metadata
language:
- en
license: apache-2.0
tags:
- sentence-transformers
- sentence-similarity
- feature-extraction
- dense
- generated_from_trainer
- dataset_size:391
- loss:MatryoshkaLoss
- loss:MultipleNegativesRankingLoss
base_model: intfloat/multilingual-e5-large
widget:
- source_sentence: >-
What is the responsibility of assisting and advising the data subjects in
exercising their rights?
sentences:
- >-
1.Personal data shall be: (a) processed lawfully, fairly and in a
transparent manner in relation to the data subject (‘lawfulness,
fairness and transparency’); (b) collected for specified, explicit and
legitimate purposes and not further processed in a manner that is
incompatible with those purposes; further processing for archiving
purposes in the public interest, scientific or historical research
purposes or statistical purposes shall, in accordance with Article
89(1), not be considered to be incompatible with the initial purposes
(‘purpose limitation’); (c) adequate, relevant and limited to what is
necessary in relation to the purposes for which they are processed
(‘data minimisation’); (d) accurate and, where necessary, kept up to
date; every reasonable step must be taken to ensure that personal data
that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay (‘accuracy’); 4.5.2016
L 119/35 (1) Directive (EU) 2015/1535 of the European Parliament and
of the Council of 9 September 2015 laying down a procedure for the
provision of information in the field of technical regulations and of
rules on Information Society services (OJ L 241, 17.9.2015, p. 1). (e)
kept in a form which permits identification of data subjects for no
longer than is necessary for the purposes for which the personal data
are processed; personal data may be stored for longer periods insofar as
the personal data will be processed solely for archiving purposes in the
public interest, scientific or historical research purposes or
statistical purposes in accordance with Article 89(1) subject to
implementation of the appropriate technical and organisational measures
required by this Regulation in order to safeguard the rights and
freedoms of the data subject (‘storage limitation’); (f) processed in a
manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against
accidental loss, destruction or damage, using appropriate technical or
organisational measures (‘integrity and confidentiality’).
2.The controller shall be responsible for, and be able to demonstrate
compliance with, paragraph 1 (‘accountability’).
- >-
1.A transfer of personal data to a third country or an international
organisation may take place where the Commission has decided that the
third country, a territory or one or more specified sectors within that
third country, or the international organisation in question ensures an
adequate level of protection. Such a transfer shall not require any
specific authorisation.
2.When assessing the adequacy of the level of protection, the Commission
shall, in particular, take account of the following elements: (a) the
rule of law, respect for human rights and fundamental freedoms, relevant
legislation, both general and sectoral, including concerning public
security, defence, national security and criminal law and the access of
public authorities to personal data, as well as the implementation of
such legislation, data protection rules, professional rules and security
measures, including rules for the onward transfer of personal data to
another third country or international organisation which are complied
with in that country or international organisation, case-law, as well as
effective and enforceable data subject rights and effective
administrative and judicial redress for the data subjects whose personal
data are being transferred; (b) the existence and effective functioning
of one or more independent supervisory authorities in the third country
or to which an international organisation is subject, with
responsibility for ensuring and enforcing compliance with the data
protection rules, including adequate enforcement powers, for assisting
and advising the data subjects in exercising their rights and for
cooperation with the supervisory authorities of the Member States; and
(c) the international commitments the third country or international
organisation concerned has entered into, or other obligations arising
from legally binding conventions or instruments as well as from its
participation in multilateral or regional systems, in particular in
relation to the protection of personal data.
3.The Commission, after assessing the adequacy of the level of
protection, may decide, by means of implementing act, that a third
country, a territory or one or more specified sectors within a third
country, or an international organisation ensures an adequate level of
protection within the meaning of paragraph 2 of this Article. The
implementing act shall provide for a mechanism for a periodic review, at
least every four years, which shall take into account all relevant
developments in the third country or international organisation. The
implementing act shall specify its territorial and sectoral application
and, where applicable, identify the supervisory authority or authorities
referred to in point (b) of paragraph 2 of this Article. The
implementing act shall be adopted in accordance with the examination
procedure referred to in Article 93(2).
4.The Commission shall, on an ongoing basis, monitor developments in
third countries and international organisations that could affect the
functioning of decisions adopted pursuant to paragraph 3 of this Article
and decisions adopted on the basis of Article 25(6) of Directive
95/46/EC.
5.The Commission shall, where available information reveals, in
particular following the review referred to in paragraph 3 of this
Article, that a third country, a territory or one or more specified
sectors within a third country, or an international organisation no
longer ensures an adequate level of protection within the meaning of
paragraph 2 of this Article, to the extent necessary, repeal, amend or
suspend the decision referred to in paragraph 3 of this Article by means
of implementing acts without retro-active effect. Those implementing
acts shall be adopted in accordance with the examination procedure
referred to in Article 93(2). On duly justified imperative grounds of
urgency, the Commission shall adopt immediately applicable implementing
acts in accordance with the procedure referred to in Article 93(3).
6.The Commission shall enter into consultations with the third country
or international organisation with a view to remedying the situation
giving rise to the decision made pursuant to paragraph 5
7.A decision pursuant to paragraph 5 of this Article is without
prejudice to transfers of personal data to the third country, a
territory or one or more specified sectors within that third country, or
the international organisation in question pursuant to Articles 46 to 49
8.The Commission shall publish in the Official Journal of the European
Union and on its website a list of the third countries, territories and
specified sectors within a third country and international organisations
for which it has decided that an adequate level of protection is or is
no longer ensured.
9.Decisions adopted by the Commission on the basis of Article 25(6) of
Directive 95/46/EC shall remain in force until amended, replaced or
repealed by a Commission Decision adopted in accordance with paragraph 3
or 5 of this Article.
- >-
The legal systems of Denmark and Estonia do not allow for administrative
fines as set out in this Regulation. The rules on administrative fines
may be applied in such a manner that in Denmark the fine is imposed by
competent national courts as a criminal penalty and in Estonia the fine
is imposed by the supervisory authority in the framework of a
misdemeanour procedure, provided that such an application of the rules
in those Member States has an equivalent effect to administrative fines
imposed by supervisory authorities. Therefore the competent national
courts should take into account the recommendation by the supervisory
authority initiating the fine. In any event, the fines imposed should be
effective, proportionate and dissuasive.
- source_sentence: Is the fine mandatory for the described offense?
sentences:
- >-
1.Each supervisory authority shall ensure that the imposition of
administrative fines pursuant to this Article in respect of
infringements of this Regulation referred to in paragraphs 4, 5 and 6
shall in each individual case be effective, proportionate and
dissuasive.
2.Administrative fines shall, depending on the circumstances of each
individual case, be imposed in addition to, or instead of, measures
referred to in points (a) to (h) and (j) of Article 58(2). When deciding
whether to impose an administrative fine and deciding on the amount of
the administrative fine in each individual case due regard shall be
given to the following: (a) the nature, gravity and duration of the
infringement taking into account the nature scope or purpose of the
processing concerned as well as the number of data subjects affected and
the level of damage suffered by them; (b) the intentional or negligent
character of the infringement; (c) any action taken by the controller
or processor to mitigate the damage suffered by data subjects; (d) the
degree of responsibility of the controller or processor taking into
account technical and organisational measures implemented by them
pursuant to Articles 25 and 32; (e) any relevant previous infringements
by the controller or processor; (f) the degree of cooperation with the
supervisory authority, in order to remedy the infringement and mitigate
the possible adverse effects of the infringement; (g) the categories of
personal data affected by the infringement; (h) the manner in which the
infringement became known to the supervisory authority, in particular
whether, and if so to what extent, the controller or processor notified
the infringement; (i) where measures referred to in Article 58(2) have
previously been ordered against the controller or processor concerned
with regard to the same subject-matter, compliance with those measures;
(j) adherence to approved codes of conduct pursuant to Article 40 or
approved certification mechanisms pursuant to Article 42; and (k) any
other aggravating or mitigating factor applicable to the circumstances
of the case, such as financial benefits gained, or losses avoided,
directly or indirectly, from the infringement.
3.If a controller or processor intentionally or negligently, for the
same or linked processing operations, infringes several provisions of
this Regulation, the total amount of the administrative fine shall not
exceed the amount specified for the gravest infringement.
4.Infringements of the following provisions shall, in accordance with
paragraph 2, be subject to administrative fines up to 10 000 000 EUR, or
in the case of an undertaking, up to 2 % of the total worldwide annual
turnover of the preceding financial year, whichever is higher: (a) the
obligations of the controller and the processor pursuant to Articles 8,
11, 25 to 39 and 42 and 43; (b) the obligations of the certification
body pursuant to Articles 42 and 43; (c) the obligations of the
monitoring body pursuant to Article 41(4). 4.5.2016 L 119/82
5.Infringements of the following provisions shall, in accordance with
paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or
in the case of an undertaking, up to 4 % of the total worldwide annual
turnover of the preceding financial year, whichever is higher: (a) the
basic principles for processing, including conditions for consent,
pursuant to Articles 5, 6, 7 and 9; (b) the data subjects' rights
pursuant to Articles 12 to 22; (c) the transfers of personal data to a
recipient in a third country or an international organisation pursuant
to Articles 44 to 49; (d) any obligations pursuant to Member State law
adopted under Chapter IX; (e) non-compliance with an order or a
temporary or definitive limitation on processing or the suspension of
data flows by the supervisory authority pursuant to Article 58(2) or
failure to provide access in violation of Article 58(1).
6.Non-compliance with an order by the supervisory authority as referred
to in Article 58(2) shall, in accordance with paragraph 2 of this
Article, be subject to administrative fines up to 20 000 000 EUR, or in
the case of an undertaking, up to 4 % of the total worldwide annual
turnover of the preceding financial year, whichever is higher.
7.Without prejudice to the corrective powers of supervisory authorities
pursuant to Article 58(2), each Member State may lay down the rules on
whether and to what extent administrative fines may be imposed on public
authorities and bodies established in that Member State.
8.The exercise by the supervisory authority of its powers under this
Article shall be subject to appropriate procedural safeguards in
accordance with Union and Member State law, including effective judicial
remedy and due process.
9.Where the legal system of the Member State does not provide for
administrative fines, this Article may be applied in such a manner that
the fine is initiated by the competent supervisory authority and imposed
by competent national courts, while ensuring that those legal remedies
are effective and have an equivalent effect to the administrative fines
imposed by supervisory authorities. In any event, the fines imposed
shall be effective, proportionate and dissuasive. Those Member States
shall notify to the Commission the provisions of their laws which they
adopt pursuant to this paragraph by 25 May 2018 and, without delay, any
subsequent amendment law or amendment affecting them.
- >-
Court (Civil/Criminal): Criminal
Provisions: Article 386 of the Penal Code
Time of commission of the act:
Result (innocent, guilty):
Reasoning: Conviction for computer fraud committed repeatedly and
professionally with a total benefit and damage exceeding €30,000.
According to the majority opinion, the charge is substantiated in both
its objective and subjective aspects, and the defendant must be declared
guilty of the aforementioned criminal acts of fraud by means of a
computer, committed repeatedly by a perpetrator acting professionally,
where the total financial benefit and corresponding damage exceed the
amount of €30,000, as well as for repeated embezzlement.
Facts: The defendant accessed a website using a computer, employing,
without the knowledge and consent of the complainants, the access codes
for the electronic management system of the bank accounts held by the
complainants at a Bank, and transferred money through electronically
transmitted orders from the complainants' accounts to her own account.
Specifically, during the period from June 2007 to June 2008, after
unlawfully acquiring the aforementioned STICK containing the access
codes, she accessed a website maintained by ..., using, without the
complainants' knowledge (without their consent or approval), the access
codes for the electronic management system of the bank accounts held at
the aforementioned Bank, transferring through electronically transmitted
orders to the joint account number ... of the complainants from bank
accounts numbered ..., ..., and ..., the total amount of €55,710, as
detailed in the orders, and subsequently, using an ATM card, she
gradually withdrew from the aforementioned account number ..., the total
amount of €55,710, making 84 individual withdrawals from automatic
teller machines. In addition, the defendant, during the period from June
2008 to November 2008, in the same exact manner (through the electronic
management system of the bank accounts), transferred through
electronically transmitted orders to account number ..., which she had
opened at ..., from the complainants' bank accounts numbered ..., ...,
..., ..., and ..., the total amount of €73,942, as detailed in the
orders regarding the transfers of these amounts. Furthermore, during the
period from February 2008 to November 2008, through multiple acts
constituting a continuation of the crime, although she had received from
the first complainant ... the amounts of €695.04, €695.04, and €845.04,
in order to pay his insurance contributions to O.A.E.E. for the periods
of January-February 2008, May-June 2008, and September-October 2008, as
well as the amounts of €250 and €280, in order to settle credit card
bills for "...", respectively, and from the second complainant ... she
received the amounts of €283.64, €419.26, and €385.38, to pay the
latter's insurance contributions to O.A.E.E. for the periods of
July-August 2007, May-June 2008, September-October 2008, and
November-December 2008, as well as the amount of €1,888.03 for the
settlement of VAT, she never paid the above amounts to settle the
aforementioned obligations, nor did she return them to the complainants,
despite being urged to do so, but incorporated them into her assets and
wrongfully appropriated them. The defendant denies the charges against
her and claims that the withdrawals were made by the second complainant
and that all the amounts transferred to her account were transferred to
cover the company's expenses and their personal expenses, due to her
cohabitation with the second complainant and with his knowledge, with
whom she intended to marry. However, this claim is not supported by any
evidence; on the contrary, it emerged that she conducted the transfers
of the money and withdrawals without the complainants' knowledge, and
when she learned that they had been informed about the account movements
and met at the Bank, her behavior and demeanor indicated guilt,
according to the testimony of the prosecution witness ..., an employee
of the Pangrati branch of ..., who saw her on the same day at the
aforementioned Bank when she met with the complainants. The ongoing act
of fraud using a computer was committed by the defendant professionally,
as evidenced by her repeated commission of the act, as well as the
infrastructure she had established with the intent of repeated
commission, based on a specific plan and methodology (transferring
smaller amounts to a joint account of the complainants from the
remaining accounts of the latter, and then withdrawing the transferred
amounts with an ATM card, as well as directly transferring smaller
amounts from the complainants' accounts to her personal account she had
opened at the same bank), indicating her purpose to generate income,
with the financial benefit she gained, corresponding to the
complainants' damage, exceeding a total of €30,000.
- >
Any person who intentionally, through the technology of information and
communication, suggests an encounter between an adult and a minor under
the age of fifteen, aiming at the commitment of the crimes described in
par. 1 and 2 of art. 339 and 348Α, is sentenced to an imprisonment of at
least two years and a fine of fifty to two hundred thousand Euros, when
the proposal is followed by further actions which lead in the commitment
of such crimes.
- source_sentence: >-
Who should provide authorisation when safeguards are detailed in
non-legally binding administrative arrangements?
sentences:
- >-
In the absence of an adequacy decision, the controller or processor
should take measures to compensate for the lack of data protection in a
third country by way of appropriate safeguards for the data subject.
Such appropriate safeguards may consist of making use of binding
corporate rules, standard data protection clauses adopted by the
Commission, standard data protection clauses adopted by a supervisory
authority or contractual clauses authorised by a supervisory authority.
Those safeguards should ensure compliance with data protection
requirements and the rights of the data subjects appropriate to
processing within the Union, including the availability of enforceable
data subject rights and of effective legal remedies, including to obtain
effective administrative or judicial redress and to claim compensation,
in the Union or in a third country. They should relate in particular to
compliance with the general principles relating to personal data
processing, the principles of data protection by design and by default.
