metadata
language:
- en
license: apache-2.0
tags:
- sentence-transformers
- sentence-similarity
- feature-extraction
- generated_from_trainer
- dataset_size:1580
- loss:MatryoshkaLoss
- loss:MultipleNegativesRankingLoss
base_model: BAAI/bge-m3
widget:
- source_sentence: How can the duties of a member end?
sentences:
- >-
**Court (Civil/Criminal):**
Provisions: Articles 8 of Law 2251/1994, Articles 2, 4, 48 et seq. of
Law 4537/2018, Article 11 paragraph 1 of Law 4261/2014, Articles 830,
806, 827, 914, 932 of the Civil Code and 176 of the Code of Civil
Procedure.
Time of commission of the act:
Outcome (not guilty, guilty):
Rationale: Electronic fraud through the method of phishing. A third
party fraudulently obtained money from the plaintiff's bank account and
transferred it to another bank account. Both the defendant is liable for
the inadequate protection of its systems, which should have been
excellent, and the plaintiff who failed to fulfill his obligation to
protect his information and disregarded the defendant's security
instructions. Law 4537/2018 introduces mandatory law in favor of users,
as according to Article 103, payment service providers are prohibited
from deviating from the provisions to the detriment of payment service
users. It is determined that a resumption of the discussion should be
ordered in order to provide all possible evidence, with diligence from
both parties, especially from the defendant, who has access to the
transaction data through its systems, but also bears the relevant burden
of proof concerning the exact timing of the execution of the money
transfer order at each stage (withdrawal from the plaintiff's account,
transfer to another bank, transfer to the third party's account).
Facts: The plaintiff maintains a joint bank account with his wife at the
defendant bank and has also agreed to online banking transactions
(e-banking). On July 31, 2020, at 13:45, the plaintiff was informed of a
transfer of €3,000 from his account, which he had not initiated, nor had
his wife. At 14:05, he immediately contacted the bank’s customer service
line and reported the incident, stating that it was not his action and
requesting its cancellation. The bank employee found that the plaintiff
had provided his details to a fake website 10 days earlier, and
subsequently, the mobile number used for transaction confirmations had
been changed. The employee informed him that the money was at the other
bank and that they would logically be able to retrieve it, provided it
had not already been transferred to a third party's account. Since then,
the plaintiff has not seen any return of the amount to his account, and
he has made numerous attempts to resolve the issue with the bank, with
effort, costs, and distress; however, nothing was achieved, as the money
had already entered a third party's account and the defendant denied
responsibility for the transfer of the funds.
Facts: The plaintiff maintained a joint account with his wife at a bank
and used internet banking services. On July 21, 2020, a third party
deceived the plaintiff through phishing (a misleading SMS with a link),
obtaining his banking credentials. The third party, using the stolen
information, requested a phone number change for receiving OTP (one-time
password) and completing electronic transactions. The bank completed the
change process based on the correct credentials. On July 31, 2020, a
transfer of €3,000 was made from the plaintiff's account to a third
party. The plaintiff was immediately informed, called the bank, and
reported the fraud; however, the recovery of the funds was not
successful. The plaintiff claims that the bank is responsible for
inadequate protection of its systems, while the bank asserts that it
followed the procedure based on the agreed identification methods.
The court recognizes that there is responsibility on both sides: the
bank for inadequate security and prevention of phishing, and the
plaintiff for negligence in safeguarding his personal information,
despite the bank's relevant warnings. A critical issue is the exact
timing of the completion of the transfer: if the bank was timely
notified of the fraud but did not intervene, it may be fully liable. The
court requests a resumption of the discussion and further evidence,
mainly from the bank, which has access to the relevant technical
details.
- >-
Email phishing is a type of identity theft scam conducted via email or
SMS. The attacker uses social engineering tactics such as impersonating
trusted entities and inducing urgency. Victims are tricked into
disclosing personal information or downloading malware.
Scenarios:
- Scenario 1: Emails impersonating high-ranking executives accuse
victims of crimes to coerce them into revealing information or opening
malware-laden attachments.
- Scenario 2: Emails/SMS from fake banks or authorities alert victims of
data breaches, directing them to spoofed websites to input credentials.
- Scenario 3: SMS messages deliver disguised malware apps that harvest
sensitive data.
- Scenario 4: SMS links lead to pharming sites that mimic trusted brands
and steal login data through fake pop-ups.
- >-
1.Member States shall provide for each member of their supervisory
authorities to be appointed by means of a transparent procedure by: —
their parliament; — their government; — their head of State; or — an
independent body entrusted with the appointment under Member State law.
2.Each member shall have the qualifications, experience and skills, in
particular in the area of the protection of personal data, required to
perform its duties and exercise its powers.
3.The duties of a member shall end in the event of the expiry of the
term of office, resignation or compulsory retirement, in accordance with
the law of the Member State concerned.
4.A member shall be dismissed only in cases of serious misconduct or if
the member no longer fulfils the conditions required for the performance
of the duties.
- source_sentence: What is covered under point (i)?
sentences:
- >-
1.The Member States, the supervisory authorities, the Board and the
Commission shall encourage the drawing up of codes of conduct intended
to contribute to the proper application of this Regulation, taking
account of the specific features of the various processing sectors and
the specific needs of micro, small and medium-sized enterprises.
