Four hundred to five hundred complaints are made annually to the Personal Data Protection Authority for illegal processing of citizens’ personal data, while to this number are added another 950-1,000 corresponding liability cases of the competent Electronic Crime Prosecution Directorate of the Hellenic Police, which often investigates them in collaboration with other government agencies. A total of 1,500 cases of theft of personal data concern the competent authorities of our country every year. Of these, of course, most concern the promotion of products and services, while private economy, financial and video surveillance issues follow.
Thus, the trading of personal data seems to be taking on increasingly large dimensions, with typical cases currently being investigated by the authorities. Some of them; The theft of data of more than 515,000 patients from an Athens hospital a year ago. The unsolved theft in September 2020 of the details of approximately 3,000,000 mobile phone provider customers (without the perpetrators being found to date). The interception by hackers of the data of those dealing with ELTA in March 2022, even asking for a “ransom”. The provision of data by the Taxis system – with the involvement of tax officials – on the places of residence of Greek citizens in order to be targeted by organized crime or “guerrilla city” organizations. And the above are just some of the cases of sale and harmful or even dangerous use of the… wanted personal data of citizens.
Embodied in 18 different ways
According to relevant analyzes of the European Data Protection Board, today there are 18 ways of stealing personal data and this through a cyber attack on computer systems, where malicious software intercepts personal data, by extracting professional data from a former employee, by stealing hardware with stored relevant data, theft identity etc. Indicative of the above are the cases abroad with the recording by strangers of all the data of tens of millions of citizens from the computer systems of Mastercard, My FitnessPal (Under Armor), E-bay, Adobe, LinkedIn, from real estate companies, etc.
Billions of files were released into the… air
In January 2024, the leak of 26 billion files of popular online platforms such as X (formerly Twitter), Dropbox, Linkedin, MySpace, etc., as well as Chinese cyber giants Weibo and Tencent, was revealed. In fact, more than two billion files were leaked from the two Chinese companies alone.
Characteristic are the actions of the Personal Data Protection Authority in recent months, which imposed a fine of 50,000 euros – after an emergency on-site inspection – on the Athens Urban Transport Organization (OASA) regarding the protection of personal data processed in the context of the Automatic System Komistrou Collection (ASSSK), i.e. our well-known “electronic ticket”. Also, in a case that seems to have similarities with that of ND MEP Anna-Michel Asimakopoulou, the Authority requested on June 12, 2023 immediate compliance of a private company that had sent “promotional” e-mails without prior special consent of the recipients of the messages. For its part, the company involved in the matter responded in general that it had collected business cards from which it obtained contact information for sending the messages in question.
According to documents from the Personal Data Protection Authority, more than 170 complaints were submitted in 2022 alone, which concern the making of unsolicited electronic communications via messages (e-mail or SMS) for the purpose of promoting products or services. In addition, a few weeks ago the said Authority investigated a complaint by a former employee according to which data from the geolocation system operating in a vehicle provided by the employer was used to locate the employee during his leave!
And complaints about the district office!
However, in the same Authority’s latest comprehensive report on the safeguarding of personal data, certain typical cases from the growing trade in personal data are mentioned.
Indicatively, it is mentioned, among others, the imposition of a fine on… a council office following 36 complaints from citizens regarding “unsolicited promotional communication by sending short text messages (SMS)”. Two service providers were also fined 150,000 euros after numerous SIM-swaps of subscribers by malicious third parties were found.
#treasure #personal #data