Transfers may also be carried out by public authorities or bodies with
public authorities or bodies in third countries or with international
organisations with corresponding duties or functions, including on the
basis of provisions to be inserted into administrative arrangements,
such as a memorandum of understanding, providing for enforceable and
effective rights for data subjects. Authorisation by the competent
supervisory authority should be obtained when the safeguards are
provided for in administrative arrangements that are not legally
binding.
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Rationale:**
**Facts:**
The plaintiff holds credit card number ............ with the defendant
banking corporation. Based on the application for alternative networks
dated 19/7/2015 with number ......... submitted at a branch of the
defendant, he was granted access to the electronic banking service
(e-banking) to conduct banking transactions (debit, credit, updates,
payments) remotely. On 30/11/2020, the plaintiff fell victim to
electronic fraud through the "phishing" method, whereby an unknown
perpetrator managed to withdraw a total amount of €3,121.75 from the
aforementioned credit card. Specifically, the plaintiff received an
email at 1:35 PM on 29/11/2020 from sender ...... with address ........,
informing him that due to an impending system change, he needed to
verify the mobile phone number linked to the credit card, urging him to
complete the verification process within the next 24 hours by following
a link titled ........; otherwise, his account would be locked for
security reasons. The plaintiff read this email on the afternoon of 30
November 2020 and, believing it was from the defendant, followed the
instructions and proceeded via the provided link to a website that was
identical (a clone) to that of the defendant. On this page, he was asked
to enter the six-digit security code (.........) that had just been sent
to his mobile phone by the defendant at 3:41 PM, with the note that it
was an activation code for his ........ card at ........., which he
entered.
Subsequently, the plaintiff received, according to his statements, a new
email (not submitted), which requested him to enter the details of the
aforementioned credit card, specifically the name of the cardholder and
the card number, not the PIN, which he also entered, convinced that he
was within the online environment of the defendant. Then, at 3:47 PM, he
received a message on his mobile phone from the defendant containing the
exact same content as the one he received at 3:41 PM, while at 3:50 PM
he received a message stating that the activation of his ......... card
at ....... had been completed. Once the plaintiff read this, he became
concerned that something was not right, and immediately called (at 4:41
PM) the defendant's call center to inform them. There, the employees,
with whom he finally connected at 5:04 PM due to high call center
volume, advised him to delete the relevant emails, cancel his credit
card, change his access passwords for the service, and submit a dispute
request regarding the conducted transactions. The plaintiff
electronically sent this request to the defendant, disputing the
detailed transactions amounting to €3,121.75, which were conducted on
30/11/2020 during the time frame of 16:37:45-16:43:34 PM, arguing that
he had neither performed them himself nor authorized anyone else to do
so. The plaintiff specifically disputed the following transactions, as
evidenced by the account activity of the disputed credit card during the
aforementioned timeframe: a) transaction number ......... amounting to
€150.62 conducted on 30/11/2020 at 4:43:34 PM, b) transaction number
........ amounting to €293.20 conducted on 30/11/2020 at 4:42:40 PM, c)
transaction number ............ amounting to €295.21 conducted on
30/11/2020 at 4:42:10 PM, d) transaction number .......... amounting to
€299.22 conducted on 30/11/2020 at 4:41:31 PM, e) transaction number
........ amounting to €297.21 conducted on 30/11/2020 at 4:41:01 PM, f)
transaction number ........ amounting to €299.22 conducted on 30/11/2020
at 4:40:27 PM, g) transaction number ....... amounting to €299.22
conducted on 30/11/2020 at 4:39:55 PM, h) transaction number ......
amounting to €299.22 conducted on 30/11/2020 at 4:39:22 PM, i)
transaction number ......... amounting to €297.22 conducted on
30/11/2020 at 4:38:52 PM, j) transaction number ......... amounting to
€295.21 conducted on 30/11/2020 at 4:38:17 PM, and k) transaction number
......... amounting to €296.21 conducted on 30/11/2020 at 4:37:45 PM. In
its response letter dated 21/12/2020, the defendant denied
responsibility for the costs of the aforementioned transactions, placing
the entire blame on the plaintiff for the leak of his card details and
security code to the fraudulent page. The plaintiff, completely denying
any fault for the conducted transactions, repeatedly contacted the
defendant, both by phone and via email (see emails dated 15/1/2021 and
11/2/2021), while on 2/3/2021, he electronically sent a report dated
1/03/2021 to the Consumer Advocate’s email address, recounting the
events and requesting that the aforementioned Independent Authority
intervene to have the disputed debt canceled. In its letter with
reference number ...../27.04.2021, the aforementioned Independent
Authority informed the plaintiff that the case was outside its mediating
role and was therefore archived. Subsequently, the plaintiff sent the
defendant on 5/3/2021 his extrajudicial statement dated 4/3/2021,
calling upon it to fully cancel the debt of €3,121.75 that had been
unjustly incurred against him within two days and to immediately
instruct the representatives of the collection agency working with it to
cease contacting him regarding the disputed case. The defendant sent the
plaintiff a message on his mobile phone on 20/04/2021 informing him that
his case was still being processed due to lengthy operational
requirements, while on 23/04/2021, via email, it informed him that
considering their good cooperation and his efforts to keep them updated,
it had reviewed his case and decided to refund him the amounts of the
transactions that were conducted after his contact with their
representatives on 30/11/2020 at 4:41 PM, totaling €1,038.25,
specifically the following: a) transaction of €150.62 conducted on
30/11/2020 at 4:43 PM, b) transaction of €295.21 conducted on 30/11/2020
at 4:42 PM, c) transaction of €293.20 conducted on 30/11/2020 at 4:42
PM, and d) transaction of €299.22 conducted on 30/11/2020 at 4:41 PM.
Beyond this, the defendant refused to refund the plaintiff the amount of
the remaining transactions conducted on 30/11/2020, totaling €2,376.08
(and not €2,376.48 as incorrectly stated by the plaintiff in his
lawsuit), which the plaintiff ultimately fully paid, transferring
€2,342.77 to the defendant on 7/06/2021 and €33.31 on 15/06/2021 (see
related deposit receipts).
- >-
Court (Civil/Criminal): Civil
Provisions:
Time of commission: July 21, 2020
Outcome (innocent, guilty): Partially accepts the lawsuit against the
Bank.
Reasoning: Alongside the bank's responsibility for the ineffective
protection of its systems against the continually changing and evolving
methods of deception that affect them, leading to financial damage for
its clients who entrusted it, which constitutes a breach of its
contractual obligations and generates contractual liability, there is
also the personal responsibility of the plaintiff, who did not
safeguard, as required, his sensitive banking information and disclosed
it when he should not have, even though the message that misled him came
from the context of an SMS conversation with the defendant, even if he
was directed through the link to a website resembling that of the
defendant, because he overlooked the relevant instructions and strict
recommendations of the bank, violating his duty to safeguard them.
Therefore, in light of the above, the court must partially accept the
lawsuit regarding its substance, and with the defendant's objection
regarding the plaintiff's fault being accepted at a rate of 1/6 of the
damage suffered, it must be acknowledged – following the admissible and
lawful modification of the lawsuit's request from a dismissive to a
declaratory nature as proposed – the defendant's obligation to pay him
the amount of €2,500, with legal interest, as specified in the operative
part. Regarding the request to recognize the defendant's obligation to
pay him €1,000 as compensation for the moral damage he suffered from the
fraud committed against him, this is deemed dismissible as unfounded,
because the defendant's liability is contractual and not tortious, and
there are no special conditions justifying the treatment of this
specific non-contractual behavior as tortious, making it possible to
attribute moral damage to the plaintiff from the defendant.
Facts: The plaintiff maintained a joint bank account with his wife and
had access to the defendant bank's e-banking. On July 21, 2020,
following successful identification via the agreed-upon credentials
(userID, password, OTP), a request was made to change the mobile phone
number for receiving OTPs, which was completed through the bank's
platform. However, this change was not made by the plaintiff himself,
but by a third party who had previously deceived him using the phishing
method, obtaining his banking details through a misleading SMS.
Following the phone number change, on July 31, 2020, a transfer of
€3,000 was made to a third party's account. The transaction was
conducted using the necessary credentials and OTP sent to the new mobile
phone, resulting in the bank considering the order valid and executing
it. Once the plaintiff realized the transfer, he immediately contacted
the bank and informed them that he had not given such an order himself.
Despite the initial assurance that the funds could be recovered, they
were ultimately not returned, as they had been transferred to a third
party's account, and the bank denied any responsibility for the loss.
- source_sentence: When will the periodic review mechanism be conducted?
sentences:
- >-
The Commission should monitor the functioning of decisions on the level
of protection in a third country, a territory or specified sector within
a third country, or an international organisation, and monitor the
functioning of decisions adopted on the basis of Article 25(6) or
Article 26(4) of Directive 95/46/EC. In its adequacy decisions, the
Commission should provide for a periodic review mechanism of their
functioning. That periodic review should be conducted in consultation
with the third country or international organisation in question and
take into account all relevant developments in the third country or
international organisation. For the purposes of monitoring and of
carrying out the periodic reviews, the Commission should take into
consideration the views and findings of the European Parliament and of
the Council as well as of other relevant bodies and sources. The
Commission should evaluate, within a reasonable time, the functioning of
the latter decisions and report any relevant findings to the Committee
within the meaning of Regulation (EU) No 182/2011 of the European
Parliament and of the Council (1) as established under this Regulation,
to the European Parliament and to the Council.
- >-
**Court (Civil/Criminal): Civil**
**Provisions:**
**Time of commission of the act:**
**Outcome (not guilty, guilty):**
**Reasoning:** Partially accepts the lawsuit.
**Facts:** The plaintiff, who works as a lawyer, maintains a savings
account with the defendant banking corporation under account number
GR.............. Pursuant to a contract dated June 11, 2010, established
in Thessaloniki between the defendant and the plaintiff, the plaintiff
was granted access to the electronic banking system (e-banking) to
conduct banking transactions remotely. On October 10, 2020, the
plaintiff fell victim to electronic fraud through the "phishing" method,
whereby an unknown perpetrator managed to extract and transfer €3,000.00
from the plaintiff’s account to another account of the same bank.
Specifically, on that day at 6:51 a.m., the plaintiff received an email
from the sender ".........", with the address ..........., informing him
that his debit card had been suspended and that online payments and cash
withdrawals could not be made until the issue was resolved. The email
urged him to confirm his details within the next 72 hours by following a
link titled "card activation."
The plaintiff read the above email on his mobile phone around 8:00 a.m.,
and believing it came from the defendant, he followed the instructions
and accessed a website that was identical (a clone) to that of the
defendant. On this page, he was asked to enter his login credentials to
connect to the service, which he did, and he was subsequently asked to
input his debit card details for the alleged activation, which he also
provided. Then, to complete the process, a number was sent to his mobile
phone at 8:07 a.m. from the sender ........, which he entered, and two
minutes later he received a message from the same sender in English
stating that the quick access code had been activated on his mobile. A
few minutes later, at 8:18 a.m., he received an email from the defendant
informing him of the transfer of €3,000.00 from his account to account
number GR ........... held at the same bank, with the beneficiary's
details being .......... As soon as the plaintiff read this, he
immediately called the defendant's call center and canceled his debit
card, the access codes for the service ......., and locked the
application .......... At the same time, he verbally submitted a request
to dispute and cancel the contested transaction, and in a subsequent
phone call, he also canceled his credit card. On the same day, he also
sent an email to the defendant informing them in writing of the above
and requesting the cancellation of the transaction and the return of the
amount of €3,000.00 to his account, as this transfer was not made by him
but by an unknown perpetrator through electronic fraud and was not
approved by him. It should also be noted that the plaintiff, as the sole
beneficiary according to the aforementioned contract for using the
defendant's Internet Banking service, never received any update via SMS
or the VIBER application from the bank regarding the transaction details
before its completion, nor did he receive a one-time code (OTP) to
approve the contested transaction. He subsequently filed a complaint
against unknown persons at the Cyber Crime Division for the crime of
fraud. The defendant sent an email to the plaintiff on October 16, 2020,
informing him that his request had been forwarded to the appropriate
department of the bank for investigation, stating that the bank would
never send him an email or SMS asking him to enter his personal data and
that as of October 7, 2020, there was a notice posted for its customers
regarding malicious attempts to steal personal data in the "Our News"
section on ....... A month after the disputed incident, on November 10,
2020, an amount of €2,296.82 was transferred to the plaintiff's account
from the account to which the fraudulent credit had been made. The
plaintiff immediately sent an email to the defendant asking to be
informed whether this transfer was a return of part of the amount that
had been illegally withdrawn from his account and requested the return
of the remaining amount of €703.18. In its response dated January 13,
2021, the defendant confirmed that the aforementioned amount indeed came
from the account to which the fraudulent credit had been made, following
a freeze of that account initiated by the defendant during the
investigation of the incident, but refused to return the remaining
amount, claiming it bore no responsibility for the leak of the personal
codes to third parties, according to the terms of the service contract
established between them.
From the entirety of the evidence presented to the court, there is no
indication of the authenticity of the contested transaction, as the
plaintiff did not give his consent for the execution of the transfer of
the amount of €3,000.00, especially in light of the provision in Article
72 paragraph 2 of Law 4537/2018 stating that the mere use of the
Internet Banking service by the plaintiff does not necessarily
constitute sufficient evidence that the payer approved the payment
action. Specifically, it was proven that the contested transaction was
not carried out following a strong identification of the plaintiff – the
sole beneficiary of the account – and his approval, as the latter may
have entered his personal codes on the counterfeit website; however, he
was never informed, before the completion of the contested transaction,
of the amount that would be transferred from his account to a
third-party account, nor did he receive on his mobile phone, either via
SMS or through the VIBER application or any other means, the one-time
code - extra PIN for its completion, which he was required to enter to
approve the contested transaction (payment action) and thus complete his
identification, a fact that was not countered by any evidence from the
defendant. Furthermore, it is noted that the defendant's claims that it
bears no responsibility under the terms of the banking services
contract, whereby it is not liable for any damage to its customer in
cases of unauthorized use of their personal access codes to the Internet
Banking service, are to be rejected as fundamentally unfounded. This is
because the aforementioned contractual terms are invalid according to
the provision of Article 103 of Law 4537/2018, as they contradict the
provisions of Articles 71, 73, and 92 of the same Law, which provide for
the provider's universal liability and its exemption only for unusual
and unforeseen circumstances that are beyond the control of the party
invoking them and whose consequences could not have been avoided despite
all efforts to the contrary; these provisions establish mandatory law in
favor of users, as according to Article 103 of Law 4537/2018, payment
service providers are prohibited from deviating from the provisions to
the detriment of payment service users, unless the possibility of
deviation is explicitly provided and they can decide to offer only more
favorable terms to payment service users; the aforementioned contractual
terms do not constitute more favorable terms but rather disadvantageous
terms for the payment service user. In this case, however, the defendant
did not prove the authenticity of the transaction and its approval by
the plaintiff and did not invoke, nor did any unusual and unforeseen
circumstances beyond its control, the consequences of which could not
have been avoided despite all efforts to the contrary, come to light.
