Electronic Communication Privacy Standards in GREECE

1. Legal Framework for Electronic Communication Privacy in Greece

Electronic communications privacy in Greece is one of the strongest constitutionally protected areas of law, built on EU and national legal layers.

1.1 Constitutional Protection

  • Article 19 of the Greek Constitution
    • Guarantees absolute confidentiality of communications
    • Exceptions only:
      • National security
      • Investigation of serious crimes
  • Article 9A of the Greek Constitution
    • Protects personal data in electronic form

📌 Core principle:

Communication secrecy is a constitutional right, not just a statutory one.

1.2 Key National Laws

(A) Law 3471/2006 (e-Privacy Law)

  • Implements EU ePrivacy Directive 2002/58/EC
  • Governs:
    • Cookies and metadata
    • Traffic and location data
    • Spam and electronic marketing
    • Confidentiality of communications

(B) Law 5002/2022

  • Strengthens lawful interception framework
  • Tightens rules for surveillance
  • Limits access to communication content

(C) Law 3917/2011 (Data Retention Law)

  • Regulates retention of communication metadata
  • Partially controversial due to EU case law invalidating blanket retention models

(D) Law 3115/2003

  • Establishes ADAE (Hellenic Authority for Communication Security and Privacy)

(E) Law 4624/2019

  • GDPR implementation law in Greece
  • Covers processing of communication-related personal data

1.3 Regulatory Authorities

1. ADAE

  • Monitors confidentiality of communications
  • Oversees lawful interception

2. HDPA (Data Protection Authority)

  • Handles GDPR violations in telecom and electronic communications

3. EETT (Telecom Regulator)

  • Regulates telecom providers and network security

2. Core Electronic Communication Privacy Standards

2.1 Confidentiality of Communications

  • Content of calls, emails, messages is strictly protected
  • Even metadata (location, duration, time) is protected under law

2.2 Lawful Interception Rules

Interception is allowed ONLY if:

  • Authorized by judicial order
  • Issued by prosecutor or investigating judge
  • For:
    • National security
    • Serious criminal offences

📌 Unauthorized interception = criminal offence

2.3 Traffic & Metadata Protection

  • Metadata treated as personal data
  • Subject to GDPR + Law 3471/2006
  • Cannot be used for:
    • Behavioral profiling without legal basis
    • Mass surveillance

2.4 Telecom Provider Obligations

Providers must:

  • Ensure encryption and secure transmission
  • Prevent unauthorized access
  • Maintain security logs
  • Report breaches to authorities

2.5 Direct Marketing Restrictions

  • Unsolicited SMS/email marketing requires consent
  • Opt-out mechanisms mandatory
  • Spam violations are heavily fined

2.6 Data Retention Controls

  • Retention must be:
    • Limited in time
    • Necessary for legal purposes
  • Bulk indiscriminate retention is disfavoured under EU law

3. Case Laws and Key Enforcement Decisions (6+ Important Cases)

CASE 1 — CJEU Digital Rights Ireland v. Ireland

Principle:

Blanket data retention of communications metadata is illegal.

Impact in Greece:

  • Directly challenged Law 3917/2011
  • Forced stricter interpretation of telecom retention rules
  • Established proportionality requirement

CASE 2 — CJEU Tele2 Sverige & Watson

Principle:

General and indiscriminate retention of telecom data violates EU law.

Impact:

  • Greek courts and regulators apply stricter limits on telecom data storage
  • Strengthened safeguards under Law 3471/2006

CASE 3 — HDPA Decision 4/2022 (Cosmote & OTE Data Breach Case)

Facts:

  • Leakage of subscriber traffic and communication data

Holding:

  • Violated GDPR principles (security, transparency, accountability)
  • Inadequate safeguards in telecom infrastructure

Penalty:

  • Multi-million euro fines imposed

📌 Significance:
Confirmed that telecom metadata = highly sensitive personal data

CASE 4 — HDPA Decision on Unsolicited SMS Advertising (2024 Case Line)

Principle:

Electronic marketing without consent violates Law 3471/2006.

Holding:

  • Company sent repeated promotional SMS without consent
  • No response to authority investigation

📌 Result:

  • Administrative sanctions imposed

📌 Significance:
Strengthens opt-in requirement for electronic communication marketing

CASE 5 — Predator Spyware Wiretapping Case (Greek Courts, 2025–2026)

Facts:

  • Illegal spyware used to intercept communications of journalists and officials

Holding:

  • Violation of confidentiality of communications
  • Criminal liability for unlawful interception systems

📌 Outcome:

  • First major convictions in Greece for spyware-based surveillance

📌 Significance:
Reinforced absolute protection of communication secrecy under Article 19

CASE 6 — ADAE Investigation into Lawful Interception Misuse (Telecom Monitoring Case)

Principle:

Lawful interception systems must be strictly controlled.

Findings:

  • Concerns raised over improper access to interception infrastructure
  • Reinforced requirement for judicial oversight

📌 Significance:
Confirmed that even state surveillance systems must follow strict proportionality

CASE 7 — CJEU Bonnier Audio v. Perfect Communication

Principle:

Network operators may be required to disclose subscriber data only under strict conditions.

Impact in Greece:

  • Used in telecom disputes involving subscriber identity disclosure
  • Reinforces judicial authorization requirement

4. Key Legal Principles Emerging from Greek Practice

4.1 Absolute Confidentiality Principle

Communication secrecy is the default rule.

4.2 Strict Judicial Control

No interception without judicial authorization.

4.3 Metadata = Personal Data

Traffic data is protected under GDPR.

4.4 Proportionality Requirement

Surveillance must be:

  • Necessary
  • Targeted
  • Time-limited

4.5 Strong Telecom Liability

Providers can be fined for:

  • Security failures
  • Data leaks
  • Unauthorized processing

5. Practical Example (How Law Works in Reality)

A telecom operator in Greece:

  • Cannot read user emails or messages
  • Must encrypt communication traffic
  • Must block unauthorized access attempts
  • Can only release metadata after court order
  • Must report breaches to HDPA

Violation may lead to:

  • Criminal penalties
  • GDPR fines
  • Regulatory suspension

Conclusion

Electronic Communication Privacy Standards in Greece are built on a dual foundation of constitutional protection and EU law, making them among the strictest in Europe.

The legal system emphasizes:

Confidentiality of communications is absolute, surveillance is exceptional, and all access must be judicially controlled and proportionate.

The case law consistently reinforces three themes:

  • No mass surveillance
  • Strong protection of metadata
  • Heavy penalties for telecom privacy violations

RELATED Blog

Cyber Law and Fake News during COVID-19

Using Cyberspace To Vent Out Anger By Travestying ...

Internet Censorship

Reasonable security practices and procedures and s...

Cyber Fraud in Banking industry

Supreme Court Upholds Right to Internet as a Funda...

Supreme Court Issues Landmark Guidelines on Live S...

European Union Introduces Tougher Data Privacy Law...

United States Supreme Court to Decide on Whether A...

Cyber Law at Afghanistan

LEAVE A COMMENT

comments

Load more comments

Copyright © 2024 Law Gratis. Design by Digiinterface