2.Associations and other bodies representing categories of controllers
or processors may prepare codes of conduct, or amend or extend such
codes, for the purpose of specifying the application of this Regulation,
such as with regard to: (a) fair and transparent processing; 4.5.2016 L
119/56 (b) the legitimate interests pursued by controllers in
specific contexts; (c) the collection of personal data; (d) the
pseudonymisation of personal data; (e) the information provided to the
public and to data subjects; (f) the exercise of the rights of data
subjects; (g) the information provided to, and the protection of,
children, and the manner in which the consent of the holders of parental
responsibility over children is to be obtained; (h) the measures and
procedures referred to in Articles 24 and 25 and the measures to ensure
security of processing referred to in Article 32; (i) the notification
of personal data breaches to supervisory authorities and the
communication of such personal data breaches to data subjects; (j) the
transfer of personal data to third countries or international
organisations; or (k) out-of-court proceedings and other dispute
resolution procedures for resolving disputes between controllers and
data subjects with regard to processing, without prejudice to the rights
of data subjects pursuant to Articles 77 and 79
3.In addition to adherence by controllers or processors subject to this
Regulation, codes of conduct approved pursuant to paragraph 5 of this
Article and having general validity pursuant to paragraph 9 of this
Article may also be adhered to by controllers or processors that are not
subject to this Regulation pursuant to Article 3 in order to provide
appropriate safeguards within the framework of personal data transfers
to third countries or international organisations under the terms
referred to in point (e) of Article 46(2). Such controllers or
processors shall make binding and enforceable commitments, via
contractual or other legally binding instruments, to apply those
appropriate safeguards including with regard to the rights of data
subjects.
4.A code of conduct referred to in paragraph 2 of this Article shall
contain mechanisms which enable the body referred to in Article 41(1) to
carry out the mandatory monitoring of compliance with its provisions by
the controllers or processors which undertake to apply it, without
prejudice to the tasks and powers of supervisory authorities competent
pursuant to Article 55 or 56
5.Associations and other bodies referred to in paragraph 2 of this
Article which intend to prepare a code of conduct or to amend or extend
an existing code shall submit the draft code, amendment or extension to
the supervisory authority which is competent pursuant to Article 55. The
supervisory authority shall provide an opinion on whether the draft
code, amendment or extension complies with this Regulation and shall
approve that draft code, amendment or extension if it finds that it
provides sufficient appropriate safeguards.
6.Where the draft code, or amendment or extension is approved in
accordance with paragraph 5, and where the code of conduct concerned
does not relate to processing activities in several Member States, the
supervisory authority shall register and publish the code.
7.Where a draft code of conduct relates to processing activities in
several Member States, the supervisory authority which is competent
pursuant to Article 55 shall, before approving the draft code, amendment
or extension, submit it in the procedure referred to in Article 63 to
the Board which shall provide an opinion on whether the draft code,
amendment or extension complies with this Regulation or, in the
situation referred to in paragraph 3 of this Article, provides
appropriate safeguards.
8.Where the opinion referred to in paragraph 7 confirms that the draft
code, amendment or extension complies with this Regulation, or, in the
situation referred to in paragraph 3, provides appropriate safeguards,
the Board shall submit its opinion to the Commission.
9.The Commission may, by way of implementing acts, decide that the
approved code of conduct, amendment or extension submitted to it
pursuant to paragraph 8 of this Article have general validity within the
Union. Those implementing acts shall be adopted in accordance with the
examination procedure set out in Article 93(2)
10.The Commission shall ensure appropriate publicity for the approved
codes which have been decided as having general validity in accordance
with paragraph
11.The Board shall collate all approved codes of conduct, amendments and
extensions in a register and shall make them publicly available by way
of appropriate means.
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Reasoning:** Claim for compensation and monetary satisfaction due to
moral damage against a mobile phone company and a credit institution
within the framework of inadequate fulfillment of a payment services
contract for "web banking." Appropriate actions for mobile phone
companies in case of a request for a "sim" card replacement due to wear
or loss. They must verify the customer's identity based on the personal
details and identification information registered in their system but
are not liable for any changes in the latter that were not timely
communicated to them. Further security measures such as phone
communication or sending an SMS to the mobile number holder are not
required. Payment services under Law 4357/2018. Obligation of the
payment service provider, such as banks, to inform the payer after
receiving a relevant order for making a payment. The content of this
varies per case, such as sending a personalized code to the user's
mobile phone for transaction approval, as well as sending an email
immediately after its completion. However, the bank is not liable for
customer damage resulting from illicit electronic transactions due to
third-party interception of either the access codes for electronic
banking transactions or the sim card and the phone number to which the
personalized codes for approving the aforementioned transactions are
sent, within the framework of increased security protocols. Appropriate
actions by banks upon diagnosing illicit banking transactions that may
be fraudulent. Relevant criteria for consideration. The evidence did not
indicate negligent and thus tortious behavior from all defendants. The
claim is dismissed.
**Facts:** In the present claim, upon due assessment of its content, the
plaintiff states that he has a mobile phone subscription with the first
defendant, a mobile phone company. On October 26, 2020, in the morning,
he realized that his mobile phone was offline, and by noon, he received
email notifications from Bank .......... and ............ (whose third
and fourth defendants are de facto universal successors, respectively),
with which he holds an account, regarding transactions he had made. From
phone calls from his home phone to Bank .............. and ............
Bank, he was informed that on the same day, in a very short period, four
money transfers had been made from the account he maintains at Bank
.............., specifically, an amount of €15,000 was transferred to
the account mentioned in the claim document under the name ...........,
at ........ an amount of €15,000 was transferred to the account
mentioned in the claim document under the name ......... at ...........