Therefore, the contested transaction transferring the amount of
€3,000.00 is considered, in the absence of demonstrable consent from the
plaintiff, unapproved according to the provisions of Article 64 of Law
4537/2018, and the defendant's contrary claims are rejected, especially
since the plaintiff proceeded, according to Article 71 paragraph 1 of
Law 4537/2018, without undue delay to notify the defendant regarding the
contested unapproved payment action. Consequently, the defendant is
liable for compensating the plaintiff for the positive damage he
suffered under Article 73 of Law 4537/2018 and is obliged to pay him the
requested amount of €703.18, while the plaintiff’s fault in the
occurrence of this damage cannot be established, as he entered his
personal details in an online environment that was a faithful imitation
of that of the defendant, as evidenced by the comparison of the
screenshots of the fake website and the real website provided by the
plaintiff, a fact that he could not have known while being fully
convinced that he was transacting with the defendant. Furthermore, the
defendant’s liability to compensate the plaintiff is based on the
provision of Article 8 of Law 2251/1994, which applies in this case, as
the plaintiff's damage resulted from inadequate fulfillment of its
obligations in the context of providing its services, but also on the
provision of Article 914 of the Civil Code in the sense of omission on
its part of unlawfully and culpably imposed actions. In this case, given
that during the relevant period there had been a multitude of similar
incidents of fraud against the defendant's customers, the latter, as a
service provider to the consumer public and bearing transactional
obligations of care and security towards them, displayed gross
negligence regarding the security provided for electronic transaction
services, which was compromised by the fraudulent theft of funds, as it
did not comply with all required high-security measures for executing
the contested transaction, failing to implement the strict customer
identification verification process and to check the authenticity of the
account to which the funds were sent, thus not assuming the suspicious
nature of the transaction, did not adopt comprehensive and improved
protective measures to fully protect its customers against malicious
attacks and online fraud and to prevent the infiltration of unauthorized
third parties, nor did it fulfill its obligations to inform, accurately
inform, and warn its consumers - customers, as it failed to adequately
inform them of attempts to steal their personal data through the sending
of informative emails or SMS, while merely posting in a section rather
than on a central banner (as it later did) does not constitute adequate
information such that it meets the requirement of protecting its
customers and the increased safeguarding of their interests. Although
the plaintiff acted promptly and informed the defendant on the same day
about the contested incident, the defendant did not act as promptly
regarding the investigation of the incident and the freezing of the
account that held the fraudulent credit to prevent the plaintiff's loss,
but only returned part of the funds to the plaintiff a month later. This
behavior, beyond being culpable due to gross negligence, was also
unlawful, as it would have been illegal even without the contractual
relationship, as contrary to the provisions of Law 4537/2018 and Law
2251/1994, regarding the lack of security of the services that the
consumer is legitimately entitled to expect, as well as the building of
trust that is essential in banking transactions, elements that it was
obligated to provide within the sphere of the services offered, and
contrary to the principles of good faith and commercial ethics, as
crystallized in the provision of Article 288 of the Civil Code, as well
as the general duty imposed by Article 914 of the Civil Code not to
cause harm to another culpably. This resulted not only in positive
damage to the plaintiff but also in causing him moral harm consisting of
his mental distress and the disruption, agitation, and sorrow he
experienced, for which he must be awarded financial compensation. Taking
into account all the general circumstances of the case, the extent of
the plaintiff's damage, the severity of the defendant's fault, the
mental distress suffered by the plaintiff, the insecurity he felt
regarding his deposits, the sorrow he experienced, and the stress caused
by his financial loss, which occurred during the pandemic period when
his earnings from his professional activity had significantly decreased,
as well as the financial and social situation of the parties, it is the
court's opinion that he should be granted, as financial compensation for
his moral harm, an amount of €250.00, which is deemed reasonable and
fair. Therefore, the total monetary amount that the plaintiff is
entitled to for his positive damage and financial compensation for the
moral harm suffered amounts to a total of (€703.18 + €250.00) = €953.18.
- >
Failure to notify the Authority of file establishment or permit changes
is punished by up to three years’ imprisonment and a fine of one to five
million Drachmas.
Maintaining a file without a permit or violating permit terms is
punished by at least one year’s imprisonment and a fine of one to five
million Drachmas.
Unauthorized file interconnection or without permit is punished by up to
three years’ imprisonment and a fine of one to five million Drachmas.
Unlawful interference with personal data is punished by imprisonment and
a fine; for sensitive data, at least one year’s imprisonment and a fine
of one to ten million Drachmas.
Controllers who fail to comply with Authority decisions or violate data
transfer rules face at least two years’ imprisonment and a fine of one
to five million Drachmas.
If acts were committed for unlawful benefit or to cause harm, punishment
is up to ten years’ imprisonment and a fine of two to ten million
Drachmas.
If acts jeopardize democratic governance or national security,
punishment is confinement in a penitentiary and a fine of five to ten
million Drachmas.
Acts committed due to negligence result in at least three months’
imprisonment and a fine.
If the Controller is not a natural person, the responsible party is the
representative or head of the organization with administrative or
managerial duties.
Authorized members of the Authority may carry out preliminary
investigations even without Prosecutor’s order for certain offenses.
The Authority's President must notify the Public Prosecutor of any
offenses under investigation, forwarding all relevant evidence.
Preliminary investigations must conclude within two months of charges,
and trial must begin within three months of completion.
Continuation of proceedings is allowed only once and for extremely
important reasons, with adjournment not exceeding two months.
Felonies under this law fall under the jurisdiction of the Court of
Appeal.
- source_sentence: Who must facilitate the exercise of data subject rights?
sentences:
- >-
1.Processing of personal data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, or trade union
membership, and the processing of genetic data, biometric data for the
purpose of uniquely identifying a natural person, data concerning health
or data concerning a natural person's sex life or sexual orientation
shall be prohibited.
2.Paragraph 1 shall not apply if one of the following applies: (a) the
data subject has given explicit consent to the processing of those
personal data for one or more specified purposes, except where Union or
Member State law provide that the prohibition referred to in paragraph 1
may not be lifted by the data subject; (b) processing is necessary for
the purposes of carrying out the obligations and exercising specific
rights of the controller or of the data subject in the field of
employment and social security and social protection law in so far as it
is authorised by Union or Member State law or a collective agreement
pursuant to Member State law providing for appropriate safeguards for
the fundamental rights and the interests of the data subject; (c)
processing is necessary to protect the vital interests of the data
subject or of another natural person where the data subject is
physically or legally incapable of giving consent; (d) processing is
carried out in the course of its legitimate activities with appropriate
safeguards by a foundation, association or any other not-for-profit body
with a political, philosophical, religious or trade union aim and on
condition that the processing relates solely to the members or to former
members of the body or to persons who have regular contact with it in
connection with its purposes and that the personal data are not
disclosed outside that body without the consent of the data subjects;
(e) processing relates to personal data which are manifestly made
public by the data subject; (f) processing is necessary for the
establishment, exercise or defence of legal claims or whenever courts
are acting in their judicial capacity; (g) processing is necessary for
reasons of substantial public interest, on the basis of Union or Member
State law which shall be proportionate to the aim pursued, respect the
essence of the right to data protection and provide for suitable and
specific measures to safeguard the fundamental rights and the interests
of the data subject; (h) processing is necessary for the purposes of
preventive or occupational medicine, for the assessment of the working
capacity of the employee, medical diagnosis, the provision of health or
social care or treatment or the management of health or social care
systems and services on the basis of Union or Member State law or
pursuant to contract with a health professional and subject to the
conditions and safeguards referred to in paragraph 3; (i) processing is
necessary for reasons of public interest in the area of public health,
such as protecting against serious cross-border threats to health or
ensuring high standards of quality and safety of health care and of
medicinal products or medical devices, on the basis of Union or Member
State law which provides for suitable and specific measures to safeguard
the rights and freedoms of the data subject, in particular professional
secrecy; 4.5.2016 L 119/38 (j) processing is necessary for archiving
purposes in the public interest, scientific or historical research
purposes or statistical purposes in accordance with Article 89(1) based
on Union or Member State law which shall be proportionate to the aim
pursued, respect the essence of the right to data protection and provide
for suitable and specific measures to safeguard the fundamental rights
and the interests of the data subject.
3.Personal data referred to in paragraph 1 may be processed for the
purposes referred to in point (h) of paragraph 2 when those data are
processed by or under the responsibility of a professional subject to
the obligation of professional secrecy under Union or Member State law
or rules established by national competent bodies or by another person
also subject to an obligation of secrecy under Union or Member State law
or rules established by national competent bodies.
4.Member States may maintain or introduce further conditions, including
limitations, with regard to the processing of genetic data, biometric
data or data concerning health.
