Ministry of Migration and Asylum – €175,000 Fine (Greece, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Greece's Hellenic Data Protection Authority fined the Ministry of Migration and Asylum €175,000 for using advanced surveillance systems without proper legal justification. This matters because it highlights the importance of transparency and consent when handling personal data, especially in sensitive environments like asylum facilities.
What happened
The Ministry of Migration and Asylum deployed surveillance systems that processed personal data without a valid legal basis.
Who was affected
Asylum seekers and visitors at the Closed Control Facility Centres on the Aegean islands were affected.
What the authority found
The authority ruled that the Ministry did not have a valid legal basis for processing personal data, violating several GDPR requirements.
Why this matters
This ruling emphasizes that even government entities must adhere to data protection laws. It serves as a reminder for all organizations to ensure they have clear legal grounds for any data processing activities.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
At the end of 2021, the Hellenic DPA (HDPA) became aware of the Ministry of Migration and Asylum's (the controller) development and deployment of the "Centaurus" and "Hyperion" Programmes Closed Control Facility Centres for third country nationals on the Aegean islands (Lesvos, Chios, Samos, Leros and Kos). The HDPA also received requests for an investigation and opinion from the LIBE Committee of the European Parliament, as well as from civil society organisations, on the use of the systems in the asylum facilities. The Centaurus project is reportedly an integrated digital system for the management of electronic and physical security around and within the facilities. The controller uses CCTV systems, artificial intelligence behavioral analytics (AI) algorithms and unmanned aerial vehicles to process images and personal data. The Hyperion programme is described as an integrated entry/exit control system, with the purpose of monitoring the entry and exit of the guests and certified members NGOs through the processing of personal data, in particular biometric data. In response to the HDPA's request for explanations of the programmes and their data processing, the controller stated that the legal basis for the Centaurus project's video surveillance was the performance of a task carried out in the public interest or in the exercise of official authority pursuant to Article 6(1)(e) GDPR. It argued that prior alternative protection measures, such as fencing of the property and patrols, were not as effective as video surveillance in dealing with illegal activities. With regard to the use of drone surveillance, the controller stated that they are only used in cases of emergency, such as fire or unrest. It claimed that the retention period of Centaurus system data is 15 days unless an incident is detected, in which case it is kept for up to 1-3 months and that access to data subjects' data is restricted to authorised police users; if copies of footage need to be provided, p
Related Enforcement Actions (0)
No other enforcement actions found for Ministry of Migration and Asylum in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 October 2023
Authority
Hellenic Data Protection Authority
Fine Amount
€175,000
GDPRhub ID
gdprhub-7785About this data
Cite as: Cookie Fines. Ministry of Migration and Asylum - Greece (2023). Retrieved from cookiefines.eu
Last updated: