Greece Recording Laws: All-Party Consent, Art. 370A Penalties, and GDPR (2026)

Greece Recording Laws: All-Party Consent, Art. 370A Penalties, and GDPR (2026)

Greece is an all-party consent country under Article 370A of the Greek Penal Code. Recording any telephone call or private conversation without the explicit consent of every participant is a criminal offense carrying up to 10 years imprisonment following the Law 5002/2022 amendments.

Information last verified on 2026-05-15. This article has not yet been reviewed by a licensed lawyer.

Jurisdiction scope: This article addresses recording and communications privacy law in Greece (Hellenic Republic) under the Greek Penal Code (Arts. 370A, 370ST, 346), the Greek Constitution (Arts. 9, 9A, 19), the Greek Civil Code (Arts. 57-59), GDPR as implemented by Law 4624/2019, and Law 3471/2006 (ePrivacy). It does not address recording law in other EU member states; for those, see the International Recording Laws hub.

---

Quick Answer: Is Greece All-Party Consent?

Greece enforces one of the strictest recording consent regimes in the European Union. The country operates under an all-party consent standard. Every person involved in a conversation must give their explicit consent before that conversation can be recorded.

This rule applies to phone calls, in-person conversations, video calls, and any other form of oral or electronic communication. The person doing the recording does not get a free pass simply because they are a participant. Even if you are part of the conversation, you must obtain clear, affirmative agreement from all other parties before pressing record.

Implied consent does not satisfy the legal requirement. Silence, continued participation in a call after hearing a tone, or a general awareness that recording technology exists do not constitute the explicit consent required by Greek law. The consent must be direct, informed, and unambiguous.

The legal framework protecting communications privacy in Greece draws from multiple sources: the Greek Constitution, the Penal Code, EU regulations, and several specialized statutes governing electronic communications and data protection.

---

Constitutional Foundation: Articles 9, 9A, and 19

The right to communications privacy and home security in Greece has constitutional protection at the highest level. Three constitutional provisions work together to form the foundation of recording and surveillance law.

Article 19: Absolute Secrecy of Communications

Article 19 of the Greek Constitution states: "The privacy of correspondence and any other form of communication is absolutely inviolable."

The word "absolutely" is significant. The constitutional drafters chose language that signals this is not a qualified or conditional right. It is a core guarantee of personal freedom and democratic participation.

Article 19 permits only one exception. The judicial authority may lift communications secrecy, but only in cases involving national security or the investigation of particularly serious crimes. The conditions and procedures must be specified by law. No other entity, and no private party, has the authority to override this constitutional protection.

Article 9: Home Inviolability and Personal Life

Article 9 of the Greek Constitution protects the inviolability of the home and personal life. It prohibits entry into a dwelling and any search without the owner's consent, except in circumstances specified by law with a judicial warrant. This provision extends privacy protection to private spaces and underpins the prohibition on placing recording devices in homes, offices, and other private locations without judicial authorization or the consent of the occupants.

The interplay between Art. 9 and Art. 370A of the Penal Code means that surreptitious audio recording within a private dwelling is both a constitutional violation and a criminal offense.

Article 9A: Personal Data Protection

Article 9A of the Greek Constitution, added in the 2001 constitutional revision, establishes the right to protection of personal data. This provision requires an independent authority to oversee data protection. That authority is the Hellenic Data Protection Authority (HDPA), which plays a direct role in regulating how voice recordings and other personal data are collected, stored, and used.

ADAE: The Communications Privacy Watchdog

Article 19, paragraph 2, of the Constitution mandates the creation of an independent authority to ensure communications confidentiality. That authority is ADAE (Archi Diasfalisis Aporritou Epikoinonion), established by Law 3115/2003 and Presidential Decree 40/2005.

ADAE monitors the lawful interception process. It oversees how government agencies, intelligence services, and telecommunications providers handle communications data. It also controls the security of publicly available electronic communications networks.

ADAE has reported a 23% increase in state-ordered wiretaps during 2024. The authority has raised concerns about the National Intelligence Service (EYP) and the Special Violent Crimes Squad failing to notify ADAE of hundreds of surveillance orders in a timely manner during 2023 and 2024. These delays undermine ADAE's ability to exercise its constitutional oversight role.

