AT parliament the repeal of the Communications Privacy, Cyber ​​Security and Privacy Act, which was introduced two weeks ago, was introduced. at public consultations.

The day after tomorrow, on Thursday, at 16:00, the first meeting of the competent committee of the parliament will take place.

According to the Ministry of Justice, the bill aims to ensure the necessary balance between the protection of privacy and national security within the constitutional framework and on the basis of international best practices. According to the ministry, the bill strengthens the rights of citizens in the face of threats associated with technological development, while modernizing the relevant legislative framework of 1994 and eliminating recently identified shortcomings. Especially:

1. Criminal legislation is equipped with the necessary tools to combat surveillance programs and devices, the Ministry of Justice emphasizes: “The use of programs and devices for surveillance by individuals is qualified as a criminal offense and is punishable by imprisonment for up to ten years. and today it’s just a misdemeanor. Accordingly, human trafficking and simple possession, which are not currently criminalized, are classified as misdemeanors with penalties of up to five years. Prohibited software and monitoring tools are entered into a special public and constantly updated list, and the supply of monitoring software by the state is possible only under the terms of a presidential decree, which will be processed by the State Council.
2. New security measures are being introduced for the work of the National Intelligence Service. As emphasized in the ministry, “for the first time, the Academy of Intelligence and Counterintelligence is being created, the task of which is to train, train and specialize personnel, as well as the Internal Audit Department to monitor the phenomena of dereliction of duty and corruption in the Ministry of Internal Affairs.” cases, while guaranteeing the publicity of the activities of the Center for Technology Support, Development and Innovation EYP. Special conditions are set for the selection of the Commander, who can only be a diplomat or a high-ranking retired officer.
3. Privacy removal frameworks are being tightened. According to the Ministry of Justice, “for the first time, the term ‘national security’ has been legally specified, while providing that only the Ministry of Defense and the anti-terrorist service can request deportation if they meet strict documentation requirements. . Additional barriers are being erected, including for the first time when the removal concerns political figures, in which case an immediate and highly possible threat to national security is required, as well as the permission of the Speaker of Parliament. There is a mandatory notification of a suspension three years after the termination of the suspension, provided that the purpose for which the suspension was issued is not compromised, as judged by a special three-member body involving two prosecutors and the president. Message Privacy Security Office. The list of crimes requiring declassification is being streamlined and systematized, the procedure and terms for the destruction of surveillance materials are fixed by law.
4. A new rigorous cybersecurity protection system has been created and personal data protection has been strengthened. To combat the problem of fragmentation of relevant structures, a coordinating committee on cybersecurity issues is being created, and a Single Cybersecurity Reference Center is operating under the Ministry of Digital Governance. As noted by the Department of Justice, for the first time, a National Risk Assessment Plan for Information Technology and Communications Systems is also being developed to identify, analyze and evaluate risks and their impact on the security of information technology and communication systems at the National level. Finally, ambiguities in the integration of the relevant EU framework for the protection of personal data have been eliminated.

What are the changes compared to the consultation version?

The bill to abolish privacy of communications, cyber security and protection of personal data, submitted to Parliament, includes, according to the Ministry of Justice, a number of proposals made both during consultations and during public debate, as well as additional improvements. Specifically, as the ministry points out:

1. The definition of “national security considerations” that can serve as a basis for declassification has been significantly narrowed. “National security reasons” are now defined as those related to the protection of the essential functions of the state and the fundamental interests of Greek citizens, while the corresponding indicative list includes only reasons related to national defense, foreign policy, energy security and cybersecurity. safety.
2. The request for declassification is subject to increased documentation requirements for national security reasons. This request must include reasons that pose a threat to national security, the need for declassification to eliminate the risk, the object of declassification, i.e. the external elements of the message or its content, and the absolutely necessary period of time. Any extension of national security declassification beyond ten months is possible only if it can be confirmed that there are still certain elements that make the national security threat imminent and highly probable.
3. Increased guarantees are provided for the independence of the three-person body that decides on declassification for reasons of national security. Two prosecutors and the chairman of the Office of Confidentiality of Communications are now involved. On the contrary, the participation of the EYP commander and the director of counterterrorism is no longer envisaged. It also provides for the maintenance of a confidential final protocol, while the opinion of the minority is also recorded.
4. The process of destroying surveillance materials is further standardized. It is clarified that files containing documentary material can be destroyed after ten years, and material recorded in the attachment system is deleted after six months. For each case of destruction or wiping, an appropriate act is drawn up.
5. The list of crimes requiring declassification is further streamlined. Removal of confidentiality is now allowed only in relation to particularly heinous crimes, for the verification of which it is necessary to restrict the right to secrecy of communication. The corresponding list is also systematized in the same legislation to increase legal certainty.
6. A Single Cybersecurity Reference Center has been established at the General Directorate of Cybersecurity of the General Secretariat of Telecommunications and Post of the Ministry of Digital Management. The Center aims to develop, support and strengthen the capacity at the national level for early detection and response to cyber threats throughout the territory, in particular by strengthening the capabilities of early warning, detection and response to cyber attacks.

See here the entire draft law, posted on the website of the Parliament.