ENG

Greece

Can you place cookies without consent?

No. According to the general rule set forth in Article 4 par. 5 of Law 3471/2006 that transposed the ePrivacy Directive into national law, prior consent is required for the use of cookies except if such cookies are technical/strictly necessary for the operation of the website and its main functions.

Are cookie rules (whether specific or within general data protection laws) followed in practice?

Yes. In February 2020, the Greek DPA published guidelines on the use of cookies and trackers and set a two-month grace period for data controllers to comply. These guidelines were adopted following the completion of an audit carried out, in which the Greek DPA found that most of the audited websites were non-compliant with the GDPR and ePrivacy rules. 

Are there any exemptions if consent is required?

Yes. Consent is not required for cookies that are strictly necessary for the operation of the website and its main functions.

The Greek DPA has issued the following indicative list of necessary cookies that do not require consent:

  • security cookies used for the protection of users;
  • cookies used for load balancing;
  • cookies used to recognize and store the user's choices during a specific session (i.e. contents of a shopping cart);
  • cookies used for authentication; and
  • cookies for personalizing the user interface (i.e. choice of language).

In addition, the Greek DPA clarified that certain types of analytics cookies, namely first party cookies, do not require consent. In this case, the use of an opt-out mechanism suffices.  

Can you place the following cookies automatically:

i. Analytics cookies, ii. Advertising cookies, iii. Social media cookies

No. Only technical/strictly necessary cookies and certain types of analytics cookies can be placed without consent. Please see our answer above.

Are you able to gain consent without a user ticking ‘accept’, i.e., imply consent from a user continuing to browse the site?

No. According to the Guidelines of the Greek DPA of February 2020, the use of prechecked consent boxes or the fact that the user continues to browse the site cannot be considered as a valid consent. Consent must be expressed by a clear positive act.

Can you set cookies without a cookie notice? 

No. Consent must be informed and fulfil the GDPR requirements. According to the Guidelines of the Greek DPA of February 2020, notice should be provided for each cookie category about the duration of the processing, the identity of the controller and the recipients or categories of recipients. In addition, specific information on the purpose of each cookie category should be provided, and the Guidelines expressly state that general information on the use of cookies does not suffice.

Can you set cookies without a cookie banner/ management tool?

There is no legal requirement to have a cookie banner/management tool, but the Greek DPA recommends the use of such mechanisms. In practice, is it difficult to obtain informed and specific consent without such mechanisms.

Are you able to use cookie walls? 

No. The Greek DPA expressly states in its Guidelines of February 2020 that the use of cookie walls must be avoided.  

Is the local regulator currently enforcing decisions against breaches of cookie rules?

Following the Guidelines issued on February 2020, the Greek DPA published in May 2022 that it will exercise its supervisory authority as a matter of priority in this area. In the same press release, the Greek DPA announced that it carried out an ex officio audit action on 30 websites, which were selected on the basis of website traffic, and set a deadline of 15 days for their compliance. Notwithstanding the above we are not, so far, aware of any fine imposed by the Greek DPA in relation to cookie rules.

Are there any current consultations relating to ad tech/cookies?

None that we are aware of. 

Are there any anticipated changes to the rules and/ or have there been changes to the attitudes in the market (for example, case law or industry body decisions)?

None that we are aware of.