions of Article 12 para. 2 of Presidential Decree 75/2020.

We consider these practices to be illegal and undermine the protection of personal data and the relevant safeguards provided for in the Legislative Decree 75/2020 within just a few months of its entry into force (September 2020). We therefore denounce the violations before the DPA, and request the latter to fully exercise its investigative, corrective and advisory powers.

The full text of our petition is available here.

Read more on the websites of Reporters United and The Press Project!

If you want to learn more regarding the use of intrusive technologies such as drones, cameras and facial recognition technologies in public spaces you can visit the European Citizens’ Initiative’s #ReclaimYourFace page and sign our campaign! Say a resounding yes to protect public space from intrusive biometric surveillance technologies!

Today, Tuesday 6 April 2021, Homo Digitalis and Sarantaporo.gr submitted joint proposals to the open consultation of the National Telecommunications and Postal Commission (EETT). The consultation concerns the determination of the location of the Terminal Network Point.

If you want to know why the location of the Network Termination Point is important for all internet users in Greece, you can read the very interesting and detailed article by ELLAK.

In essence, it is about the freedom to choose a router in Greece.

With their positioning Homo Digitalis and Sarantaporo.gr stress that end users should have the right to use terminal equipment of their choice.

The same position is supported by the Open Technologies Organisation – ELLAK, the Consumer Association EKPIZO, as well as the European organisation FSFE with the submission of respective proposals.

The positions of Homo Digitalis and Sarantaporo.gr are available here.

Proposals can be submitted until Friday 7 May at 15.00. If you want to support the freedom of router choice in Greece, you can read the EETT call and submit your proposals.

Homo Digitalis and Sarantaporo.gr have been working together for more than a year to lay the foundations to combat the digital exclusion of remote areas and communities of our country from the internet and digital services and at the same time to give citizens the opportunity to be informed and educated about modern networking technologies and the safe and effective use of the internet.

On June 15th Privacy International launched its campaign #NotOnOurWatch with regards to the acquisition  of FitBit by Google.

FitBit’s devices collect a great amount of sensitive personal data of their users. If Google manages to fulfil its goal and acquires  Fitbit, it will gain access to yet another significant user database, strengthening even more its position in the European and global market. In addition, the big amount of information that will be owned by Google, will help the company form  a complete impression of its users and every part of their daily life.

Along with the organizations Access Now, ARTICLE 19, European Digital Rights – EDRi and Idec – Instituto Brasileiro de Defesa do Consumidor,  Homo Digitalis supports the campaign by Privacy International #NotOnOurWatch.

Individuals and Organizations can support the campaign for free in one simple step, by co-signing the open letter towards the European Commission!

Find more about the campaign here.

Sign the open letter and support the campaign for free here.

We evaluated the applications we use with the CAP-A tool

With the pandemic of Covid-19 expanding uncontrollably, we were forced, in a short time, to get acquainted and make part of our daily life applications that we did not know before, such as Skype for Business, Zoom or MS Teams in order to facilitate our work even our social and personal contacts.

At the same time, we continue to use social networking platforms to communicate with relatives and friends while we or our children play online games.

Have we ever wondered how many of the applications we use every day respect the privacy of their users and whether the General Data Protection Regulation (GDPR) is properly implemented?

Why, for example, do these applications request access to our contact list and photo album? Is it always necessary to access our microphone and our exact location?

Recently, the Information Systems Laboratory of the Institute of Computer Science of the Foundation for Research and Technology (FORTH) on the occasion of the CAPrice initiative approached HomoDigitalis in order to create an “awareness movement” about the consequences that digital technologies may have on privacy.

The aim is to create a community open to all in which active citizens will participate, without necessarily specialized knowledge in technology, but with a willingness to seek and apply practical solutions to privacy issues.

To make this possible, the CAP-A Portal platform was used, which among other things provides a Privacy Policy Document Annotator. This platform was developed by the Institute of Informatics of FORTH in collaboration with the company IN2 and in the framework of the European project CAP-A funded by NGI-Trust. The Annotator gives the user the opportunity to point out and comment on specific points of the terms of use and the Privacy Policy assessing compliance with the Regulatory Framework for the protection of our digital rights.