- >-
Regulation (EC) No 45/2001 of the European Parliament and of the Council
(2) applies to the processing of personal data by the Union
institutions, bodies, offices and agencies. Regulation (EC) No 45/2001
and other Union legal acts applicable to such processing of personal
data should be adapted to the principles and rules established in this
Regulation and applied in the light of this Regulation. In order to
provide a strong and coherent data protection framework in the Union,
the necessary adaptations of Regulation (EC) No 45/2001 should follow
after the adoption of this Regulation, in order to allow application at
the same time as this Regulation.
- >-
1.The controller shall take appropriate measures to provide any
information referred to in Articles 13 and 14 and any communication
under Articles 15 to 22 and 34 relating to processing to the data
subject in a concise, transparent, intelligible and easily accessible
form, using clear and plain language, in particular for any information
addressed specifically to a child. The information shall be provided in
writing, or by other means, including, where appropriate, by electronic
means. When requested by the data subject, the information may be
provided orally, provided that the identity of the data subject is
proven by other means. 4.5.2016 L 119/39
2.The controller shall facilitate the exercise of data subject rights
under Articles 15 to 22. In the cases referred to in Article 11(2), the
controller shall not refuse to act on the request of the data subject
for exercising his or her rights under Articles 15 to 22, unless the
controller demonstrates that it is not in a position to identify the
data subject.
3.The controller shall provide information on action taken on a request
under Articles 15 to 22 to the data subject without undue delay and in
any event within one month of receipt of the request. That period may be
extended by two further months where necessary, taking into account the
complexity and number of the requests. The controller shall inform the
data subject of any such extension within one month of receipt of the
request, together with the reasons for the delay. Where the data subject
makes the request by electronic form means, the information shall be
provided by electronic means where possible, unless otherwise requested
by the data subject.
4.If the controller does not take action on the request of the data
subject, the controller shall inform the data subject without delay and
at the latest within one month of receipt of the request of the reasons
for not taking action and on the possibility of lodging a complaint with
a supervisory authority and seeking a judicial remedy.
5.Information provided under Articles 13 and 14 and any communication
and any actions taken under Articles 15 to 22 and 34 shall be provided
free of charge. Where requests from a data subject are manifestly
unfounded or excessive, in particular because of their repetitive
character, the controller may either: (a) charge a reasonable fee
taking into account the administrative costs of providing the
information or communication or taking the action requested; or (b)
refuse to act on the request. The controller shall bear the burden of
demonstrating the manifestly unfounded or excessive character of the
request.
6.Without prejudice to Article 11, where the controller has reasonable
doubts concerning the identity of the natural person making the request
referred to in Articles 15 to 21, the controller may request the
provision of additional information necessary to confirm the identity of
the data subject.
7.The information to be provided to data subjects pursuant to Articles
13 and 14 may be provided in combination with standardised icons in
order to give in an easily visible, intelligible and clearly legible
manner a meaningful overview of the intended processing. Where the icons
are presented electronically they shall be machine-readable.
8.The Commission shall be empowered to adopt delegated acts in
accordance with Article 92 for the purpose of determining the
information to be presented by the icons and the procedures for
providing standardised icons. Section 2 Information and access to
personal data
pipeline_tag: sentence-similarity
library_name: sentence-transformers
metrics:
- cosine_accuracy@1
- cosine_accuracy@3
- cosine_accuracy@5
- cosine_accuracy@10
- cosine_precision@1
- cosine_precision@3
- cosine_precision@5
- cosine_precision@10
- cosine_recall@1
- cosine_recall@3
- cosine_recall@5
- cosine_recall@10
- cosine_ndcg@10
- cosine_mrr@10
- cosine_map@100
model-index:
- name: multilingual-e5-large
results:
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 1024
type: dim_1024
metrics:
- type: cosine_accuracy@1
value: 0.4180537772087068
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.42189500640204863
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.4500640204865557
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.49039692701664533
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.4180537772087068
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.4163465642338881
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.4043533930857874
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.36869398207426374
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.04734422767263886
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.138064233626932
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.2069980430010945
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.308531274625124
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.44178501209869797
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.42985717334308843
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.506794523350519
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 768
type: dim_768
metrics:
- type: cosine_accuracy@1
value: 0.41037131882202305
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.4142125480153649
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.44430217669654287
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.4833546734955186
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.41037131882202305
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.4086641058472044
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3969270166453265
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.36165172855313704
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.047186779325657804
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.1375709294981283
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.20603724780478358
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.30540044861465576
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4349862241563486
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.4224889742495374
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.500478306774528
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 512
type: dim_512
metrics:
- type: cosine_accuracy@1
value: 0.4065300896286812
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.41229193341869397
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.44494238156209986
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.4814340588988476
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.4065300896286812
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.4054630815194195
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3947503201024327
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3596030729833547
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.047372341735862133
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.1383106496582531
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.20757258542171747
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.3071623578952262
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4329095460408428
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.41950236774180394
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.49555759572196095
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 256
type: dim_256
metrics:
- type: cosine_accuracy@1
value: 0.38348271446862997
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.3886043533930858
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.4206145966709347
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.4551856594110115
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.38348271446862997
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.382202304737516
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3718309859154929
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.33886043533930854
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.04466034705404223
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.1301795023253766
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.19500340584044382
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.2892016292717267
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.4087462230477571
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.3957850639188662
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.4709582085612654
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 128
type: dim_128
metrics:
- type: cosine_accuracy@1
value: 0.34699103713188223
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.35147247119078107
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.37900128040973113
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.4212548015364917
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.34699103713188223
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.34571062740076824
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3352112676056338
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.3042893725992318
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.04217848526747235
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.12288848071178002
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.18344012521240954
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.2706183968947745
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.37139192897263235
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.35916305916305874
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.4338211299784659
name: Cosine Map@100
- task:
type: information-retrieval
name: Information Retrieval
dataset:
name: dim 64
type: dim_64
metrics:
- type: cosine_accuracy@1
value: 0.3207426376440461
name: Cosine Accuracy@1
- type: cosine_accuracy@3
value: 0.322663252240717
name: Cosine Accuracy@3
- type: cosine_accuracy@5
value: 0.3405889884763124
name: Cosine Accuracy@5
- type: cosine_accuracy@10
value: 0.3725992317541613
name: Cosine Accuracy@10
- type: cosine_precision@1
value: 0.3207426376440461
name: Cosine Precision@1
- type: cosine_precision@3
value: 0.3188220230473751
name: Cosine Precision@3
- type: cosine_precision@5
value: 0.3088348271446863
name: Cosine Precision@5
- type: cosine_precision@10
value: 0.2797055057618438
name: Cosine Precision@10
- type: cosine_recall@1
value: 0.036318765090758674
name: Cosine Recall@1
- type: cosine_recall@3
value: 0.10562189493083342
name: Cosine Recall@3
- type: cosine_recall@5
value: 0.15867125525021739
name: Cosine Recall@5
- type: cosine_recall@10
value: 0.23840960718091392
name: Cosine Recall@10
- type: cosine_ndcg@10
value: 0.3371953828075091
name: Cosine Ndcg@10
- type: cosine_mrr@10
value: 0.32884732638253733
name: Cosine Mrr@10
- type: cosine_map@100
value: 0.3933467041096336
name: Cosine Map@100
multilingual-e5-large
This is a sentence-transformers model finetuned from intfloat/multilingual-e5-large. It maps sentences & paragraphs to a 1024-dimensional dense vector space and can be used for semantic textual similarity, semantic search, paraphrase mining, text classification, clustering, and more.
