Octopus Cybercrime Community

The Greek Criminal Code addresses specific provisions on cybercrime, namely all of the substantive law aspects of the Convention with exception of direct implementation of the offence related to illegal interception.

Greece uses in practice general procedural powers corresponding to the Budapest Convention provisions.

The Greek Criminal Code addresses all of the substantive law aspects of the Convention with exception of direct implementation of the offence related to illegal interception.

Penal Code criminalises the following:

Article 370C§2: Violation of secrecy

Article 386Α ΠK: Computer fraud

Article 370: Use of software

Article 370Γ ΠΚ : Unauthorized data access

Article 348Α : Child pornography

Article 337: Online grooming

Law N. 2121/1993 on Copyright, related rights and cultural matters criminalizes the offences:

Article 66: Protection of copyright

Article 66A: Technological measures

Article 66B Rights: Management Information

(Source: http://www.cybercc.gr/en/legislation/)

For Directive 2013/40/EU concerning attacks against information systems there is also an obligation of compliance.

Special investigative techniques are allowed by national law based on P.D. 178/ 204 in combination with articles 183-208, 243, 251, 333, 362 and 458 of the Code of Criminal Procedures to the 7^th Department of Digital Evidence examination of the Directorate of Criminal Researches. This department is in charge of forensics examinations on the digital evidence sent by the Pre-Interrogative/ Interrogative Authorities. Therefore, these authorities are responsible for the pre-interrogatory procedures (such as research, confiscation, trapping in real-time collection of trafficked data/ content etc). After confiscation, the evidence is sent for further forensics examination. In the end of the examination a Forensics Report is drafted which, escorted by the digital evidence, is sent to the Requesting Service.

The procedure for lawful interception of communications is set out in Presidential Decree 47/2005 “Procedure, technical and organizational guarantees for ensuring lawful interception” (G.G.A’64/10.03.2005).

Regarding the expansion of the jurisdiction of the Hellenic legal order for crimes using the Internet as a means of their commission, the Criminal Code was amended also by law Law N. 4267/2014 on Combating sexual abuse and sexual exploitation of children and child pornography. by which Directive 2011/93/EU was integrated in the national legal order with regard to fighting against sexual exploitation of children online.

The main special techniques of investigation used for fighting against minor pornography is the use of a specialized software or the on-line discovery of trafficking of suck material or interrogative penetration techniques.

Definitions of computer data, subscriber information, traffic and content data, order for search/ seizure of information system are not defined as such in national legislation, but are present in the Budapest Convention. Consequently; these notions are followed only as practice.

Traffic data is defined through Article 2 of Law 3471/2006. Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997which transposes Directive 2002/58/EC into the national legal order.

There is no specific regulation for e-evidence. Regarding collection, storage and transfer of e-evidence, HDPA keeps a chain of custody and follows internationally accepted guidelines such as ACPO guidelines.

Cybercrime committed via the “cloud” is highlighted as an area creating issues for investigation and prosecution.

(Source: GENVAL Evaluation report on the seventh round of mutual evaluations “The practical implementation and operation of European policies on preventing and combating cybercrime”)

Horizontal safeguards are foreseen through the Hellenic Constitution, such as: Article 19 Par. 3 of the Hellenic Constitution states that the use of evidence acquired in violation of this article and Articles 9 and 9A is prohibited.

The Hellenic Data Protection Authority (HDPA) is the competent authority for investigating cybercrimes that involve the processing of personal data.

According to Article 19, par. 1, point h) of Law Ν. 2472/1997 on Protection of individuals with regard to the processing of personal data;, the HDPA has the power to conduct inspections following a complaint regarding the undertaking of criminal investigations. In the course of these inspections, it has the right to access personal data and collect any kind of information for the purpose of the investigation, notwithstanding any kind of confidentiality.

HDPA is also competent for processing (therefore cybercrime is included) acts committed a) by a Controller or Processor established in Greek territory or where Greek law applies by virtue of public international aw and b) by a Controller who is established in a third country (non EU, non EEA) but who, for the purposes of processing personal data, makes use of equipment, automated or otherwise, situated on the Greek territory.

The Hellenic Authority for Communication Security and Privacy (ADAE) was established in 2003 as prescribed by Article 19, par. 2 of the Hellenic Constitution, which calls for the establishment of an independent authority with the mission to ensure the confidentiality of mail and all other forms of free correspondence and communication.

• Law Ν. 2472/1997 on Protection of individuals with regard to the processing of personal data;
• Law N. 2121/1993 on Copyright, related rights and cultural matters;
• Law N. 4267/2014 on Combating sexual abuse and sexual exploitation of children and child pornography.
• Presidential Decree 47/2005 “Procedure, technical and organizational guarantees for ensuring lawful interception”
• Law 3471/2006. Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997

No special requirements or particular provisions are provided by the national legislation, concerning the cooperation of the National Authorities with Eurojust, Europol EC3 and ENISA in the cyber crime cases, since the common framework is applicable as for every other offence.

Greece participates in the European Union Strategic Group of the Heads of National High-Tech Crime Units at Europol, represented by the Director of the Directorate of Electronic Crime Prosecution.

The Directorate of Electronic Crime Prosecution was also connected to Interpol’s database. Furthermore, the Department of Digital Evidence Examinations of the Directorate of Criminal Investigations contributes to the data base of Interpol “International Child Sexual Exploitation Database”.

For the cooperation with other States, Greece applies the provisions of the European Convention of the Council of Europe regarding Mutual Legal Assistance in Criminal Matters 1959 (integrated in the Hellenic legal order by the L.D. 4218/1961), the articles 48 et seq. of the SCHENGEN Agreement (integrated in the Hellenic legal order by the L. 2514/1997) and article 457 et seq. of the Code of Criminal Procedure related to the mutual legal assistance. Furthermore, it should be noted that in the fields of the Judicial Assistance, Greece has signed bilateral and multilateral Agreements with many countries.

For extradition, Greece transposed into the national law the Framework Decision regarding the European Arrest Warrant and the procedures of surrender between the states members 2002/584 by the law N. 3251/2004.