The Greek Data Protection Authority (DPA) is poised to make a pivotal decision regarding the legality of advanced surveillance and security systems deployed in Greek refugee camps. The ruling, expected by year-end, will have implications for using artificial intelligence (AI) and biometric-recognition systems in European migration management. The case centers on the Centaur and Hyperion systems, funded by the European Union (EU), which have raised concerns about privacy and human rights violations.
Controversial surveillance and security systems
The Centaur system, a multimillion-euro AI Behavioral Analytics security system, is at the heart of the controversy. Deployed in refugee camps on the Aegean islands, Centaur utilizes algorithms surveillance equipment, including cameras, drones, and sensors, to automatically detect potential threats, notify authorities, and log incidents. The Hyperion system relies on biometric fingerprint data for entry and exit management within the camps. Both systems were scrutinized in March 2022 when civil society organizations and a researcher filed a complaint with the Greek DPA, challenging their legality.
Potential breaches of privacy and human rights
The impending decision by the Greek DPA is likely to highlight significant procedural shortcomings in the deployment of these systems. Key issues include the absence of a data protection officer at the Greek Migration Ministry before the programs’ launch, as well as concerns about whether the programs comply with Greek and European laws, particularly GDPR (General Data Protection Regulation).
Surveillance as a solution
Centaur and Hyperion are emblematic of Greece’s Closed Controlled Access Centers (CCACs) for migrants, which started opening in 2021 with EU funding and oversight. Greek authorities have presented these surveillance systems as solutions to the problems previously faced in makeshift migrant camps. Centaur, in particular, allows authorities to monitor refugee camps extensively, even claiming it’s not a prison but a necessary security measure.
Mixed reactions and EU scrutiny
Despite Greek authorities’ claims, these new camps have been criticized as “prison-like” and a “dystopian nightmare” by some. EU authorities, including the Fundamental Rights Agency (FRA), have expressed concerns about the necessity and proportionality of these measures, recommending less intrusive alternatives. Furthermore, Greece’s deployment of surveillance systems has prompted questions about the role of AI and biometrics in managing migration.
EU funding and border reinforcement
Greece has received substantial EU funding for its border reinforcement projects, particularly for its EU-funded refugee camps. Between 2014 and 2020, funding directed toward borders in Greece increased by 248%, totaling over €1 billion. One institution, the Centre for Security Studies, received €12.8 million in EU funds to develop border technologies, the most among those analyzed.
Legal questions and impact assessments
The Greek DPA’s investigation centers on whether Greece had a legal basis for the data processing required for these systems and whether it followed GDPR-required procedures. This includes conducting data protection impact assessments (DPIAs) before the deployment of surveillance and control systems. These assessments should demonstrate compliance with GDPR and identify and mitigate risks associated with personal data processing.
Early warnings and impact assessment delays
Early warnings about the need for impact assessments were issued by the FRA in June 2021, emphasizing the importance of assessing compatibility with fundamental rights, including data protection and privacy safeguards. However, documents reveal that these assessments were conducted months after the systems were deployed, with some assessments not shared with the EU Commission until January 2022. These delays and omissions have raised concerns about compliance with GDPR.
The EU Commission has asserted that it applies relevant checks and controls but ultimately relies on Greece to ensure compliance with European standards. Critics argue that the EU has funded these initiatives without proper oversight, leading to questions about accountability and transparency. Efforts to obtain information about these systems have been met with resistance, fueling concerns about a lack of transparency.
Mixed impact and safety concerns
The actual impact of these surveillance systems on safety within refugee camps remains a subject of debate. While some residents see them as providing a sense of security, reports indicate that the systems have blind spots and have failed to prevent incidents within the camps. Furthermore, the pervasive surveillance has created an atmosphere of fear and intimidation for both camp residents and staff.
The forthcoming decision by the Greek Data Protection Authority regarding the legality of advanced surveillance and security systems in refugee camps could set a precedent for using AI and biometric systems in migration management across Europe. The controversy surrounding the Centaur and Hyperion systems raises fundamental questions about privacy, human rights, and the need for rigorous impact assessments before deploying such technology in sensitive contexts. As the decision looms, it remains to be seen how Greece and the EU will address these critical issues at the intersection of technology and migration.