Model Details
Model Description
- Model Type: Sentence Transformer
- Base model: intfloat/multilingual-e5-large
- Maximum Sequence Length: 512 tokens
- Output Dimensionality: 1024 dimensions
- Similarity Function: Cosine Similarity
- Language: en
- License: apache-2.0
Model Sources
- Documentation: Sentence Transformers Documentation
- Repository: Sentence Transformers on GitHub
- Hugging Face: Sentence Transformers on Hugging Face
Full Model Architecture
SentenceTransformer(
(0): Transformer({'max_seq_length': 512, 'do_lower_case': False, 'architecture': 'XLMRobertaModel'})
(1): Pooling({'word_embedding_dimension': 1024, 'pooling_mode_cls_token': False, 'pooling_mode_mean_tokens': True, 'pooling_mode_max_tokens': False, 'pooling_mode_mean_sqrt_len_tokens': False, 'pooling_mode_weightedmean_tokens': False, 'pooling_mode_lasttoken': False, 'include_prompt': True})
(2): Normalize()
)
Usage
Direct Usage (Sentence Transformers)
First install the Sentence Transformers library:
pip install -U sentence-transformers
Then you can load this model and run inference.
from sentence_transformers import SentenceTransformer
# Download from the 🤗 Hub
model = SentenceTransformer("sentence_transformers_model_id")
# Run inference
sentences = [
'Who must facilitate the exercise of data subject rights?',
'1.The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means. 4.5.2016 L 119/39 \n2.The controller shall facilitate the exercise of data subject rights under Articles 15 to 22. In the cases referred to in Article 11(2), the controller shall not refuse to act on the request of the data subject for exercising his or her rights under Articles 15 to 22, unless the controller demonstrates that it is not in a position to identify the data subject.\n3.The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.\n4.If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.\n5.Information provided under Articles 13 and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or (b) refuse to act on the request. The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.\n6.Without prejudice to Article 11, where the controller has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15 to 21, the controller may request the provision of additional information necessary to confirm the identity of the data subject.\n7.The information to be provided to data subjects pursuant to Articles 13 and 14 may be provided in combination with standardised icons in order to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing. Where the icons are presented electronically they shall be machine-readable.\n8.The Commission shall be empowered to adopt delegated acts in accordance with Article 92 for the purpose of determining the information to be presented by the icons and the procedures for providing standardised icons. Section 2 Information and access to personal data',
'Regulation (EC) No 45/2001 of the European Parliament and of the Council (2) applies to the processing of personal data by the Union institutions, bodies, offices and agencies. Regulation (EC) No 45/2001 and other Union legal acts applicable to such processing of personal data should be adapted to the principles and rules established in this Regulation and applied in the light of this Regulation. In order to provide a strong and coherent data protection framework in the Union, the necessary adaptations of Regulation (EC) No 45/2001 should follow after the adoption of this Regulation, in order to allow application at the same time as this Regulation.',
]
embeddings = model.encode(sentences)
print(embeddings.shape)
# [3, 1024]
# Get the similarity scores for the embeddings
similarities = model.similarity(embeddings, embeddings)
print(similarities)
# tensor([[1.0000, 0.5748, 0.4790],
# [0.5748, 1.0000, 0.3993],
# [0.4790, 0.3993, 1.0000]])
Evaluation
Metrics
Information Retrieval
- Dataset:
dim_1024 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 1024 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.4181 |
| cosine_accuracy@3 | 0.4219 |
| cosine_accuracy@5 | 0.4501 |
| cosine_accuracy@10 | 0.4904 |
| cosine_precision@1 | 0.4181 |
| cosine_precision@3 | 0.4163 |
| cosine_precision@5 | 0.4044 |
| cosine_precision@10 | 0.3687 |
| cosine_recall@1 | 0.0473 |
| cosine_recall@3 | 0.1381 |
| cosine_recall@5 | 0.207 |
| cosine_recall@10 | 0.3085 |
| cosine_ndcg@10 | 0.4418 |
| cosine_mrr@10 | 0.4299 |
| cosine_map@100 | 0.5068 |
Information Retrieval
- Dataset:
dim_768 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 768 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.4104 |
| cosine_accuracy@3 | 0.4142 |
| cosine_accuracy@5 | 0.4443 |
| cosine_accuracy@10 | 0.4834 |
| cosine_precision@1 | 0.4104 |
| cosine_precision@3 | 0.4087 |
| cosine_precision@5 | 0.3969 |
| cosine_precision@10 | 0.3617 |
| cosine_recall@1 | 0.0472 |
| cosine_recall@3 | 0.1376 |
| cosine_recall@5 | 0.206 |
| cosine_recall@10 | 0.3054 |
| cosine_ndcg@10 | 0.435 |
| cosine_mrr@10 | 0.4225 |
| cosine_map@100 | 0.5005 |
Information Retrieval
- Dataset:
dim_512 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 512 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.4065 |
| cosine_accuracy@3 | 0.4123 |
| cosine_accuracy@5 | 0.4449 |
| cosine_accuracy@10 | 0.4814 |
| cosine_precision@1 | 0.4065 |
| cosine_precision@3 | 0.4055 |
| cosine_precision@5 | 0.3948 |
| cosine_precision@10 | 0.3596 |
| cosine_recall@1 | 0.0474 |
| cosine_recall@3 | 0.1383 |
| cosine_recall@5 | 0.2076 |
| cosine_recall@10 | 0.3072 |
| cosine_ndcg@10 | 0.4329 |
| cosine_mrr@10 | 0.4195 |
| cosine_map@100 | 0.4956 |
Information Retrieval
- Dataset:
dim_256 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 256 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.3835 |
| cosine_accuracy@3 | 0.3886 |
| cosine_accuracy@5 | 0.4206 |
| cosine_accuracy@10 | 0.4552 |
| cosine_precision@1 | 0.3835 |
| cosine_precision@3 | 0.3822 |
| cosine_precision@5 | 0.3718 |
| cosine_precision@10 | 0.3389 |
| cosine_recall@1 | 0.0447 |
| cosine_recall@3 | 0.1302 |
| cosine_recall@5 | 0.195 |
| cosine_recall@10 | 0.2892 |
| cosine_ndcg@10 | 0.4087 |
| cosine_mrr@10 | 0.3958 |
| cosine_map@100 | 0.471 |
Information Retrieval
- Dataset:
dim_128 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 128 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.347 |
| cosine_accuracy@3 | 0.3515 |
| cosine_accuracy@5 | 0.379 |
| cosine_accuracy@10 | 0.4213 |
| cosine_precision@1 | 0.347 |
| cosine_precision@3 | 0.3457 |
| cosine_precision@5 | 0.3352 |
| cosine_precision@10 | 0.3043 |
| cosine_recall@1 | 0.0422 |
| cosine_recall@3 | 0.1229 |
| cosine_recall@5 | 0.1834 |
| cosine_recall@10 | 0.2706 |
| cosine_ndcg@10 | 0.3714 |
| cosine_mrr@10 | 0.3592 |
| cosine_map@100 | 0.4338 |
Information Retrieval
- Dataset:
dim_64 - Evaluated with
InformationRetrievalEvaluatorwith these parameters:{ "truncate_dim": 64 }
| Metric | Value |
|---|---|
| cosine_accuracy@1 | 0.3207 |
| cosine_accuracy@3 | 0.3227 |
| cosine_accuracy@5 | 0.3406 |
| cosine_accuracy@10 | 0.3726 |
| cosine_precision@1 | 0.3207 |
| cosine_precision@3 | 0.3188 |
| cosine_precision@5 | 0.3088 |
| cosine_precision@10 | 0.2797 |
| cosine_recall@1 | 0.0363 |
| cosine_recall@3 | 0.1056 |
| cosine_recall@5 | 0.1587 |
| cosine_recall@10 | 0.2384 |
| cosine_ndcg@10 | 0.3372 |
| cosine_mrr@10 | 0.3288 |
| cosine_map@100 | 0.3933 |
Training Details
Training Dataset
Unnamed Dataset
- Size: 391 training samples
- Columns:
anchorandpositive - Approximate statistics based on the first 391 samples:
anchor positive type string string details - min: 8 tokens
- mean: 17.16 tokens
- max: 32 tokens
- min: 27 tokens
- mean: 377.93 tokens
- max: 512 tokens
- Samples:
anchor positive What measures must be taken according to Article 32?1.Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
2.The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.
