Banner2.png

HDPA (Greece) - 8/2025

From GDPRhub
Revision as of 12:38, 18 March 2025 by Elu (talk | contribs)
HDPA - 8/2025
LogoGR.jpg
Authority: HDPA (Greece)
Jurisdiction: Greece
Relevant Law: Article 31 GDPR
art. 11, par. 1, Law 3471/2006
Regulation on Management and Assignment of [.gr Domain Names]
Type: Complaint
Outcome: Upheld
Started: 05.02.2024
Decided: 13.11.2024
Published: 05.02.2025
Fine: 45,000 EUR
Parties: Dating agency under the name ANOIXIS
National Case Number/Name: 8/2025
European Case Law Identifier: n/a
Appeal: Unknown
Original Language(s): Greek
Original Source: HDPA (in EL)
Initial Contributor: Vasiliki Kalantzi

The DPA imposed a fine of €45,000 on ANOIXIS, a dating agency, after it started unsolicited communication via SMS, violating Article 11, Par. 1, Law 3471/2006 and Article 31 GDPR. The controller had already been fined €54,000 in 2022 for the same practice.

English Summary

Facts

Throughout 2024, the DPA received 15 complaints from various data subjects, regarding unsolicited communication via short text messages (SMS) by the dating agency ANOIXIS, the controller.

The DPA considered the sender of these unsolicited SMS to be the same controller who had been previously fined €54,000 according to the DPA's decision 16/2022, for unsolicited communication, after having received 36 complaints from data subjects.

As part of the examination of the complaints, the DPA sent the controller a number of documents equal to the number of complaints (15), requesting their views on the attached complaints, none of which were answered.

Subsequently, the DPA sent the controller an official summons to a hearing on 30/10/2024 in order to present their views regarding the 15 filed complaints within the year 2024. The controller, however, did not attend.

Holding

The DPA held that the issue of conducting unsolicited communications through any means of electronic communication, without human intervention, for the purposes of direct commercial promotion of products or services and for any kind of advertising purposes, is regulated by Article 11 Law 3471/2006 on the protection of personal data in the field of electronic communications, which incorporated Directive 2002/58/EC into the national legal framework. According to Article 11(1) Law 3471/2006, such communication is only allowed if the subscriber has explicitly given prior consent.

According to Article 11(3) Law 3471/2006, any electronic message is permitted without the prior consent of the data subject only if the contact details have been lawfully obtained in the context of a previous sale of products or services or another transaction, and they can be used for the direct promotion of similar products or services of the provider or for similar purposes. Additionally, the data subject must have been informed at the time of data collection about their use for communication purposes and must not have objected to this use.

Furthermore, according to Article 31 of GDPR, the controller and the processor, and, where applicable, their representatives, shall cooperate, upon request, with the DPA in the performance of its tasks.

Finally, the DPA held that with its Decision 16/2022, a fine of €54,000 had already been imposed to the said controller, following the examination of thirty-six (36) complaints previously submitted to the DPA on the same matter. These complaints concerned the violation of the aforementioned provisions of Article 11 Law 3471/2006, as well as the lack of cooperation by the controller. Based on the above, there has been no compliance with the aforementioned Decision.

For the above reasons the DPA imposed a total fine of €45,000.

Additionally, the DPA requested that the Hellenic Telecommunications and Post Commission (EETT) examine the accuracy of the registration details of the domain name 'www.anoixisdate.gr' and take all appropriate actions, as, for example, the application of Article 10 of the Domain Name Management and Assignment Regulation for domain names ending in .gr or .ελ, regarding the deletion of the assigned domain name.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details. 

Summary
The Authority has examined a number of repeated complaints against a matchmaking agency regarding unsolicited communication via short text messages (SMS). Taking into account the number of violations, in total 15, out of a total of the same number of complaints, regarding unsolicited communication in the field of electronic communications, as well as the previous decision 16/2022 against the specific Data Controller, as well as the non-cooperation of the Data Controller with the Authority, the Authority imposes a fine of 45,000 euros on the Data Controller for established violations of articles 11 of Law 3471/2006 and 31 of the GDPR.

Furthermore, the Authority requests the National Telecommunications and Postal Commission to consider the deletion of the internet domain name of the specific Data Controller, based on the Domain Names Management Regulation and article 13 par. 3 of Law 3471/2006.
Retrieved from "https://gdprhub.eu/index.php?title=HDPA_(Greece)_-_8/2025&oldid=46530"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki