No. According to the general rule set forth in Article 4 par. 5 of Law 3471/2006 that transposed the ePrivacy Directive into national law, prior consent is required for the use of cookies except if such cookies are technical/strictly necessary for the operation of the website and its main functions.
Yes. In February 2020, the Greek DPA published guidelines on the use of cookies and trackers and set a two-month grace period for data controllers to comply. These guidelines were adopted following the completion of an audit carried out, in which the Greek DPA found that most of the audited websites were non-compliant with the GDPR and ePrivacy rules.
Yes. Consent is not required for cookies that are strictly necessary for the operation of the website and its main functions.
The Greek DPA has issued the following indicative list of necessary cookies that do not require consent:
In addition, the Greek DPA clarified that certain types of analytics cookies, namely first party cookies, do not require consent. In this case, the use of an opt-out mechanism suffices.
No. Only technical/strictly necessary cookies and certain types of analytics cookies can be placed without consent. Please see our answer above.
No. According to the Guidelines of the Greek DPA of February 2020, the use of prechecked consent boxes or the fact that the user continues to browse the site cannot be considered as a valid consent. Consent must be expressed by a clear positive act.
No. Consent must be informed and fulfil the GDPR requirements. According to the Guidelines of the Greek DPA of February 2020, notice should be provided for each cookie category about the duration of the processing, the identity of the controller and the recipients or categories of recipients. In addition, specific information on the purpose of each cookie category should be provided, and the Guidelines expressly state that general information on the use of cookies does not suffice.
There is no legal requirement to have a cookie banner/management tool, but the Greek DPA recommends the use of such mechanisms. In practice, is it difficult to obtain informed and specific consent without such mechanisms.
No. The Greek DPA expressly states in its Guidelines of February 2020 that the use of cookie walls must be avoided.
Following the Guidelines issued on February 2020, the Greek DPA published in May 2022 that it will exercise its supervisory authority as a matter of priority in this area. In the same press release, the Greek DPA announced that it carried out an ex officio audit action on 30 websites, which were selected on the basis of website traffic, and set a deadline of 15 days for their compliance. Notwithstanding the above we are not, so far, aware of any fine imposed by the Greek DPA in relation to cookie rules.
None that we are aware of.
None that we are aware of.