---

Article 370A of the Greek Penal Code: The Core Recording Statute

Article 370A is the core criminal statute governing the recording and interception of communications in Greece. It contains multiple paragraphs, each addressing a different form of violation.

Paragraph 1: Telephone Interception

Paragraph 1 addresses anyone who unlawfully taps into, interferes with, or connects to a device, link, or network used for fixed or mobile telephony, or to any hardware or software system providing such services. The purpose of the interference must be to inform oneself or another person of, or to record, the content of a telephone conversation between third parties or location data related to that communication.

The original penalty for this offense was imprisonment from 10 days to 5 years. Following the 2022 amendments under Law 5002/2022, penalties were significantly increased to up to 10 years.

Paragraph 1, Subparagraph 2: Participant Recording Without Consent

This provision specifically criminalizes a participant who records their own telephone conversation without the explicit consent of the other party. Greece differs from most countries on this point. In many jurisdictions, a participant in a conversation can freely record it. In Greece, even a participant commits a criminal offense by recording without explicit consent from every other party.

The requirement is explicit consent. The other party must clearly agree to the recording. Implied consent, such as continuing to talk after a beep or tone, does not satisfy this standard under Greek law.

Paragraph 2: In-Person Conversation and Private Acts

Paragraph 2 covers oral conversations that are not conducted in public. Anyone who monitors such a conversation by special technical means, or who captures it on a recording device, without the consent of the participants commits a criminal offense. This paragraph also covers capturing non-public acts of another person.

The minimum penalty under Paragraph 2 is imprisonment of at least one year.

Paragraph 3: Unlawful Use of Recordings

Paragraph 3 addresses the subsequent use of illegally obtained recordings. Anyone who unlawfully uses information captured through the methods described in Paragraphs 1 and 2, or the device containing such recordings, faces imprisonment of up to three years or a fine.

This means that even if someone else made the illegal recording, using that recording or distributing its contents is itself a separate criminal offense.

Note on Article 370B

Article 370B of the Greek Penal Code addresses unauthorized access to information systems, a computer-crime provision distinct from the recording and communications interception offenses in Art. 370A. The two articles should not be conflated: recording consent violations are governed exclusively by Art. 370A.

Law 5002/2022 Amendments: Penalties Up to 10 Years

Law 5002/2022, enacted on December 9, 2022, significantly toughened the penalties under Article 370A. The amendments impose prison sentences of up to 10 years for violations of communications confidentiality. This applies broadly, including to telephone service providers or their legal representatives or employees who violate the confidentiality of telephone and oral communications of third parties.

The law also added a new Article 370ST to the Greek Penal Code, which criminalizes the possession or distribution of surveillance software or devices. This provision was a direct response to the Predator spyware scandal and aims to close the gap that previously allowed spyware vendors to operate without criminal liability.

Areios Pagos: Admissibility of Recordings in Court

The Areios Pagos (Supreme Court of Greece) has established through its case law that the term "unfairly" in Art. 370A means acting without a relevant legal right or without the consent of the interlocutor. Where a party consents to a recording, the constitutive elements of the offense are not satisfied and no crime is committed.

In civil proceedings, unlawfully obtained audio recordings are inadmissible against the person whose communications right was violated. However, the Areios Pagos has recognized an exception: recordings obtained without consent may be admitted when necessary to protect a constitutionally superior interest, such as human life. This narrow exception does not apply to ordinary contractual or employment disputes; it is reserved for genuinely grave circumstances.

---

GDPR and Greek Data Protection Law

Greece is a member of the European Union, and the General Data Protection Regulation (GDPR) applies directly. Greece implemented the GDPR through Law 4624/2019, which took effect on August 29, 2019, replacing the earlier Law 2472/1997.

Voice Recordings as Personal Data

Under the GDPR and Greek law, voice recordings are personal data. A recording that can identify a person through their voice, name, phone number, or other identifying details falls within the scope of data protection regulation. Businesses and individuals who collect or store voice recordings are data controllers subject to GDPR obligations.

Legal Bases for Processing

Before recording and storing a voice conversation, a data controller must identify a valid legal basis under GDPR Article 6. In Greece, the most commonly relevant bases are:

• Consent: The data subject's freely given, specific, informed, and unambiguous agreement. Given Greece's all-party consent criminal law, this is the primary basis for most recording scenarios.
• Legitimate interest: The controller's legitimate interest, balanced against the data subject's rights. This requires a documented balancing test.
• Legal obligation: Processing required by law, such as regulatory requirements for financial services call recording.
• Contractual necessity: Processing necessary to perform a contract with the data subject.

HDPA Enforcement

The Hellenic Data Protection Authority (HDPA) enforces the GDPR and Greek data protection law. Articles 9-20 of Law 4624/2019 define the HDPA's structure and supervisory powers, which mirror and supplement GDPR Article 58. Its powers include:

• Investigating complaints and conducting audits with access to premises and equipment
• Issuing warnings, reprimands, or bans on processing
• Imposing administrative fines of up to 20 million euros or 4% of worldwide annual turnover for serious violations
• Ordering mandatory data deletion

Recent enforcement actions show the HDPA willing to impose significant penalties. The HDPA imposed a EUR 20,000,000 fine on Clearview AI for unlawful biometric data processing, equaling the maximum GDPR fine amount. In December 2025, HDPA Decision 45/2025 halted the Hellenic Police's Smart Policing programme, a EUR 4 million procurement of 1,000 portable devices enabling facial recognition and biometric identification, concluding that its activation would constitute unlawful processing of personal data.

---

Law 3471/2006: Electronic Communications Privacy

Law 3471/2006 transposes the EU ePrivacy Directive (2002/58/EC) into Greek law. This statute governs privacy in the electronic communications sector and works alongside the GDPR and the Penal Code.

Key provisions relevant to recording include:

• Confidentiality of communications: Listening to, tapping, storing, or surveilling communications and related traffic data is prohibited without the consent of the users concerned.
• Direct marketing: Unsolicited electronic communications for marketing purposes require prior explicit consent from the recipient.
• Call recording by providers: Telecommunications providers may record communications to provide evidence of commercial transactions, but only when both parties have consented after being notified of the recording's purpose.

---

Recording Phone Calls in Greece

All phone call recording in Greece requires the explicit consent of every party on the call. This applies to:

• Landline-to-landline calls
• Mobile phone calls
• VoIP and internet-based calls (Viber, WhatsApp, Zoom, Teams)
• Conference calls with multiple participants

For conference calls, consent must be obtained from every participant. A single dissenting party makes the recording unlawful.

There is no exception for recording your own calls. A participant who records without consent commits the same offense as a third-party interceptor. The only difference is the specific paragraph of Article 370A that applies and the corresponding penalty range.

---

Recording In-Person Conversations

In-person conversations in Greece receive strong protection under Article 370A, Paragraph 2. Recording a private, non-public oral conversation without the consent of the participants is a criminal offense carrying a minimum of one year in prison.

The key distinction is whether the conversation takes place in public or private. A conversation held in a public square, at an open market, or in a space where others can freely overhear it has reduced privacy expectations. A conversation in a private home, an office with the door closed, a restaurant booth, or any other setting where the participants have a reasonable expectation of privacy is protected.

Covert recording devices placed in private spaces, whether audio bugs, hidden microphones, or smartphone recording apps running in the background, all fall within the scope of this prohibition.

---

Public Recording and Photography in Greece

Greece does not prohibit photography or video recording in genuinely public spaces. The right to photograph and record in public is protected under Article 14 of the Greek Constitution as an expression of freedom of speech.

You do not need consent to photograph or film people in public streets, plazas, parks, or other open areas. This applies to journalism, tourism photography, and general public documentation.

However, several important restrictions apply:

• Military installations: Photographing or filming military bases or the composition of armed forces, even from a public vantage point, is not protected.
• Commercial use: Using a person's image for commercial advertising without their consent is illegal, unless the photo shows a group in a public space or the individual is only a minor part of the image.
• Religious sensitivities: Content that offends the Christian religion or the dignity of the President of the Republic may fall outside constitutional protection.
• Filming permits: Open-air filming for documentaries, advertisements, or movies at public locations such as squares, streets, and pedestrian areas may require permits from municipal authorities or archaeological services.

The distinction between public visual recording and private conversation recording is critical. Filming a street scene is lawful. Recording a private conversation happening on that street, where the participants have a reasonable expectation that they are speaking privately, is not.

---

Recording Police Officers and Public Officials

Greek law does not contain a standalone statutory right to record police officers, but the constitutional framework under Article 14 (freedom of expression and press freedom) protects the recording and publication of matters of legitimate public interest, including the conduct of public officials in the exercise of their duties.

The practical position is as follows:

Video recording of police activity in public is generally permissible under Art. 14 and established press freedom principles when the recording documents official conduct in a public space. The ENNHRI Rule of Law Report on Greece (2024) notes that press freedom and public accountability protections extend to citizen documentation of official acts.

Audio recording of any conversation with police, however, is subject to the same all-party consent rule under Art. 370A. Even a conversation between a citizen and a police officer is a private communication for the purposes of the statute if both parties could reasonably expect their exchange to be private. Recording the audio of such a conversation without consent from the officer may constitute a criminal offense.

GDPR considerations apply when recordings identify individuals. If you record an interaction with a police officer and publish it, you are processing their personal data. The legitimate interest basis under GDPR Art. 6(1)(f) may support publication where there is genuine public interest in accountability, but this requires a documented balancing test.

In practice, Greek courts and regulatory guidance support the principle that recording officers engaged in their public duties for accountability purposes is protected by press freedom. However, the audio-consent requirement under Art. 370A creates a legal ambiguity for citizen recordings that has not been definitively resolved by the Areios Pagos. Travelers and journalists should proceed with caution and seek local legal advice if recording interactions with law enforcement for publication.

---

Workplace Surveillance and Employee Monitoring

Greece places strict limits on workplace surveillance. The HDPA, through Directive 1/2011 and subsequent guidance, has established clear boundaries.

CCTV in the Workplace

Video surveillance through CCTV is permitted only when it is necessary for the protection of persons and property. CCTV must not be used to monitor, evaluate, or assess employee performance. Recording in the following areas is strictly prohibited:

• Individual workstations
• Corridors (in most circumstances)
• Eating areas and break rooms
• Restrooms and changing areas

Employers must inform employees in writing about the installation and operation of any video surveillance system before it becomes operational.

Computer and Digital Monitoring

Monitoring employee computer activity requires advance notification and must serve a legitimate business interest. The monitoring must be proportionate, meaning it should be limited to what is strictly necessary. Blanket surveillance of all employee digital activity without specific justification will not satisfy the proportionality test.

GPS Tracking

GPS tracking of company vehicles is restricted to predefined routes during work hours. Data retention for GPS tracking is limited to one month.

Audio Recording at Work

Recording workplace conversations follows the same all-party consent rule that governs all other conversations in Greece. An employer cannot install hidden microphones to record employee conversations. An employee cannot secretly record a meeting with their supervisor. Both scenarios require explicit consent from all participants.

This makes Greece significantly different from countries like the United States, Brazil, or the United Kingdom, where employee recording of workplace conversations for evidence of harassment or wrongful termination is often legally protected.

---

Civil Liability: Civil Code Articles 57-59

Criminal penalties under the Penal Code are not the only consequence of unlawful recording in Greece. The Greek Civil Code provides a parallel civil remedy track through Articles 57, 58, and 59.

Article 57: Personality Rights Protection

Article 57 of the Greek Civil Code establishes a general right to protection of one's personality. Anyone whose personality right is infringed may seek injunctive relief and compensation from the perpetrator. The right to personality under Art. 57 covers communications privacy, image, voice, and personal dignity.

A key practical point: under Greek case law applying Art. 57, taking a photograph or video recording of a person constitutes an interference with their personality right even without any publication or further use of the material. The act of recording itself, without consent, is actionable.

Article 58: Protection of Name

Article 58 specifically protects a person's name from unauthorized use. It provides an independent basis for a civil action where a recording or other content is used to misrepresent or exploit a person's identity.

Article 59: Moral Damages

Article 59 allows a claimant to seek moral damages (non-material harm) for mental anguish caused by an offense against their personality. Reparation under Art. 59 may consist of monetary compensation, publication of a statement restoring the truth, or any other relief the court determines appropriate given the circumstances.

The civil remedy is independent of the criminal prosecution. A victim of unlawful recording may pursue a civil damages claim under Arts. 57-59 even if the criminal proceeding results in an acquittal or is not pursued. Civil and criminal proceedings may run simultaneously.

