The Greek media market is supervised by five separate independent regulatory authorities, i.e. the electronic communications NRA (NTPC), the Hellenic competition commission (HCC), the data protection authority (DPA), the authority for the protection of the confidentiality of communications (CCA) and the gaming regulation commission (GRC). This has led to significant over – regulation of the sector, overlapping powers between the regulators and, in many cases, regulatory uncertainty. Austerity plans to merge some of these authorities have currently been frozen. The regulatory powers of these authorities are as follows :
National Telecommunications & Post Commission (NTPC)
According to articles 6 – 17 of the Electronic Communications Act, the NTPC is the national regulatory authority (NRA) of article 3 of Directive 2002/21/EC, which is responsible for the supervision of the electronic communications sector in Greece. The NTPC enjoys wide powers under the ECA to enact secondary regulation and specify in detail several of its provisions. Under these powers the NTPC has issued numerous regulations, the most important of which are the following :
- The Public Consultations Regulation (GG 314/B/16-03-2006).
- The General Authorisations Regulation (GG 748/B/21-06-2006).
- The Radio Frequencies Assignment Regulation (GG 750/B/21-06-2006).
- The Regulation for the Management and Assignment of Numbering Resources (GG 1260/B/23-07-2007).
- The Co-location Regulation (GG 885/B/14-05-2008).
- The Code of Conduct on the Provision of Electronic Communication Services to Consumers (GG 1505/B/30-07-2008).
- The Access and Interconnection Regulation (GG 369/B/03-03-2009).
- The Regulation on Rights of Way Fees (GG 1375/B/10-07-2009).
- The Number Portability Regulation (GG 967/B/30-06-2010).
- The Code of Conduct on Premium Rate Services (GG 1651/B/15-10-2010).
- The Regulation for the Management and Assignment of .GR Domain Names (GG 593/B/14-04-2011).
Under the ECA the NTPC is also responsible for enacting ex ante regulation and imposing specific obligations to operators with significant market power (SMP) in the relevant electronic communications markets. Furthermore, the NTPC holds concurrent competence with the National Competition Commission for the enforcement of ex post competition law in the electronic communications sector(article 12 παρ. στ’, η’, λδ’ of ECA).
The NTPC has the power to intervene and resolve disputes between undertakings, whether national or cross border, and to impose administrative fines of up to 3.000.000 Euros or even revoke the general authorisation of undertakings in cases when the ECA or the secondary regulatory framework are violated (see articles 34 and 77 of the ECA).
For the execution of its duties the NTPC has powers to conduct inspections, inquiries and confiscations for reasons of collecting information and investigating cases of ECA and competition law violations, as wide as those held by the National Competition Commission (see p. 2.5.2. below).
National Competition Commission (NCC)
The NCC is the Greek competition authority, which supervises the application and enforcement of the Act no. 3959/2011 on the protection of free competition. The NCC holds concurrent competence with the NTPC for the enforcement of ex post competition law in the electronic communications sector (article 12 παρ. στ’, η’, λδ’ of ECA). Until today, the NCC has never exercised its powers of investigation and enforcement in the sector. However, the NCC has exclusive power to enforce the Act no. 3959/2011 in the information society services’ sector.
In cases of violation of the Act no. 3959/2011 the NCC has, inter alia, the powers to impose mandatory commitments, behavioural / structural remedies andƒ fines up to 10% of the aggregate turnover of the undertaking under investigation for the previous fiscal year or equal to the economic benefit derived from the unlawful behaviour, if such benefit can be calculated. In case that the violation has been conducted by a group of companies, the aggregate group turnover will be taken into account. Individuals involved in the violations may be held jointly liable with the undertaking for the payment of the fines mentioned above or face fines ranging from 200.000 € to 2.000.000 €, in case of their involvement in the preparation, organisation or commitment of the violation.
For the investigation of possible competition law violations the NCC has wide powers, inter alia, to (arts. 39 – 40 of Act no. 3959/2011) :
- Investigate any kind of books and other documentation, in paper or electronic format, held by undertakings under investigation, their managers and/or personnel.
- Confiscate any evidence or other means used for violating competition law.
- Investigate and collect information derived from any means of transport and communication utilised by undertakings under investigation, their managers and/or personnel.
- Conduct inspections at the premises of undertakings under investigation.
- Seal premises, books or documents, if needed for the purposes of the investigation.
- Inquire under or without oath managers and/or personnel of the undertakings under investigation in accordance with article 212 of the Code of Criminal Procedure.
Data Protection Authority (DPA)
According to the article 9A παρ. 2 of the Constitution and article 28 of Directive 95/46/EC, the protection of personal data in the jurisdiction of the Greek state is ensured by an independent authority. In accordance to the Constitution and EC law, the Act no. 2472/1997 establishes the Greek Data Protection Authority (DPA) and regulates its operation and powers. The DPA is thus empowered to supervise the application and enforcement of data protection law, both in its general aspects and in its specific application in the electronic communications and information society services sectors.