3.Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, ...What is the responsibility of assisting and advising the data subjects in exercising their rights?1.A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.
2.When assessing the adequacy of the level of protection, the Commission shall, in particular, take account of the following elements: (a) the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organisation whi...What should Member States be authorized to provide for regarding personal data processing for archiving purposes?Where personal data are processed for archiving purposes, this Regulation should also apply to that processing, bearing in mind that this Regulation should not apply to deceased persons. Public authorities or public or private bodies that hold records of public interest should be services which, pursuant to Union or Member State law, have a legal obligation to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and provide access to records of enduring value for general public interest. Member States should also be authorised to provide for the further processing of personal data for archiving purposes, for example with a view to providing specific information related to the political behaviour under former totalitarian state regimes, genocide, crimes against humanity, in particular the Holocaust, or war crimes. 4.5.2016 L 119/29 Official Journal of the European Union EN - Loss:
MatryoshkaLosswith these parameters:{ "loss": "MultipleNegativesRankingLoss", "matryoshka_dims": [ 1024, 768, 512, 256, 128, 64 ], "matryoshka_weights": [ 1, 1, 1, 1, 1, 1 ], "n_dims_per_step": -1 }
Training Hyperparameters
Non-Default Hyperparameters
eval_strategy: epochper_device_eval_batch_size: 16gradient_accumulation_steps: 4learning_rate: 2e-05num_train_epochs: 20lr_scheduler_type: cosinewarmup_ratio: 0.1bf16: Trueload_best_model_at_end: Trueoptim: adamw_torch_fusedbatch_sampler: no_duplicates
All Hyperparameters
Click to expand
overwrite_output_dir: Falsedo_predict: Falseeval_strategy: epochprediction_loss_only: Trueper_device_train_batch_size: 8per_device_eval_batch_size: 16per_gpu_train_batch_size: Noneper_gpu_eval_batch_size: Nonegradient_accumulation_steps: 4eval_accumulation_steps: Nonetorch_empty_cache_steps: Nonelearning_rate: 2e-05weight_decay: 0.0adam_beta1: 0.9adam_beta2: 0.999adam_epsilon: 1e-08max_grad_norm: 1.0num_train_epochs: 20max_steps: -1lr_scheduler_type: cosinelr_scheduler_kwargs: {}warmup_ratio: 0.1warmup_steps: 0log_level: passivelog_level_replica: warninglog_on_each_node: Truelogging_nan_inf_filter: Truesave_safetensors: Truesave_on_each_node: Falsesave_only_model: Falserestore_callback_states_from_checkpoint: Falseno_cuda: Falseuse_cpu: Falseuse_mps_device: Falseseed: 42data_seed: Nonejit_mode_eval: Falseuse_ipex: Falsebf16: Truefp16: Falsefp16_opt_level: O1half_precision_backend: autobf16_full_eval: Falsefp16_full_eval: Falsetf32: Nonelocal_rank: 0ddp_backend: Nonetpu_num_cores: Nonetpu_metrics_debug: Falsedebug: []dataloader_drop_last: Falsedataloader_num_workers: 0dataloader_prefetch_factor: Nonepast_index: -1disable_tqdm: Falseremove_unused_columns: Truelabel_names: Noneload_best_model_at_end: Trueignore_data_skip: Falsefsdp: []fsdp_min_num_params: 0fsdp_config: {'min_num_params': 0, 'xla': False, 'xla_fsdp_v2': False, 'xla_fsdp_grad_ckpt': False}tp_size: 0fsdp_transformer_layer_cls_to_wrap: Noneaccelerator_config: {'split_batches': False, 'dispatch_batches': None, 'even_batches': True, 'use_seedable_sampler': True, 'non_blocking': False, 'gradient_accumulation_kwargs': None}deepspeed: Nonelabel_smoothing_factor: 0.0optim: adamw_torch_fusedoptim_args: Noneadafactor: Falsegroup_by_length: Falselength_column_name: lengthddp_find_unused_parameters: Noneddp_bucket_cap_mb: Noneddp_broadcast_buffers: Falsedataloader_pin_memory: Truedataloader_persistent_workers: Falseskip_memory_metrics: Trueuse_legacy_prediction_loop: Falsepush_to_hub: Falseresume_from_checkpoint: Nonehub_model_id: Nonehub_strategy: every_savehub_private_repo: Nonehub_always_push: Falsegradient_checkpointing: Falsegradient_checkpointing_kwargs: Noneinclude_inputs_for_metrics: Falseinclude_for_metrics: []eval_do_concat_batches: Truefp16_backend: autopush_to_hub_model_id: Nonepush_to_hub_organization: Nonemp_parameters:auto_find_batch_size: Falsefull_determinism: Falsetorchdynamo: Noneray_scope: lastddp_timeout: 1800torch_compile: Falsetorch_compile_backend: Nonetorch_compile_mode: Noneinclude_tokens_per_second: Falseinclude_num_input_tokens_seen: Falseneftune_noise_alpha: Noneoptim_target_modules: Nonebatch_eval_metrics: Falseeval_on_start: Falseuse_liger_kernel: Falseeval_use_gather_object: Falseaverage_tokens_across_devices: Falseprompts: Nonebatch_sampler: no_duplicatesmulti_dataset_batch_sampler: proportionalrouter_mapping: {}learning_rate_mapping: {}
Training Logs
| Epoch | Step | Training Loss | dim_1024_cosine_ndcg@10 | dim_768_cosine_ndcg@10 | dim_512_cosine_ndcg@10 | dim_256_cosine_ndcg@10 | dim_128_cosine_ndcg@10 | dim_64_cosine_ndcg@10 |
|---|---|---|---|---|---|---|---|---|
| 0.8163 | 10 | 31.5155 | - | - | - | - | - | - |
| 1.0 | 13 | - | 0.4494 | 0.4446 | 0.4364 | 0.3947 | 0.3362 | 0.2621 |
| 1.5714 | 20 | 19.0409 | - | - | - | - | - | - |
| 2.0 | 26 | - | 0.4065 | 0.4004 | 0.4013 | 0.3692 | 0.3418 | 0.2882 |
| 2.3265 | 30 | 14.5314 | - | - | - | - | - | - |
| 3.0 | 39 | - | 0.4418 | 0.4350 | 0.4329 | 0.4087 | 0.3714 | 0.3372 |
Framework Versions
- Python: 3.12.11
- Sentence Transformers: 5.1.0
- Transformers: 4.51.3
- PyTorch: 2.8.0+cu126
- Accelerate: 1.10.1
- Datasets: 4.0.0
- Tokenizers: 0.21.4
Citation
BibTeX
Sentence Transformers
@inproceedings{reimers-2019-sentence-bert,
title = "Sentence-BERT: Sentence Embeddings using Siamese BERT-Networks",
author = "Reimers, Nils and Gurevych, Iryna",
booktitle = "Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing",
month = "11",
year = "2019",
publisher = "Association for Computational Linguistics",
url = "https://arxiv.org/abs/1908.10084",
}
MatryoshkaLoss
@misc{kusupati2024matryoshka,
title={Matryoshka Representation Learning},
author={Aditya Kusupati and Gantavya Bhatt and Aniket Rege and Matthew Wallingford and Aditya Sinha and Vivek Ramanujan and William Howard-Snyder and Kaifeng Chen and Sham Kakade and Prateek Jain and Ali Farhadi},
year={2024},
eprint={2205.13147},
archivePrefix={arXiv},
primaryClass={cs.LG}
}
MultipleNegativesRankingLoss
@misc{henderson2017efficient,
title={Efficient Natural Language Response Suggestion for Smart Reply},
author={Matthew Henderson and Rami Al-Rfou and Brian Strope and Yun-hsuan Sung and Laszlo Lukacs and Ruiqi Guo and Sanjiv Kumar and Balint Miklos and Ray Kurzweil},
year={2017},
eprint={1705.00652},
archivePrefix={arXiv},
primaryClass={cs.CL}
}