Bank, an amount of €15,000 was transferred to the plaintiff's account
with his daughter as a co-holder at ......... Bank, and an amount of
€6,700 was transferred from another of his accounts to the account from
which the transfer to the aforementioned accounts of €45,000 was made.
Additionally, from the plaintiff's account with his daughter as a
co-holder at .......... Bank, an amount of €9,999 was transferred to an
account under the name of .... . He attempted to log into the online
banking service of Bank ......... from his home computer, but found that
the service was locked, while regarding the corresponding service of
........... Bank, he requested alongside his daughter to 'lock' it. In a
phone call with the call center of Bank ............, he was informed
about the locking of his electronic account in the online banking
service and was told to dispute the transactions, which he did
immediately through ... banking, while his daughter communicated about
this with ....... Bank. The transfer to the account with the beneficiary
was canceled, and the amount of €15,000 was returned to the plaintiff.
After his investigation, he discovered that an unknown individual
appeared at the branch of the first defendant, served by the second
defendant, who posed as the plaintiff and presented a forged military ID
card of the plaintiff, requesting and receiving a new sim card,
resulting in the deactivation of the plaintiff's sim card and gaining
access to the codes sent to him by the banks for completing the
transfers. Due to the negligence of the second defendant, he did not
realize that the identity used was forged, as since 2010, when the
plaintiff retired, he has had a police identification card. The first
defendant does not have security protocols to prevent such incidents,
which constitute the sim .... method, despite the issuance of a press
release from the Attica Security and numerous publications regarding the
aforementioned method, unlike other mobile phone companies, which
implement a specific procedure for changing sim cards. The second
defendant did not take the obvious step to check the functioning of the
sim card before replacing it, where he would have realized that the
plaintiff's mobile phone was functioning normally. Bank .......... and
........... Bank: a) accepted requests for transferring large amounts of
money from accounts that had no similar activity in the past, while the
plaintiff's online banking account with the above banks was locked quite
some time later, b) sent email notifications regarding successful
transactions in succession, under a single email, c) did not check the
address ... of the perpetrators, which was different from that used by
the plaintiff, and d) did not take necessary security measures to
prevent fraud via sim ... against the plaintiff, as the security code
(pin) sent by the banks via message to the mobile phone proved to be
compromised. As a result of the above illegal and culpable behavior of
the defendants, the plaintiff suffered property damage amounting to a
total of €24,999, which constitutes the total amount of the transfers
made by third unknown persons to accounts of unknown individuals, as
stated above, and has not been refunded despite his repeated inquiries,
while he also suffered distress and mental anguish, and his trust in the
banks was shaken, thus entitling him to monetary compensation for his
moral damage, amounting to €5,000.
- >-
Any processing of personal data in the context of the activities of an
establishment of a controller or a processor in the Union should be
carried out in accordance with this Regulation, regardless of whether
the processing itself takes place within the Union. Establishment
implies the effective and real exercise of activity through stable
arrangements. The legal form of such arrangements, whether through a
branch or a subsidiary with a legal personality, is not the determining
factor in that respect. 4.5.2016 L 119/4 Official Journal of the
European Union EN
- source_sentence: On what date did the defendant file the motion?
sentences:
- >-
In order to enhance compliance with this Regulation where processing
operations are likely to result in a high risk to the rights and
freedoms of natural persons, the controller should be responsible for
the carrying-out of a data protection impact assessment to evaluate, in
particular, the origin, nature, particularity and severity of that risk.
The outcome of the assessment should be taken into account when
determining the appropriate measures to be taken in order to demonstrate
that the processing of personal data complies with this Regulation.
Where a data-protection impact assessment indicates that processing
operations involve a high risk which the controller cannot mitigate by
appropriate measures in terms of available technology and costs of
implementation, a consultation of the supervisory authority should take
place prior to the processing.
- >-
Court (Civil/Criminal): Criminal
Provisions: Article 42 paragraphs 1, 2, 3, and 7 of Law 4557/2018
Time of commission of the act:
Outcome (not guilty, guilty):
Reasoning: Obligation of the payment service provider, such as banks, to
inform their contracting customer after receiving a relevant order for a
payment to be made on their behalf. Content of the above notification at
the stage of receiving the payment order and during its execution. Terms
of liability for the provider regarding compensation for non-execution,
erroneous, or delayed execution of payment transactions. In particular,
in the case of an unauthorized or erroneous payment, the user is
required to notify the provider within a specified timeframe as soon as
they become aware of the corresponding transaction. The provisions of
Law 4357/2018 establish mandatory legal regulations in favor of users of
payment services and cannot be contractually modified to their
detriment, but only to their benefit. Defenses available to payment
service providers to relieve them of liability. Burden of proof
distribution between the parties. This responsibility of banks may also
stem from Law 2251/1994, as they provide services to the public and are
considered suppliers. Conditions for supplier liability under the
aforementioned legislation. Distribution of the burden of proof between
the litigants to demonstrate liability for compensation under Law
2251/1994. Terms of concurrency between contractual and tort liability
for compensation. The court partially accepts the lawsuit.
Facts: On 01/09/2021, an unknown perpetrator sent an email to her from
the electronic address “...............”, in which they stated that for
security reasons she needed to confirm her account with the bank .......
Not realizing that it was a scam, she followed the attached hyperlink,
entered her personal information, resulting in an unknown perpetrator
intercepting her online banking credentials and making a transfer
totaling 7,000.00 euros to account number ................ of the bank
.........
