HDPA (Greece) - 21/2023

From GDPRhub
HDPA - 21/2023
Authority: HDPA (Greece)
Jurisdiction: Greece
Relevant Law:
12(1), ePrivacy Directive 2002/58
HDPA(Greece), Law 3471/2006
Type: Complaint
Outcome: Rejected
Started: 12.11.2022
Decided: 17.05.2022
Published: 26.06.2023
Fine: n/a
Parties: ΟΤΕ ΑΕ
National Case Number/Name: 21/2023
European Case Law Identifier: n/a
Appeal: Not appealed
Original Language(s): Greek
Original Source: HDPA (in EL)
Initial Contributor: Anastasia Vlachopoulou

The Greek DPA has ruled on its incompetence to examine communication confidentiality violations that were falling outside the scope of the GDPR

English Summary


Following a complaint lodged by the applicant against two telecommunications providers for violation of communication security and privacy and his right to the protection of his personal data, the Greek DPA filed a complaint against the applicant for lack of substance and application of the non bis in idem principle.

However, upon the submission and invocation of new evidence by the complainant, the Authority withdrew its filing since it was found that the sanctions imposed by the Hellenic Authority for Communication Security and Privacy (ADAE) were not definitive and that the non bis in idem principle was inapplicable.


Upon re-examination of the applicant's complaint, the Authority rejected it as indefinite, since no violation of GDPR have been found.

Ηence, the violations of the confidentiality of the applicant's communications, that concerned compliance with the law on the protection of confidentiality of communications, were outside the regulatory scope of the Authority's competence.


Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Greek original. Please refer to the Greek original for more details.

The Authority examined a request for remedy against an act of filing, with which a complaint against telecommunications providers had been placed on file as having no purpose, due to the imposition of a fine on the providers by ADAE for the same facts and due to the application of the non bis in idem principle.

After assessing the new information provided by the applicant, from which it emerged that the sanctions of the AIAEA had not been finalized, the Authority accepted the treatment request, revoked the act of filing, re-examined the complaint and rejected it as indefinite, because it does not state in incidents that would constitute a violation of the legislation for the protection of personal data, and as outside the competence of the Authority, to the extent that the violations of the privacy of the complainant's communications found by the ADAE do not fall within the regulatory scope of the Authority's competence.