Law 3471/2006 (G.G. 133A’/28.06.06) under the title “Protection of privacy and personal data in the telecommunications sector” implemented the Privacy and Electronic Communications Directive 2002/58/EC (ePrivacy Directive) and was subsequently amended by Law 3783/2009 (G.G. 136/0A’/07.08.09) and Law 4070/2012 (G.G. Α-82/10.04.2012). This law regulates the collection and use of personal data in the context of electronic marketing or monitoring. For any issue not covered by Law 3471/2006, the GDPR applies. Law 3471/2006 will be abolished once the ePrivacy Regulation comes into force.
Law 3917/2011 regulates the retention of collected/processed personal data and transposed Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (Data Retention Directive).
Providers of mobile telephony services are obliged under the Law 3783/2009 (GG 136/A/07-07-2009) to collect and store identification data of their subscribers for national security reasons and for the investigation and prosecution of particularly serious crimes.
In January 2017, the European Commission published a proposal for an ePrivacy Regulation.