C) The beneficiary of the aforementioned account is ......... born on
16/05/1995 in the Municipality of ........., residing at ..............,
with ID number .................... issued on 02/10/2009 by T.A
.............. and tax number ............. from the tax office
...................
D) The criminal proceeds reportedly arising from the above criminal
activity amount to a total of seven thousand euros (7,000.00€).
Following the above, serious suspicions arise that the aforementioned
criminal proceeds transferred to the aforementioned bank account were
unlawfully appropriated by her and subsequently mixed with other legally
held assets, which she used in her overall economic activities, aiming
to launder them, thus concealing their true origin and making it
impossible for them to be seized. Therefore, there are reasonable
suspicions that the aforementioned individual committed not only the
primary offense but also the criminal act of “Money Laundering” (Article
2 §1 a, d of Law 4557/2018, in conjunction with Article 4 subparagraph z
of the same law as it stands, as well as Article 39 paragraph 1
subparagraphs a & c of the same Law 4557/2018). Because there are
serious suspicions that the bank account numbered .......... maintained
at the bank ....................., whose beneficiary is ..... (Tax ID
....................), contains part of the monetary amount from the
aforementioned criminal activity that was placed behind banking secrecy
to conceal its true origin and ultimately to launder it. Because, in
this case, part of the criminal proceeds has been found while the
remainder has not been found in its entirety, there is a lawful reason
and an urgent case for prohibiting the sale or any other transfer of the
following assets, given that they are subject to seizure and forfeiture
according to Articles 40 and 42 of Law 4557/2018 as they currently
stand.
- >-
1.The data protection officer shall have at least the following tasks:
(a) to inform and advise the controller or the processor and the
employees who carry out processing of their obligations pursuant to this
Regulation and to other Union or Member State data protection
provisions; (b) to monitor compliance with this Regulation, with other
Union or Member State data protection provisions and with the policies
of the controller or processor in relation to the protection of personal
data, including the assignment of responsibilities, awareness-raising
and training of staff involved in processing operations, and the related
audits; (c) to provide advice where requested as regards the data
protection impact assessment and monitor its performance pursuant to
Article 35; (d) to cooperate with the supervisory authority; (e) to
act as the contact point for the supervisory authority on issues
relating to processing, including the prior consultation referred to in
Article 36, and to consult, where appropriate, with regard to any other
matter.
2.The data protection officer shall in the performance of his or her
tasks have due regard to the risk associated with processing operations,
taking into account the nature, scope, context and purposes of
processing. Section 5 Codes of conduct and certification
- source_sentence: >-
What should the processing of personal data by public authorities comply
with?
sentences:
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Rationale:**
**Facts:**
The plaintiff holds credit card number ............ with the defendant
banking corporation. Based on the application for alternative networks
dated 19/7/2015 with number ......... submitted at a branch of the
defendant, he was granted access to the electronic banking service
(e-banking) to conduct banking transactions (debit, credit, updates,
payments) remotely. On 30/11/2020, the plaintiff fell victim to
electronic fraud through the "phishing" method, whereby an unknown
perpetrator managed to withdraw a total amount of €3,121.75 from the
aforementioned credit card. Specifically, the plaintiff received an
email at 1:35 PM on 29/11/2020 from sender ...... with address ........,
informing him that due to an impending system change, he needed to
verify the mobile phone number linked to the credit card, urging him to
complete the verification process within the next 24 hours by following
a link titled ........; otherwise, his account would be locked for
security reasons. The plaintiff read this email on the afternoon of 30
November 2020 and, believing it was from the defendant, followed the
instructions and proceeded via the provided link to a website that was
identical (a clone) to that of the defendant. On this page, he was asked
to enter the six-digit security code (.........) that had just been sent
to his mobile phone by the defendant at 3:41 PM, with the note that it
was an activation code for his ........ card at ........., which he
entered.
Subsequently, the plaintiff received, according to his statements, a new
email (not submitted), which requested him to enter the details of the
aforementioned credit card, specifically the name of the cardholder and
the card number, not the PIN, which he also entered, convinced that he
was within the online environment of the defendant. Then, at 3:47 PM, he
received a message on his mobile phone from the defendant containing the
exact same content as the one he received at 3:41 PM, while at 3:50 PM
he received a message stating that the activation of his ......... card
at ....... had been completed. Once the plaintiff read this, he became
concerned that something was not right, and immediately called (at 4:41
PM) the defendant's call center to inform them. There, the employees,
with whom he finally connected at 5:04 PM due to high call center
volume, advised him to delete the relevant emails, cancel his credit
card, change his access passwords for the service, and submit a dispute
request regarding the conducted transactions. The plaintiff
electronically sent this request to the defendant, disputing the
detailed transactions amounting to €3,121.75, which were conducted on
30/11/2020 during the time frame of 16:37:45-16:43:34 PM, arguing that
he had neither performed them himself nor authorized anyone else to do
so. The plaintiff specifically disputed the following transactions, as
evidenced by the account activity of the disputed credit card during the
aforementioned timeframe: a) transaction number ......... amounting to
€150.62 conducted on 30/11/2020 at 4:43:34 PM, b) transaction number
........ amounting to €293.20 conducted on 30/11/2020 at 4:42:40 PM, c)
transaction number ............ amounting to €295.21 conducted on
30/11/2020 at 4:42:10 PM, d) transaction number .......... amounting to
€299.22 conducted on 30/11/2020 at 4:41:31 PM, e) transaction number
........ amounting to €297.21 conducted on 30/11/2020 at 4:41:01 PM, f)
transaction number ........ amounting to €299.22 conducted on 30/11/2020
at 4:40:27 PM, g) transaction number ....... amounting to €299.22
conducted on 30/11/2020 at 4:39:55 PM, h) transaction number ......
