Fine of €175,000 on the Greek Ministry of Migration and Asylum for GDPR breaches

Ministry of Migration and Asylum received administrative fine and GDPR compliance order following an own-initiative investigation by the  Data Protection Authority of Greece.

At the end of 2021, the Greek Supervisory Authority (SA) became aware of a decision of the Greek Government regarding the development and implementation of the “Centaur” programme by the Hellenic Ministry of Migration and Asylum in order to control the reception and accommodation facilities of third country nationals on the Aegean islands. 

The Greek SA also received a request for information on border surveillance technologies from the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE Committee), while a request for investigation and opinion on the procurement and implementation of the “Hyperion” and “Centaur” systems in reception and accommodation facilities for asylum seekers was submitted to the Authority by civil society organizations in February 2022.

In July 2022, the Authority also received a letter from the UNHCR Representation in Greece with regard to the above systems.

Having learned of the development and implementation of the “Centaur” and “Hyperion” programmes by the aforementioned Ministry in the premises of the Closed Controlled Access Centers and the Reception and Identification Centers for third-country nationals, the Authority proceeded to examine in-depth the integrated digital system for managing electronic and physical security (“Centaur”) and the integrated entry-exit control system with reader in combination with fingerprint ‒i.e. biometric data processing‒ (“Hyperion”) in the premises of the above-mentioned facilities for guests as well as employees and certified members of non-governmental organizations. 

The Greek SA found a lack of cooperation on the part of the Ministry, as data controller, and further considered that the required Data Protection Impact Assessments carried out by the Ministry were substantially incomplete and limited in scope, and that serious shortcomings remain as regards the Ministry’s compliance with certain provisions of the GDPR in relation to the implementation of the systems in question.

The Greek SA imposed an administrative fine of € 175,000 on the Hellenic Ministry of Migration and Asylum for the breaches found in relation to the cooperation with the Authority and the impact assessments, while at the same time it sent the Ministry an order to comply within three months with its obligations under the GDPR. (source edpb.europa.eu / photo freepik.com)

Comments

Editorial

Editorial
George Kazoleas, Lawyer

Top Stories

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

ECtHR elects a new Vice-President of the Court and two new Section Presidents

A notary does not breach the sanctions against Russia when he or she authenticates the sale of a property owned by an unlisted Russian company (ECJ)

First judgment of the ECHR: Lawless v. Ireland

A national court is not required to apply a decision of its constitutional court that infringes EU law (ECJ)

The name Pablo Escobar may not be registered as an EU trade mark

The banks Crédit agricole and Credit Suisse participated in a cartel in the sector for suprasovereign bonds, sovereign bonds and public agency bonds denominated in US dollars