Hellenic Data Protection Authority report reveals issues related to the protection of the constitutionally guaranteed confidentiality of communications

On 31 January 2024, the Hellenic Data Protection Authority (DPA) published their report for 2022. The report specifically refers to both actions and failures on the part of the Greek government and state authorities (failure to disclose interceptions for national security reasons by the National Intelligence Service and the Special Violent Crime Squad, failure to create the DPA digital archive, obstruction of the constitutional mission of the agency and jeopardising the independence of the authority), which made it difficult and significantly impeded the exercise of the powers of the Independent Authority, raising issues around the protection of the confidentiality of communications, as enshrined in Article 19 of the Constitution and protected by the DPA.

Indeed, this failure to inform the DPA in a timely manner of 6,705 orders to lift the secrecy of communications for reasons of national security makes it difficult, if not impossible, for the Independent Authority to exercise its powers under Article 6 of Law 3115/2003, according to which, in order to fulfil its mission and protect the confidentiality of communications, the Hellenic Communications Authority may, inter alia:

• It puts into effect scheduled and emergency auditing procedures, ex officio or upon complaint, of installations, equipment, archives, data bases and documents of the Hellenic National Intelligence Service (NIS), of other civil services, corporations and enterprises of the civil sector in general, as well as of private corporations that engage in postal, telecommunications, or other services concerning networking and communication. 

• It receives information regarding its mission from the services, organisations and enterprises reported under “a΄”, as well as from the supervising Ministers.

• It summons hearings of administrations, legal representatives and employees of civil services, organisations, legal entities and enterprises mentioned under element “a΄” as above, as well as of every other individual whom it considers capable of contributing to the fulfilment of its mission.

• It proceeds to the seizure of means of confidentiality violation as it perceives them during its function and is appointed as their receiver-manager, until the final verdict of the competent courts. It proceeds to the destruction of information, evidence or data, which were obtained illegally by means of communication privacy violation.
• It examines complaints regarding the protection of the applicants’ rights, whenever they are offended by the fashion and procedure of waving of communication privacy.

The report also refers to the government’s failure to create the DPA digital archive, despite the adoption of the relevant legislation in March 2021, making it substantially more difficult for the Independent Authority to exercise its powers and to protect the confidentiality of communications.

The report notes that, to date, none of the electronic platforms for the transmission of information to the DPA is operational, which makes it very difficult – if not impossible – to keep statistics with accuracy and precision. Additionally, the non-digital processing of information entails delays and potentially raises issues around the secure transmission of sensitive data.

It is also noteworthy that in the report the former chief justice and now president of the Independent Authority, Christos Rammos, made reference to “various difficulties” including the ‘well-known’, chronic issue of understaffing, and the need to overcome ‘old practices’, in which there seemed to be cases where there were those that did not want DPA investigations and checks to proceed and, in any case, did not want the results of these checks to be known, which had called the very independence of the Authority into question, even under threat of potential criminal proceedings against the members and staff of the Authority. He also refers to comments made in the wider public domain which took the form of slanderous, defamatory and abusive comments, and even at a personal level, against the signatory and other members of the Authority’s Plenary Board.

Mr. Ramos added in his remarks: “Unfortunately, the Greek political system seems to believe that the Independent Authorities fulfil their role only when they do not disturb or criticise the authorities and do not question their choices. However, when they do fulfil their constitutional role, which is to act as a counterweight to authority, they are subject to a whole series of unfair attacks, as the above attacks on the DPA and its President, the signatory of this foreword, have shown in the most unpleasant way. It seems, one might say, that the Greek political system is too immature to accept this institution; an institution which, however, has been adopted by all the mature and advanced democracies of the European legal culture to which we want our country to belong. It has not been realised in Greece that the existence of checks and balances is a fundamental and necessary institution for the functioning of the rule of law, which, together with the principle of majority rule, is a fundamental pillar (I would even say a sine qua non) of the constitution of liberal democracy.”