Cybercrime policies/strategies
The Greek National Cyber Security Strategy has been implemented since the 1st of September 2017, determining the main principles and setting up strategic objectives and the action framework through which they will be achieved. The implementation of the NCSS is undertaken by the newly created National Cyber Security Authority.
The NCSS identifies 8 individual objectives:
- Upgrade the level of prevention, evaluation, analysis and deterrence of threats against the security of ICT systems and infrastructure;
- Enhanced ability of public and private sector stakeholders to prevent and handle cyber security incidents and to improve the resilience and recoverability of ICT systems following a cyber-attack;
- Create an effective coordination and cooperation framework by determining the individual competences and roles of the various public and private sector stakeholders involved in the implementation of the National Cyber Security Strategy;
- Ensure the State's active participation in international cyber security initiatives and actions by international organizations, for the enhancement of national security;
- Make all social institutions aware and to inform users regarding the secure use of cyberspace;
- Continuously adapt the national institutional framework to new technological requirements and to EU directions for effective handling of illegal acts linked to cyberspace activity;
- Promote innovation, research and development in security issues and cooperation between the stakeholders involved;
- Make use of best international practices
Looking at the previous Anti-Crime Policy Program for the years 2015-2019, there are some specific goals concerning cybercrime and ICT-facilitated crimes, in particular:
- Tracing of individuals or networks activated in trafficking child pornography;
- Fighting against cyber bullying;
- Fighting against the Internet fraud;
- Fighting against circulation of forged travelling documents and drugs via the Internet;
- Fighting against human trafficking victim solicitation via the Internet;
- Fighting against intrusions-cyber attacks;
- Dissuasion of suicides announced at the Internet.
In order to achieve these goals, the Anti-Crime Policy Program prescribed some specific actions:
- constant education-training of the Staff of the Directorate of Electronic Crime Prosecution, in Greece or abroad;
- upgrading of the education and constant training of the officers of the Directorate of Electronic Crime Prosecution;
- exploitation by the peripheral Services, of the guidelines for the confrontation of fraud by the skimming method, based on a processed manual, transferred by the Directorate of Public Security/HPH to all Services of the Hellenic Police in the year 2009;
- cooperation of the Peripheral Services with the materially competent Directorate of Electronic Crime Prosecution, in order that, in the cases where are noticed offences committed by the use of computer, the appropriate manner to be methodized for securing the evidence and further handling the cases;
- strengthening of the cooperation with the Hellenic Banks Association to the effect of prevention and effective confrontation of the fraud incidents through the Internet that offend the financial system of the Country;
- active participation in the public’s briefing procedures for the safe use of the Internet and the lurking dangers involved, implementation of informative daily conferences-seminars to parents and students for the provision of information and advice for the safe use of the Internet and the avoidance of their victimization;
- strengthening of the cooperation with foreign competent prosecuting Authorities via the legal communication channels (INTERPOL, EUROPOL, EUROJUST, etc.) in order to make possible the tracing down and the solution of crimes with international nature that are committed at the Internet or by using the same;
- every day “patrol” on the Internet areas for the prevention and suppression of criminal acts;
- implementation of the memorandum of police actions for the management of suicidal intention signs.
Finally, because the Ministry of Justice Transparency and Human Rights has as a key priority the transposition of legal instruments of international and European law, Greece ratified the Budapest Convention and the additional Protocol on Xenophobia and Racism on 25th of January 2017.
Cybercrime legislation
State of cybercrime legislation
The Greek Criminal Code addresses specific provisions on cybercrime, namely all of the substantive law aspects of the Convention with exception of direct implementation of the offence related to illegal interception.
Greece uses in practice general procedural powers corresponding to the Budapest Convention provisions.
Substantive law
The Greek Criminal Code addresses all of the substantive law aspects of the Convention with exception of direct implementation of the offence related to illegal interception.
Penal Code criminalises the following:
Article 370C§2: Violation of secrecy
Article 386Α ΠK: Computer fraud
Article 370: Use of software
Article 370Γ ΠΚ : Unauthorized data access
Article 348Α : Child pornography
Article 337: Online grooming
Law N. 2121/1993 on Copyright, related rights and cultural matters criminalizes the offences:
Article 66: Protection of copyright
Article 66A: Technological measures
Article 66B Rights: Management Information
(Source: http://www.cybercc.gr/en/legislation/)
For Directive 2013/40/EU concerning attacks against information systems there is also an obligation of compliance.
Procedural law
Special investigative techniques are allowed by national law based on P.D. 178/ 204 in combination with articles 183-208, 243, 251, 333, 362 and 458 of the Code of Criminal Procedures to the 7th Department of Digital Evidence examination of the Directorate of Criminal Researches. This department is in charge of forensics examinations on the digital evidence sent by the Pre-Interrogative/ Interrogative Authorities. Therefore, these authorities are responsible for the pre-interrogatory procedures (such as research, confiscation, trapping in real-time collection of trafficked data/ content etc). After confiscation, the evidence is sent for further forensics examination. In the end of the examination a Forensics Report is drafted which, escorted by the digital evidence, is sent to the Requesting Service.