amounting to €299.22 conducted on 30/11/2020 at 4:39:22 PM, i)
transaction number ......... amounting to €297.22 conducted on
30/11/2020 at 4:38:52 PM, j) transaction number ......... amounting to
€295.21 conducted on 30/11/2020 at 4:38:17 PM, and k) transaction number
......... amounting to €296.21 conducted on 30/11/2020 at 4:37:45 PM. In
its response letter dated 21/12/2020, the defendant denied
responsibility for the costs of the aforementioned transactions, placing
the entire blame on the plaintiff for the leak of his card details and
security code to the fraudulent page. The plaintiff, completely denying
any fault for the conducted transactions, repeatedly contacted the
defendant, both by phone and via email (see emails dated 15/1/2021 and
11/2/2021), while on 2/3/2021, he electronically sent a report dated
1/03/2021 to the Consumer Advocate’s email address, recounting the
events and requesting that the aforementioned Independent Authority
intervene to have the disputed debt canceled. In its letter with
reference number ...../27.04.2021, the aforementioned Independent
Authority informed the plaintiff that the case was outside its mediating
role and was therefore archived. Subsequently, the plaintiff sent the
defendant on 5/3/2021 his extrajudicial statement dated 4/3/2021,
calling upon it to fully cancel the debt of €3,121.75 that had been
unjustly incurred against him within two days and to immediately
instruct the representatives of the collection agency working with it to
cease contacting him regarding the disputed case. The defendant sent the
plaintiff a message on his mobile phone on 20/04/2021 informing him that
his case was still being processed due to lengthy operational
requirements, while on 23/04/2021, via email, it informed him that
considering their good cooperation and his efforts to keep them updated,
it had reviewed his case and decided to refund him the amounts of the
transactions that were conducted after his contact with their
representatives on 30/11/2020 at 4:41 PM, totaling €1,038.25,
specifically the following: a) transaction of €150.62 conducted on
30/11/2020 at 4:43 PM, b) transaction of €295.21 conducted on 30/11/2020
at 4:42 PM, c) transaction of €293.20 conducted on 30/11/2020 at 4:42
PM, and d) transaction of €299.22 conducted on 30/11/2020 at 4:41 PM.
Beyond this, the defendant refused to refund the plaintiff the amount of
the remaining transactions conducted on 30/11/2020, totaling €2,376.08
(and not €2,376.48 as incorrectly stated by the plaintiff in his
lawsuit), which the plaintiff ultimately fully paid, transferring
€2,342.77 to the defendant on 7/06/2021 and €33.31 on 15/06/2021 (see
related deposit receipts).
- >-
1.Where a type of processing in particular using new technologies, and
taking into account the nature, scope, context and purposes of the
processing, is likely to result in a high risk to the rights and
freedoms of natural persons, the controller shall, prior to the
processing, carry out an assessment of the impact of the envisaged
processing operations on the protection of personal data. A single
assessment may address a set of similar processing operations that
present similar high risks.
2.The controller shall seek the advice of the data protection officer,
where designated, when carrying out a data protection impact assessment.
3.A data protection impact assessment referred to in paragraph 1 shall
in particular be required in the case of: (a) a systematic and
extensive evaluation of personal aspects relating to natural persons
which is based on automated processing, including profiling, and on
which decisions are based that produce legal effects concerning the
natural person or similarly significantly affect the natural person;
(b) processing on a large scale of special categories of data referred
to in Article 9(1), or of personal data relating to criminal convictions
and offences referred to in Article 10; or (c) a systematic monitoring
of a publicly accessible area on a large scale.
4.The supervisory authority shall establish and make public a list of
the kind of processing operations which are subject to the requirement
for a data protection impact assessment pursuant to paragraph 1. The
supervisory authority shall communicate those lists to the Board
referred to in Article 68
5.The supervisory authority may also establish and make public a list of
the kind of processing operations for which no data protection impact
assessment is required. The supervisory authority shall communicate
those lists to the Board.
6.Prior to the adoption of the lists referred to in paragraphs 4 and 5,
the competent supervisory authority shall apply the consistency
mechanism referred to in Article 63 where such lists involve processing
activities which are related to the offering of goods or services to
data subjects or to the monitoring of their behaviour in several Member
States, or may substantially affect the free movement of personal data
within the Union. 4.5.2016 L 119/53
7.The assessment shall contain at least: (a) a systematic description
of the envisaged processing operations and the purposes of the
processing, including, where applicable, the legitimate interest pursued
by the controller; (b) an assessment of the necessity and
proportionality of the processing operations in relation to the
purposes; (c) an assessment of the risks to the rights and freedoms of
data subjects referred to in paragraph 1; and (d) the measures
envisaged to address the risks, including safeguards, security measures
and mechanisms to ensure the protection of personal data and to
demonstrate compliance with this Regulation taking into account the
rights and legitimate interests of data subjects and other persons
concerned.
8.Compliance with approved codes of conduct referred to in Article 40 by
the relevant controllers or processors shall be taken into due account
in assessing the impact of the processing operations performed by such
controllers or processors, in particular for the purposes of a data
protection impact assessment.
