On 9th December 2022, Law 5002/2022 entitled “procedure for waiving communications secrecy, cybersecurity, and protection of citizens’ personal data”, came into force. Briefly, the new law provides an up-to-date and effective legal framework to protect communications secrecy, respond to the urgent need for cybersecurity, and enhance the protection of individuals regarding the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences.

I. Waiving of communications secrecy
By virtue of Law 5002/2022, communications secrecy may only be waived under the following two conditions: i) for national security reasons, and ii) in order to investigate particularly serious crimes.
i) A request to waive the confidentiality of communications for national security reasons can only be submitted by the National Intelligence Service (“Ε.Υ.Π.”) or the Directorate for the Prevention of Special Crimes of Violence of the Hellenic Police (‘Δ.Α.Ε.Ε.Β.”) either on their own initiative or following information transmitted by a judicial or other civil, military or police public authority.
ii) The new law rationalizes the offences for the investigation of which the secrecy of communications can be waived, including, inter alia, the detection of computer fraud, money laundering, revenge porn, participation in a criminal organization.

II. Tracking software
The new law increases the range of penalties in the case of violation of the confidentiality of communications and of non-public data transmissions or electromagnetic emissions. By virtue of the new Law, Articles 370A and 370E of the Greek Criminal Code are amended imposing an up to ten-year prison sentence, including the telephone service provider or its legal representative or employee who violates the confidentiality of telephone and oral communications of third parties. In addition, the possession or distribution of software or surveillance devices is punishable by the addition of a new Article 370ΣΤ to the Greek Criminal Code.

III. Cybersecurity measures
With the aim of upgrading the level of cyber security both organizationally and operationally, Cybersecurity Coordination Committee, Cybersecurity Operations Centre (SOC) and Standing Scientific Committee on Personal Data are now established among others.

III. Data protection
Chapter D of Law 4624/2019, which incorporated (EU) Directive 2019/680 into the Greek legislation, is amended for the first time after its publication, as follows:
* processing of personal data is lawful only if it is based on law or Union law and is necessary for the performance of the tasks of public authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties,
* the public body shall be obliged to publicize the contact details of the Data Protection Officer and communicate them to the DPA,
* conditions for obtaining consent of the data subject are analyzed in detail.
* the period of data storage shall be specified by law. Law may provide for the periodic review of the storage period by the controller, and the criteria for the review.
* The Hellenic Police may disclose personal data for a period not exceeding six months, following the order of the Public Prosecutor.

The Editorial Team