---

NCII, Voyeurism, and Article 346

Article 346 of the Greek Penal Code, added by Law 4947/2022 (enacted 23 June 2022), criminalizes the non-consensual sharing of intimate images and image-based sexual abuse. Before this law, such conduct was treated as a misdemeanor under data protection legislation. The 2022 reform elevated it to a Penal Code offense with significantly higher penalties.

What Article 346 Covers

Article 346, Paragraph 1 covers the disclosure of personal intimate moments without the consent or knowledge of the victim. This includes real photographs, real video recordings, and fabricated or manipulated material (including AI-generated imagery) that depicts the victim in intimate situations.

Article 346, Paragraph 2 covers threats to disclose such material, punishable by imprisonment of at least one year. This addresses the common pattern of sextortion where intimate images are used as leverage.

Aggravated Penalties

The following circumstances trigger higher penalties under Art. 346:

• Online distribution to an indefinite number of recipients: imprisonment up to 8 years
• Victim is a minor: aggravated sentence
• Perpetrator is a current or former partner, spouse, or cohabitant: aggravated sentence
• Victim attempted or completed suicide as a result: if the victim attempted suicide, imprisonment and a fine; if the victim died by suicide, imprisonment of at least 10 years and a fine

Relationship to Article 370A

Article 346 and Art. 370A address overlapping but distinct conduct. Art. 370A governs the act of recording a communication without consent. Art. 346 governs the subsequent non-consensual disclosure of intimate material. Both may apply where a private intimate recording is made without consent and then shared: Art. 370A for the recording act, Art. 346 for the disclosure.

---

Deepfakes, AI-Generated Content, and the EU AI Act

Greece, as an EU member state, is subject to two intersecting EU legal frameworks that directly affect the legality of AI-generated and deepfake content.

EU AI Act: Transparency Obligations

The EU AI Act (Regulation (EU) 2024/1689) entered into force in 2024. Among its provisions currently in effect, the Act imposes transparency obligations on providers and deployers of AI systems that generate synthetic content. AI systems that produce audio, video, or text designed to resemble real persons must disclose that the output is AI-generated. Users who share such content publicly must apply appropriate labeling.

The AI Act does not create specific victim remedies for non-consensual deepfake imagery. Its enforcement focus is on systemic transparency rather than individual harm. Gaps in the AI Act's victim-protection framework have been noted by commentators and legal scholars.

EU Directive 2024/1385: Violence Against Women and Domestic Violence

EU Directive 2024/1385, which entered into force on 13 June 2024, requires EU member states to criminalize the non-consensual creation and sharing of sexualising deepfakes (synthetic intimate imagery). Member states, including Greece, must transpose this obligation into national law by 14 June 2027.

As of May 2026, Greece has not enacted standalone deepfake-specific criminal legislation for adults beyond Art. 346. However, Art. 346's reference to "fabricated images" and "manipulated material" may already capture non-consensual AI-generated intimate imagery under the existing provision. Whether Art. 346 fully satisfies the VAW Directive's transposition requirements will depend on the scope of implementing measures Greece adopts before the June 2027 deadline.

Awareness and Enforcement Context

Between October 2024 and May 2025, Greek civil society organization Homo Digitalis conducted school awareness sessions on deepfake risks across more than 20 schools. The sessions identified patterns of minors using deepfake applications to manipulate images of classmates, raising concerns about escalating misuse. These educational efforts underscore that deepfake-related harm is an active concern in Greece, even as the legislative framework continues to develop.

---

The 2022 Predator Spyware Scandal

The Predator spyware scandal, often called "Predatorgate" or the "Greek Watergate," exposed the illegal surveillance of journalists, politicians, and other public figures in Greece. The scandal has had a lasting impact on Greek surveillance law and public attitudes toward privacy.

How the Scandal Began

In March 2022, digital rights organization Citizen Lab informed journalist Thanasis Koukakis that his phone had been infected with Predator spyware and surveilled for approximately ten weeks. Predator is a highly invasive surveillance tool capable of extracting all data from a target's device, including messages, calls, location data, and passwords.

Four months later, Nikos Androulakis, leader of the opposition party PASOK-KINAL and a Member of the European Parliament at the time, discovered his phone had also been targeted with Predator.