9.Where appropriate, the controller shall seek the views of data
subjects or their representatives on the intended processing, without
prejudice to the protection of commercial or public interests or the
security of processing operations.
10.Where processing pursuant to point (c) or (e) of Article 6(1) has a
legal basis in Union law or in the law of the Member State to which the
controller is subject, that law regulates the specific processing
operation or set of operations in question, and a data protection impact
assessment has already been carried out as part of a general impact
assessment in the context of the adoption of that legal basis,
paragraphs 1 to 7 shall not apply unless Member States deem it to be
necessary to carry out such an assessment prior to processing
activities.
11. Where necessary, the controller shall carry out a review to assess
if processing is performed in accordance with the data protection impact
assessment at least when there is a change of the risk represented by
processing operations.
- >-
Public authorities to which personal data are disclosed in accordance
with a legal obligation for the exercise of their official mission, such
as tax and customs authorities, financial investigation units,
independent administrative authorities, or financial market authorities
responsible for the regulation and supervision of securities markets
should not be regarded as recipients if they receive personal data which
are necessary to carry out a particular inquiry in the general interest,
in accordance with Union or Member State law. The requests for
disclosure sent by the public authorities should always be in writing,
reasoned and occasional and should not concern the entirety of a filing
system or lead to the interconnection of filing systems. The processing
of personal data by those public authorities should comply with the
applicable data-protection rules according to the purposes of the
processing.
- source_sentence: What are the consequences for unlawful interference with sensitive data?
sentences:
- >
Any person who, in contravention of the provisions of this law or of the
provisions of lawfully ratified multilateral international conventions
on the protection of copyright, unlawfully makes a fixation of a work or
of copies, reproduces them directly or indirectly, temporarily or
permanently in any form, in whole or in part, translates, adapts, alters
or transforms them, or distributes them to the public by sale or other
means, or possesses with the intent of distributing them, rents,
performs in public, broadcasts by radio or television or any other
means, communicates to the public works or copies by any means, imports
copies of a work illegally produced abroad without the consent of the
author and, in general, exploits works, reproductions or copies being
the object of copyright or acts against the moral right of the author to
decide freely on the publication and the presentation of his work to the
public without additions or deletions, shall be liable to imprisonment
of no less than a year and to a fine from 2.900-15.000 Euro.
Without the permission of the performers: fixes their performance;
directly or indirectly, temporarily or permanently reproduces by any
means and form, in whole or in part, the fixation of their performance;
distributes to the public the fixation of their performance or possesses
them with the purpose of distribution; rents the fixation of their
performance; broadcasts by radio and television by any means, the live
performance, unless such broadcasting is rebroadcasting of a legitimate
broadcasting; communicates to the public the live performance made by
any means, except radio and television broadcasting; makes available to
the public, by wire or wireless means, in such a way that members of the
public may access them from a place and at a time individually chosen by
them, the fixation of their performance.
Without the permission of phonogram producers (producers of sound
recordings): directly or indirectly, temporarily or permanently
reproduces by any means and form, in whole or in part, their phonograms;
distributes to the public the above recordings, or possesses them with
the purpose of distribution; rents the said recordings; makes available
to the public, by wire or wireless means, in such a way that members of
the public may access them from a place and at a time individually
chosen by them, their phonograms; imports the said recordings produced
abroad without their consent.
Without the permission of producers of audiovisual works (producers of
visual or sound and visual recordings): directly or indirectly,
temporarily or permanently reproduces by any means and form, in whole or
in part, the original and the copies of their films; distributes to the
public the above recordings, including the copies thereof, or possesses
them with the purpose of distribution; rents the said recordings; makes
available to the public, by wire or wireless means, in such a way that
members of the public may access them from a place and at a time
individually chosen by them, the original and the copies of their films;
imports the said recordings produced abroad without their consent;
broadcasts by radio or television by any means including satellite
transmission and cable retransmission, as well as the communication to
the public.
Without the permission of radio and television organizations:
rebroadcasts their broadcasts by any means; presents their broadcasts to
the public in places accessible to the public against payment of an
entrance fee; fixes their broadcasts on sound or sound and visual
recordings, regardless of whether the broadcasts are transmitted by wire
or by the air, including by cable or satellite; directly or indirectly,
temporarily or permanently reproduces by any means and form, in whole or
in part, the fixation of their broadcasts; distributes to the public the
recordings containing the fixation or their broadcasts; rents the
recordings containing the fixation of their broadcasts; makes available
to the public, by wire or wireless means, in such a way that members of
the public may access them from a place and at a time individually
chosen by them, the fixation of their broadcasts.
If the financial gain sought or the damage caused by the perpetration of
an act listed in paragraphs (1) and (2), above, is particularly great,
the sanction shall be not less than two years imprisonment and a fine of
from 2 to 10 million drachmas. If the guilty party has perpetrated any
of the aforementioned acts by profession or at a commercial scale or if
the circumstances in connection with the perpetration of the act
indicate that the guilty party poses a serious threat to the protection
of copyright or related rights, the sanction shall be imprisonment of up
to ten (10) years and a fine of from 5 to 10 million drachmas, together
with the withdrawal of the trading license of the undertaking which has
served as the vehicle for the act. The act shall be likewise deemed to
have been perpetrated by way of standard practice if the guilty party
has on a previous occasion been convicted of a contravention pursuant to
the provisions of the Article or for a violation of the preceding
copyright legislation and sentenced to a non-redeemable period of
imprisonment. Any infringement of copyright and related rights in the
form of felony is tried by the competent Three-member Court of Appeal
for Felonies.
