Greece’s Ministry of Migration and Asylum has actually gotten a substantial EUR175,000 fine for breaking information and personal privacy defense policies in its execution of 2 state-of-the-art security and security systems released in a number of Greek refugee camps.
In a choice released in early April, the Greek Data Protection Authority (DPA) discovered the nation’s migration ministry broke a number of arrangements of the General Data Protection Regulation (GDPR) while introducing the Centaur and Hyperion systems, and stopped working to fulfill its responsibilities as information controller.
Centaur has actually been referred to as an automatic security system that depends on algorithms (expert system behavioral analytics) and hardware, consisting of cams, drones and sensing units, to immediately identify supposed dangers in some refugee camps, notifying authorities in your area and in Athens. The 2nd system, Hyperion, utilizes biometric finger print information to assist in entry and exit from the centers. Both systems are moneyed by the European Union (EU).
A Computer system Weekly examination released in October 2023 exposed major concerns about the roll-out of the programs and evident efforts by the Greek authorities to backpedal into GDPR compliance just after they were released.
The charge follows a two-year examination by the DPA, which was introduced in March 2022 after Greek civil society organisations– consisting of Homo Digitalis, HIAS Greece, and the Hellenic Union for Human Rights, in addition to associate teacher Niovi Vavoula at the University of Luxembourg– asked the authority to analyze the programs’ compliance with information defense guidelines. They likewise asked it to examine whether the Greek migration ministry finished effect evaluations throughout the style and preparation stage of the tasksa requirement under GDPR.
Eleftherios Chelioudakis, co-founder of Homo Digitalis, invited the Greek DPA’s judgment, keeping in mind the EUR175,000 charge is “the biggest ever troubled a [Greek] public body because GDPR entered play”.
‘Incomplete and restricted’ DPIAs
In its choice on 3 April 2024the information defense guard dog discovered that the migration ministry stopped working to perform “total, extensive and meaningful” information defense effect evaluations (DPIAs)”by style and by defaultbefore the procurement and execution of the Centaur and Hyperion programs”, in offense of GDPR. The authority characterised the DPIAs it examined as “significantly insufficient and minimal in scope”.
The migration ministry likewise stopped working to describe the information processing and automated functions of the Centaur program, and to clarify the affiliation of b