Greece

[GR] New Law on the Protection of Privacy in Electronic Communications

IRIS 2006-9:1/17

Alexandros Economou

National Council for Radio and Television

On 28 June 2006, Act no. 3471/2006 was adopted for the protection of personal data and privacy in electronic communications. It implements, with significant delay, Directive 2002/58/EC and amends Act no. 2472/1997 for the protection of personal data. The new law includes provisions for the security and confidentiality of communications, as well as for the processing of personal data, including traffic and location data. It should be mentioned that even before this implementation, the Greek legal framework contained mechanisms to guard against the unlawful processing of electronic communications’ data. This was achieved primarily by the aforesaid law for the protection of personal data, since the Independent Authority (i.e. the Authority for the Security and Confidentiality of Communications) declared it considered traffic and location data to fall within the definition of personal data and should therefore be protected by the laws governing privacy.

As far as the rights of subscribers are concerned, the new law adopts a number of obligations for the providers of publicly available electronic communications services, such as itemised billing, protection against unsolicited communication, presentation and restriction of calling and connected line identification, automatic call forwarding and directories of subscribers, all in conformity with the provisions of Directive 2002/58/EC. For the fulfilment of these obligations, the Greek legislator has in addition adopted provisions establishing the civil and penal responsibility of the persons involved and sets the possible pecuniary compensation at a minimum of EUR 10,000.

Furthermore, in order to solve the common conflict of the joint competency of the independent regulatory Authorities, the new law goes beyond the strict provisions of the implemented Directive and clearly sets out the field of operation of the two independent Authorities concerned, namely the Authority for the Protection of Personal Data and the Authority for the Security and Confidentiality of Communications. In this regard, further assistance will be provided after the implementation of Directive 2006/24/EC for the preservation of data, produced or processed in the provision of publicly available electronic communications services or networks, since Article 9 of the new Directive provides for each Member State to appoint one or more competent Authorities to secure the enforcement of its regulations, as far as the security of preserved data is concerned.