Any person who did not pay the remuneration provided for by Article 18,
paragraph (3) hereof to a collecting society is punished with the
sanction of paragraph (1), (2) and (3). The same sentence is imposed on
the debtor who, after the issuance of the decision of the one-member
first instance court, does not submit the declaration under the
provisions of article 18, par. 6, of this law.
The sanctions specified in paragraph (1), above, shall be applicable
likewise to any person who: uses or distributes, or possesses with the
intent to distribute, any system or means whose sole purpose is to
facilitate the unpermitted removal or neutralization of a technical
system used to protect a computer program; manufactures or imports or
distributes, or possesses with intent to distribute, equipment and other
materials utilizable for the reproduction of a work which do not conform
to the specifications determined pursuant to Article 59 of this Law;
manufactures or imports or distributes, or possesses with intent to
distribute, objects which can thwart the efficacy of the above-mentioned
specifications, or engages in an act which can have that result;
reproduces or uses a work without utilizing the equipment or without
applying the systems specified pursuant to Article 60 of this Law;
distributes, or possesses with intent to distribute, a phonogram or film
without the special mark or control label specified pursuant to Article
61 of this Law.
Where a sentence of imprisonment is imposed with the option of
redeemability, the sum payable for the redemption shall be 10 times the
sum specified as per the case in the Penal Code.
Where mitigating circumstances exist, the fine imposed shall not be less
than half of the minimum fine imposable as per the case under this Law.
Any person who proceeds to authorized temporary or permanent
reproduction of the database, translation, adaptation, arrangement and
any other alteration of the database, distribution to the public of the
database or of copies thereof, communication, display or performance of
the database to the public, is punished by imprisonment of at least one
(1) year and a fine of one (1) to five (5) million drachmas.
Any person who proceeds to extraction and/or re-utilization of the whole
or of a substantial part of the contents of the database without the
authorization of the author thereof, is punished by imprisonment of at
least one (1) year and a fine of one (1) to five (5) million drachmas
(article 12 of Directive 96/9).
When the object of the infringement refers to computer software, the
culpable character of the action, as described in paragraph 1 of article
65A and under the prerequisites provided there, is raised under the
condition that the infringer proceeds in the unreserved payment of the
administrative fee and the infringement concerns a quantity of up to 50
programs.
When the object of infringement concerns recordings of sound in which a
work protected by copyright law has been recorded, the unreserved
payment of an administrative fee according to the stipulation of par.2
of article 65A and under the prerequisites provided there, the culpable
character of the action is raised under the condition that the
infringement concerns a quantity of up to five hundred (500) illegal
sound recording carriers.
The payment of the administrative fee and the raising of the culpable
character of the action, do not relieve the infringers from the duty of
buying off the copyright and related rights or from the duty of
compensating and paying the rest expenses to the holders of these
rights, according to the provisions of the relevant laws.
In case of recidivism during the same financial year the administrative
fee provided for by article 65A doubles.
- >
Failure to notify the Authority of file establishment or permit changes
is punished by up to three years’ imprisonment and a fine of one to five
million Drachmas.
Maintaining a file without a permit or violating permit terms is
punished by at least one year’s imprisonment and a fine of one to five
million Drachmas.
Unauthorized file interconnection or without permit is punished by up to
three years’ imprisonment and a fine of one to five million Drachmas.
Unlawful interference with personal data is punished by imprisonment and
a fine; for sensitive data, at least one year’s imprisonment and a fine
of one to ten million Drachmas.
Controllers who fail to comply with Authority decisions or violate data
transfer rules face at least two years’ imprisonment and a fine of one
to five million Drachmas.
If acts were committed for unlawful benefit or to cause harm, punishment
is up to ten years’ imprisonment and a fine of two to ten million
Drachmas.
If acts jeopardize democratic governance or national security,
punishment is confinement in a penitentiary and a fine of five to ten
million Drachmas.
Acts committed due to negligence result in at least three months’
imprisonment and a fine.
If the Controller is not a natural person, the responsible party is the
representative or head of the organization with administrative or
managerial duties.
Authorized members of the Authority may carry out preliminary
investigations even without Prosecutor’s order for certain offenses.
The Authority's President must notify the Public Prosecutor of any
offenses under investigation, forwarding all relevant evidence.
Preliminary investigations must conclude within two months of charges,
and trial must begin within three months of completion.
Continuation of proceedings is allowed only once and for extremely
important reasons, with adjournment not exceeding two months.
Felonies under this law fall under the jurisdiction of the Court of
Appeal.