Through this platform, members of HomoDigitalis undertook to evaluate and comment on the Privacy Policy or applications known to all of us, such as Facebook, Instagram, Skype, Messenger, WhatsApp, Google Meet, Google Chrome, Slack, Trello, Asana and even games like League of Legends or Call of Duty based on specific criteria set by the platform!

Thus, the first two pilots of FORTH ran in collaboration with Bora and Safer Internet for Internet for kids but also the valuable contribution of Homo Digitalis.

In this photo you can see what licenses the viber users give, how many users have evaluated the application, how many annotations have been made and how many related articles they have linked.

The ultimate goal was to propose solutions to privacy issues that concern us on a daily basis, as due to the large scope and difficult content of the Privacy Policy, most – especially those unfamiliar with privacy issues – give our “blank check” for the processing of our data without having exactly understood what it consists of, for what purposes it is carried out and what exactly the creator of each application seeks from it.

For example, when we click “I agree to the Terms and Conditions” without of course having read them, do we know that we consent to the application having access to our contacts, our location and even the microphone or camera of our device?

The information collected from the use of the platform is used to export and configure statistics regarding the “friendliness” of applications related to the protection of user privacy and the formation of a secure internet that respects our rights.

The trust shown to us by FORTH, the largest research institution in Greece, and the Cap-A team, honors us and pushes us to act collectively once again, in order to form a pillar of important developments for the shaping of modern digital affecting a number of rights and freedoms in the digital space.

Note: The CAP-A application is also available in the Play Store for Android Software, thus making it possible for more users to use the application and to evaluate applications that they use on a daily basis.

See here how you too can evaluate the applications you use and thus contribute to enhancing the privacy of all of us!

The HomoDigitalis team involved in the project consisted of the following members: Elpida Vamvaka, Adamantia Volikou, Eva Davaki, Marina Zacharopoulou, Stefanos Tampis, Stergios Konstantinou, Antigoni Logotheti, Mariliza Baka, Magdalini Skondra, Lefteris Stavra

Sources:

1. https://www.caprice-community.net/
2. https://saferinternet4kids.gr/nea/cap-a/
3. https://cap-a.eu/new-cap-a-pilot-bora-business-apps/
4. https://cap-a.eu/portal/#stats2.2

On 16 and 17 June, the United Nations Special Rapporteur on contemporary forms of racism, racial discrimination, xenophobia and related intolerance, Ms. E. Tendayi Achiume, organised a meeting of experts in the context of her report on Race, Borders and Digital Technologies. The meeting was co-organised with the University of California, Los Angeles (UCLA) and particularly the “UCLA Law Promise Institute for Human Rights” and the “UCLA Center for Critical Internet Inquiry.”

Eleftherios Chelioudakis represented Homo Digitalis at the two-day meeting of experts and gave a presentation on the positions of our organisation, as reflected in the relevant memorandum we had submitted, as well as the technologies used in the field of border guarding at European level.

It was a great honor for Homo Digitalis to be present at this two-day meeting and to exchange ideas and views with the UN Special Rapporteur as well as with the outstanding participants. We would like to warmly thank the Special Rapporteur, Ms. E. Tendayi Achiume, for the interest she showed in our written proposals and presentation, as well as for the opportunity she gave us to participate in the meeting she organised.

It is worth noting that the meeting was attended by leading universities and civil society organisations from around the world, such as University College London, the T.M.C. Asser Instituut, Queen Mary University of London, Lunds Universitet, University of Exeter, Berkeley, Georgetown University, Yale, Harvard, University of Toronto, EDRi, and Privacy International, among others.

On Friday February 26th , Konstantinos Kakavoulis presented on behalf of Homo Digitalis the risks to citizens’ privacy that have arisen so far in the pandemic.

The presentation was given at the 5th Data Privacy and Law Forum [link in Greek] which was organized with great success by Palladian Conferences.

Notable professionals and academics took part in the conference which was organized under the auspices of Homo Digitalis.