On the occasion of the 19th Data Protection Day (28 January), the Hellenic Data Protection Authority (HDPA) held successfully an Information Day entitled “Special Data Protection Issues and New Legislation” at the Athens Chamber of Commerce and Industry.
Opening speeches were given by the Minister of Justice, Mr George Floridis, and the President of the Hellenic DPA, Honorary President of the Council of State, Mr Konstantinos Menoudakos.
In his speech, Μr Floridis highlighted the Ministry’s legislative initiative for the ratification of the Amending Protocol to "Convention 108" of the Council of Europe for the Protection of Individuals with regard to Automatic Processing of Personal Data. Referring to the history of the Convention, the Minister of Justice noted that it "has its origins in 1981, when some pioneers thought about the need for a framework of protection against the automated processing of personal data that they saw coming. Indeed, the pace of development has been shocking. A typical example is artificial intelligence, which is based on the processing of personal and non-personal data, with both positive and negative consequences for humanity. The conclusion drawn when faced daily with these issues is that this ‘battle’ will never end, because the technological progress is such that we are struggling to catch up with it and develop the legal framework". Mr Floridis concluded by stressing that "the Hellenic DPA, without the human and financial resources it should have, is giving a strong fight, making great efforts and carrying out its mission in the best possible way".
Then, President Mr Menoudakos, gave a brief overview of the activities of the HDPA in 2024, stating, inter alia, that "as part of its preventive work, the Authority carries out ex officio audit activities, as well as information and advisory activities. Particular attention is paid to raising children's awareness of the protection of their personal data. In the framework of the European project ‘byDefault’, it has created, in cooperation with the University of Piraeus, an augmented reality game aimed at educating children on how to manage themselves and their relationships in the digital world, with an emphasis on the protection of personal data. On 10 December 2024, these educational materials and the AR game were presented to the Minister of Education, who announced that they would be used in schools as of this year and that they would be further used as of next year". The President of the HDPA also stressed that "during the six and a half years of application of the GDPR, reached in 2024, its contribution to the strengthening of citizens' rights, for which it is a global standard, has become clear. As a general conclusion from the years of application of the Regulation, it is clear that compliance with its rules and, above all, the spirit of the data protection principles is an ongoing exercise for organisations and companies, but also that, despite the rise of new challenges, the GDPR has brought significant results for individuals and companies".
In the first part of the event, which was moderated by the President of the HDPA, Mr Menoudakos, Mr Grigoris Tsolias, lawyer, PhD, Member of the Authority, in his speech entitled "The lifting of the confidentiality of electronic communications in the light of legislation on the protection of personal data", stated, inter alia, that "the provisions of Articles 9A and 19A of the Constitution must be interpreted in the light of European and EU law in the context of a new multi-layered digital constitutionalism, in which several legal systems are harmoniously interwoven, without there being any question of claiming the primacy of one or the other law, nor of opposing each other or claiming superior protection. Such an approach, aiming at a higher level of protection of fundamental rights, leads to the development of a new universal (super)right covering both the confidentiality of electronic communications and the protection of personal data".
In their presentation entitled "The challenges for the protection of personal data in modern Circular Economy environments", the Members of the Authority Christos Kalloniatis, Professor at the Department of Cultural Technology and Communication of the School of Social Sciences of the University of the Aegean and Konstantinos Lambrinoudakis, Professor at the Department of Digital Systems of the University of Piraeus analyzed the challenges presented for personal data in modern circular economy environments. Particular emphasis was placed on the data-driven Circular Economy and modern information technologies supporting circular economy models. Finally, a methodological framework for the analysis of security and privacy requirements was presented, which can be applied in circular economy environments to meet the technical and organizational requirements for the protection of personal data in accordance with the GDPR.
Dr Konstantinos Limniotis, Special Scientist, Head of the Authority’s Department of Research and Studies, in his presentation entitled “Data Protection in the New Digital Identity Wallets in the EU: Prospects and challenges” focused on aspects of the planned ‘wallet’ of digital identity established by the Union legislator in Regulation (EU) 2024/1183, focusing in particular on technical issues related to data protection technologies, and referred to the concerns that have been publicly expressed by the scientific community. The current situation and prospects were also discussed, in particular the use of the wallet to verify the age of users accessing online platforms.
In the second part, moderated by the Deputy President of the Authority, Honorary Judge of the Supreme Court of Civil and Penal Law Georgios Batzalexis, Fay Karvela, Special Scientist of the Authority, Lawyer, in her speech entitled “The Digital Services Act (DSA): Key concepts - Interaction with the GDPR” addressed the Digital Services Act (EU Regulation 2022/2065) and its interaction with the GDPR (EU Regulation 2016/679). She presented the key elements of the Act, its scope, the general principles that govern it, the oversight framework it establishes, as well as the areas where the Act interacts with the provisions of the GDPR.
Then Dr Efrosini Siougle, Special Scientist, Head of the Authority’s Advisory and Compliance Department, who delivered a presentation entitled “Data sharing and re-use in the light of the GDPR”. Dr Siougle focused on recent EU legislation, in particular the Data Governance Act, the Data Act and the Digital Markets Act, addressing the issue of re-use and sharing of business-to-business (B2B), business-to-consumer (B2C) and business-to-public sector (B2G) data based on data protection rules.
The event was closed by Georgia Panagopoulou, Special Scientist, Head of the Authority’s Department of Audits and Security. Her presentation entitled “Protection of personal data in AI systems – Challenges in compliance testing by DPAs – Latest developments” addressed the relationship between data protection and AI systems, explained the conditions under which the GDPR applies to such systems, as well as the specific issues of compliance with the principles of the GDPR, with indicative reference to control points. She also referred to the AI Regulation, described the Authority’s AI-related experience and projects as well as its role in overseeing AI systems.
It is noted that the speakers gave comprehensive answers to the series of questions raised by the audience.
- The event was broadcast live via DIAVLOS live web streaming service operated by the National Network for Infrastructure, Technology and Research.
- Speakers’ presentations (in Greek) are available at https://www.dpa.gr/en/enimerwtiko/ekdiloseis/19i-imera-prostasias-prosopikon-dedomenon.
Department of Communication and Public Relations