- >-
1.The competent supervisory authority shall approve binding corporate
rules in accordance with the consistency mechanism set out in Article
63, provided that they: (a) are legally binding and apply to and are
enforced by every member concerned of the group of undertakings, or
group of enterprises engaged in a joint economic activity, including
their employees; 4.5.2016 L 119/62 (b) expressly confer enforceable
rights on data subjects with regard to the processing of their personal
data; and (c) fulfil the requirements laid down in paragraph 2
2.The binding corporate rules referred to in paragraph 1 shall specify
at least: (a) the structure and contact details of the group of
undertakings, or group of enterprises engaged in a joint economic
activity and of each of its members; (b) the data transfers or set of
transfers, including the categories of personal data, the type of
processing and its purposes, the type of data subjects affected and the
identification of the third country or countries in question; (c) their
legally binding nature, both internally and externally; (d) the
application of the general data protection principles, in particular
purpose limitation, data minimisation, limited storage periods, data
quality, data protection by design and by default, legal basis for
processing, processing of special categories of personal data, measures
to ensure data security, and the requirements in respect of onward
transfers to bodies not bound by the binding corporate rules; (e) the
rights of data subjects in regard to processing and the means to
exercise those rights, including the right not to be subject to
decisions based solely on automated processing, including profiling in
accordance with Article 22, the right to lodge a complaint with the
competent supervisory authority and before the competent courts of the
Member States in accordance with Article 79, and to obtain redress and,
where appropriate, compensation for a breach of the binding corporate
rules; (f) the acceptance by the controller or processor established on
the territory of a Member State of liability for any breaches of the
binding corporate rules by any member concerned not established in the
Union; the controller or the processor shall be exempt from that
liability, in whole or in part, only if it proves that that member is
not responsible for the event giving rise to the damage; (g) how the
information on the binding corporate rules, in particular on the
provisions referred to in points (d), (e) and (f) of this paragraph is
provided to the data subjects in addition to Articles 13 and 14; (h)
the tasks of any data protection officer designated in accordance with
Article 37 or any other person or entity in charge of the monitoring
compliance with the binding corporate rules within the group of
undertakings, or group of enterprises engaged in a joint economic
activity, as well as monitoring training and complaint-handling; (i)
the complaint procedures; (j) the mechanisms within the group of
undertakings, or group of enterprises engaged in a joint economic
activity for ensuring the verification of compliance with the binding
corporate rules. Such mechanisms shall include data protection audits
and methods for ensuring corrective actions to protect the rights of the
data subject. Results of such verification should be communicated to the
person or entity referred to in point (h) and to the board of the
controlling undertaking of a group of undertakings, or of the group of
enterprises engaged in a joint economic activity, and should be
available upon request to the competent supervisory authority; (k) the
mechanisms for reporting and recording changes to the rules and
reporting those changes to the supervisory authority; (l) the
cooperation mechanism with the supervisory authority to ensure
compliance by any member of the group of undertakings, or group of
enterprises engaged in a joint economic activity, in particular by
making available to the supervisory authority the results of
verifications of the measures referred to in point (j); (m) the
mechanisms for reporting to the competent supervisory authority any
legal requirements to which a member of the group of undertakings, or
group of enterprises engaged in a joint economic activity is subject in
a third country which are likely to have a substantial adverse effect on
the guarantees provided by the binding corporate rules; and (n) the
appropriate data protection training to personnel having permanent or
regular access to personal data. 4.5.2016 L 119/63
3.The Commission may specify the format and procedures for the exchange
of information between controllers, processors and supervisory
authorities for binding corporate rules within the meaning of this
Article. Those implementing acts shall be adopted in accordance with the
examination procedure set out in Article 93(2).
pipeline_tag: sentence-similarity
library_name: sentence-transformers
metrics:
- cosine_accuracy@1
- cosine_accuracy@3
- cosine_accuracy@5
- cosine_accuracy@10
- cosine_precision@1
- cosine_precision@3
- cosine_precision@5
- cosine_precision@10
- cosine_recall@1
- cosine_recall@3
- cosine_recall@5
- cosine_recall@10
- cosine_ndcg@10
- cosine_mrr@10
- cosine_map@100
model-index:
- name: ModernBERT Embed base Legal Matryoshka
results:
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 768
type: dim_768
metrics:
- type: cosine_accuracy@1
value: 0.4595959595959596
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.5025252525252525
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.5202020202020202
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5656565656565656
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.4595959595959596
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.44528619528619523
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.4166666666666667
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.36287878787878786
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.09165916350710272
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.2306549962850208
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.3069127804735972
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.4211855701941311
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.5076744210018042
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.484268278018278
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5664503864728206
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 512
type: dim_512
metrics:
- type: cosine_accuracy@1
value: 0.4595959595959596
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.49747474747474746
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.5151515151515151
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5732323232323232
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.4595959595959596
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.44360269360269355
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.4146464646464647
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3661616161616162
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.0911697609343668
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.2289623216756795
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.3039527967844468
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.42391112595488795
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.5097410896532786
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.48467813051146386
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5636729515882724
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 256
type: dim_256
metrics:
- type: cosine_accuracy@1
value: 0.43434343434343436
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.4595959595959596
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.4772727272727273
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5303030303030303
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.43434343434343436
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.41329966329966333
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3858585858585859
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3416666666666667
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.08666211766664289
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.2099599446222272
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.2767937661015934
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.39114273606113564
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.47542048434929435
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.4539331810165143
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.5311664794885055
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 128
type: dim_128
metrics:
- type: cosine_accuracy@1
value: 0.41414141414141414
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.44696969696969696
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.4671717171717172
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.5050505050505051
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.41414141414141414
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.398989898989899
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.37727272727272726
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3340909090909091
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.07958141271625109
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.19645395412649433
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.2640705077398205
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.3706613130677149
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.45730976306219634
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.43498777457110793
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.507884562461354
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 64
type: dim_64
metrics:
- type: cosine_accuracy@1
value: 0.3661616161616162
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.3888888888888889
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.41414141414141414
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.44191919191919193
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.3661616161616162
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.351010101010101
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.32929292929292925
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.2906565656565657
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.07054343654955235
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.17865690678889054
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.23753083290232105
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.3325729030102926
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.40277157483949066
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.3831329164662498
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.45598855399752575
name: Cosine Map@100
Then you can load this model and run inference.