The procedure for lawful interception of communications is set out in Presidential Decree 47/2005 “Procedure, technical and organizational guarantees for ensuring lawful interception” (G.G.A’64/10.03.2005).
Regarding the expansion of the jurisdiction of the Hellenic legal order for crimes using the Internet as a means of their commission, the Criminal Code was amended also by law Law N. 4267/2014 on Combating sexual abuse and sexual exploitation of children and child pornography. by which Directive 2011/93/EU was integrated in the national legal order with regard to fighting against sexual exploitation of children online.
The main special techniques of investigation used for fighting against minor pornography is the use of a specialized software or the on-line discovery of trafficking of suck material or interrogative penetration techniques.
Definitions of computer data, subscriber information, traffic and content data, order for search/ seizure of information system are not defined as such in national legislation, but are present in the Budapest Convention. Consequently; these notions are followed only as practice.
Traffic data is defined through Article 2 of Law 3471/2006. Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997which transposes Directive 2002/58/EC into the national legal order.
There is no specific regulation for e-evidence. Regarding collection, storage and transfer of e-evidence, HDPA keeps a chain of custody and follows internationally accepted guidelines such as ACPO guidelines.
Cybercrime committed via the “cloud” is highlighted as an area creating issues for investigation and prosecution.
Safeguards
Horizontal safeguards are foreseen through the Hellenic Constitution, such as: Article 19 Par. 3 of the Hellenic Constitution states that the use of evidence acquired in violation of this article and Articles 9 and 9A is prohibited.
The Hellenic Data Protection Authority (HDPA) is the competent authority for investigating cybercrimes that involve the processing of personal data.
According to Article 19, par. 1, point h) of Law Ν. 2472/1997 on Protection of individuals with regard to the processing of personal data;, the HDPA has the power to conduct inspections following a complaint regarding the undertaking of criminal investigations. In the course of these inspections, it has the right to access personal data and collect any kind of information for the purpose of the investigation, notwithstanding any kind of confidentiality.
HDPA is also competent for processing (therefore cybercrime is included) acts committed a) by a Controller or Processor established in Greek territory or where Greek law applies by virtue of public international aw and b) by a Controller who is established in a third country (non EU, non EEA) but who, for the purposes of processing personal data, makes use of equipment, automated or otherwise, situated on the Greek territory.
The Hellenic Authority for Communication Security and Privacy (ADAE) was established in 2003 as prescribed by Article 19, par. 2 of the Hellenic Constitution, which calls for the establishment of an independent authority with the mission to ensure the confidentiality of mail and all other forms of free correspondence and communication.
Related laws and regulations
- Law Ν. 2472/1997 on Protection of individuals with regard to the processing of personal data;
- Law N. 2121/1993 on Copyright, related rights and cultural matters;
- Law N. 4267/2014 on Combating sexual abuse and sexual exploitation of children and child pornography.
- Presidential Decree 47/2005 “Procedure, technical and organizational guarantees for ensuring lawful interception”
- Law 3471/2006. Protection of personal data and privacy in the electronic telecommunications sector and amendment of law 2472/1997
Specialised institutions
- Cyber Crime division established by Presidential Decree 178/2014, an independent central service, which reports directly to the Chief of the Hellenic Plice
- Directorate of Electronic Crime Prosecution;
- Greek Cybercrime Center;
- National Information Agency (N.I.A.);
- Department of Digital Evidence Examination – Directorate of Criminal Investigations;
- National Authority against Electronic Attacks (NAAEA) – National CERT;
- Hellenic Authority for Communication Security and Privacy (ADAE);
- Directorate of Cyber Defense
- Directorate of Electronic Evidence Prosecution
- Hellenic Data Protection Authority (HDPA)
International cooperation
Competent authorities and channels
No special requirements or particular provisions are provided by the national legislation, concerning the cooperation of the National Authorities with Eurojust, Europol EC3 and ENISA in the cyber crime cases, since the common framework is applicable as for every other offence.
Greece participates in the European Union Strategic Group of the Heads of National High-Tech Crime Units at Europol, represented by the Director of the Directorate of Electronic Crime Prosecution.
The Directorate of Electronic Crime Prosecution was also connected to Interpol’s database. Furthermore, the Department of Digital Evidence Examinations of the Directorate of Criminal Investigations contributes to the data base of Interpol “International Child Sexual Exploitation Database”.
For the cooperation with other States, Greece applies the provisions of the European Convention of the Council of Europe regarding Mutual Legal Assistance in Criminal Matters 1959 (integrated in the Hellenic legal order by the L.D. 4218/1961), the articles 48 et seq. of the SCHENGEN Agreement (integrated in the Hellenic legal order by the L. 2514/1997) and article 457 et seq. of the Code of Criminal Procedure related to the mutual legal assistance. Furthermore, it should be noted that in the fields of the Judicial Assistance, Greece has signed bilateral and multilateral Agreements with many countries.
For extradition, Greece transposed into the national law the Framework Decision regarding the European Arrest Warrant and the procedures of surrender between the states members 2002/584 by the law N. 3251/2004.
Jurisprudence/case law
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.