Under these powers the DPA has issued a number of directives and opinions, the most important of which, as far as the sectors mentioned above are concerned, are the following:
- Directive no. 1/1999 on the right of data subjects to be informed.
- Directive no. 50/2000 on terms for the lawful processing of personal data as regards the purposes of direct marketing/advertising and the ascertainment of creditworthiness.
- Directive no. 637/2000 on call management systems.
- Directive no. 115/2001 on personal data processing of employees.
- Directive no. 3845/2005 on the safe destruction of personal data after termination of the time period necessary for their processing purpose.
- Directive no. 1/2011 on CCTV use.
- Directive no. 2/2011 on electronic consent in the context of article 11 of the Act no. 3471/2006.
The DPA is the authority that has to be notified in writing by data controllers about (i) the establishment and operation of a personal data file or the commencement of data processing and (ii) the interconnection of files, as correspondingly stipulated by articles 6 and 8 of the Act no. 2472/1997. Furthermore, the DPA is the authority competent for the issuance of permits for the collection and processing of sensitive data, as well as the establishment and operation of the relevant file, and for transborder data flows outside the EU, as correspondingly stipulated by articles 7, 7A and 9 of the Act no. 2472/1997. Finally, the authority is responsible to keep, maintain and update the register of persons not willing to be included in files for the purposes of promoting the sale or goods or long distance services (art. 13 παρ. 3 of the Act no. 2472/1997).
In cases of violation of data protection law the DPA has, inter alia, the powers to order the suspension or revocation of the permits of an undertaking, the destruction of the relevant data protection files, the ban on processing and to impose administrativeƒ fines up to 145.000 €.
Authority for the Protection of the Confidentiality of Communications (CCA)
According to the article 19 παρ. 2 of the Constitution, the confidentiality of communications in the jurisdiction of the Greek state is guaranteed by an independent authority. In accordance to the provision of the Constitution mentioned above, the Act no. 3115/2003 and the Presidential Decree no. 40/2005 establish the Authority for the Protection of the Confidentiality of Communications (CCA) and regulate its operation and powers.
The CCA is the independent authority responsible for ensuring the confidentiality of free correspondence and communications and the lawful observance of the relevant legal framework. The CCA supervises the lawful interception and access to communications data procedure, which takes place between, on the one hand, electronic communication network operators and service providers and, on the other hand, the law enforcement authorities. It is also the authority competent to regulate and ensure the security of communications in the publicly available electronic communications networks and services. Finally, the CCA is responsible to monitor the lawful observance of the Data Retention Act no. 3917/2011 by electronic communication network operators and service providers. For this reason electronic communication network operators are obliged to send a regular quarterly report to the CCA, listing all the judicial orders for reasons of lawful interception and access to communication data received by the latter (see article 7 of the Act no. 3674/2008).
Under these powers the CCA has issued certain Regulations for ensuring confidentiality and security of the following electronic communications and information society services:
- Opinion no. 1/2005 on the procedure of lawful interception and access to communication data in relation to the internet.
- Regulations no. 2322/2006 and 234/2009 on the tracking of offensive calls (GG 1853/B/21-12-2006, 2359/B/20-11-2009).
- Recommendation no. 52/2009 on ensuring the confidentiality of communications by electronic communication service providers in the operation of lawful interception.
- Regulation no. 165/2011 on the protection of the confidentiality of electronic communications (GG 2715/B/17-11-2011).
In cases of violation of the relevant legal framework the CCA has, inter alia, the powers to order the suspension or revocation of the operation of the undertaking under investigation and imposeƒ fines of up to 5.000.000 €.
For the investigation of possible violations of the relevant legal framework the CCA has the powers, inter alia, to (article 6 of Act no. 3115/2003) :
- Conduct inspections at the premises, equipments, archives, databases and documents of law enforcement agencies and electronic communication network operators / information society service providers.
- Confiscate any means used for violating the confidentiality of communications and security.
Gaming Regulation Commission (GRC)
The Greek Gaming Regulation Commission (GRC) is the independent authority responsible for the supervision of the gambling activity in the jurisdiction of the Greek state. It is competent for the licensing, certification, supervision and monitoring of gambling and the gambling market.
The GRC has been established and granted its powers by virtue of articles 25 – 54 of the Act no. 4002/2011, but its actual operation has not been commenced before the beginning of 2012 by virtue of the Minister of Finance Decision no. 55906/1673/20-12-2011. The Commission is entitled under the law to form and maintain the black list of unlicensed gaming websites of article 52 παρ. 10 of the Act no. 4002/2011.
Just recently, the GRC has issued Decision no. 23/3/23-10-2012 (GG 2952/B/05-11-2012) and has undertaken its powers to impose administrative fines under the Act. no. 4002/2011 (see GRC Decision no. 22/2/22-10-2012, GG 2880/B/26-10-2012).