Scale of the Surveillance

Investigations revealed that approximately 84 mobile phones were targeted through Predator spyware. Targets included journalists, politicians, government officials, and associates of Prime Minister Kyriakos Mitsotakis. The National Intelligence Service (EYP) was implicated in parallel lawful surveillance of some of the same targets.

Legislative Response: Law 5002/2022

The scandal prompted the Greek parliament to pass Law 5002/2022 on December 9, 2022. The law, titled "Procedure for Waiving Communications Secrecy, Cybersecurity, and Protection of Citizens' Personal Data," introduced several major changes:

• Increased maximum penalties under Article 370A to 10 years imprisonment
• Created a new criminal offense for possession or distribution of surveillance software (Article 370ST)
• Established conditions under which communications secrecy may be waived: only for national security or investigation of particularly serious crimes
• Created new institutional bodies: a Cybersecurity Coordination Committee, a Cybersecurity Operations Centre (SOC), and a Standing Scientific Committee on Personal Data

Human Rights Watch and other organizations criticized portions of the law for potentially expanding government surveillance powers while claiming to restrict them. The organization noted concerns about provisions that could weaken judicial oversight of intelligence agency surveillance.

February 2026 Convictions

On February 26, 2026, an Athens court convicted four individuals in the Predator spyware case. The convicted individuals were:

• Tal Dilian, former Israeli intelligence officer and founder of the Intellexa Consortium (the company behind Predator)
• Sara Aleksandra Fayssal Hamou, Dilian's business partner, who provided managerial services to Intellexa
• Felix Bitzios, shareholder and former deputy administrator of Intellexa
• Giannis Lavranos, owner of Kriel, the company through which Predator was procured

All four were found guilty of breaching the confidentiality of telephone communications and illegally accessing information systems. Each defendant received a sentence of 126 years and 8 months, capped at 8 years under Greek law because the charges were classified as misdemeanors. The sentences were suspended pending appeal. Tal Dilian stated publicly that he intended to appeal.

This verdict is the first case anywhere in the world in which individuals in the commercial spyware industry were criminally charged and convicted for marketing, distributing, and using spyware to illegally surveil a journalist. The court forwarded the case file to prosecutors to investigate additional suspects, including potential involvement by intelligence officials.

---

Penalties Summary

---

Business Compliance Checklist

Companies operating in Greece that handle voice communications or recordings must take specific steps to comply with Greek law.

Obtain explicit consent before any recording. This is non-negotiable under Greek criminal law. Inform all parties that recording will occur, state the purpose of the recording, and obtain clear affirmative consent before the recording begins. "This call may be recorded" is not sufficient. You need active agreement from the other party.

Document the legal basis under GDPR. Identify which GDPR Article 6 basis applies to your recording activity. In most cases, this will be consent. Record the legal basis in your processing register and be prepared to demonstrate compliance to the HDPA.

Provide transparent notice. Tell callers or meeting participants: who is recording, why, how long the recording will be stored, who will have access to it, and what rights they have regarding the recording. This must happen before the recording starts.

Define and enforce retention periods. Establish written policies specifying how long recordings are kept. Implement automated deletion at the end of the retention period. Recordings kept beyond the stated period create unnecessary legal exposure.

Restrict access to recordings. Limit access to stored recordings to personnel with a documented, legitimate need. Maintain access logs that record who accessed which recording and when.

Train employees. Staff who handle recordings must understand that unauthorized recording is a criminal offense in Greece. Training should cover the consent requirement, proper handling of recorded data, and the consequences of non-compliance.

Conduct a Data Protection Impact Assessment (DPIA). If your recording involves large-scale, systematic monitoring of individuals, a DPIA is required under GDPR Article 35. The HDPA has identified video and audio surveillance as categories that typically require a DPIA.

Review cross-border data transfers. If recordings are stored or processed outside Greece or the EU, ensure transfers comply with GDPR Chapter V requirements, including standard contractual clauses or adequacy decisions.

---

Cross-Border Recording and Travelers

Greek territorial jurisdiction applies to all recordings made within Greece, regardless of the nationality of the parties or the country in which the recording device is registered.

A traveler from a one-party consent country who arrives in Greece and records a telephone call or in-person conversation without the consent of all parties commits a Greek criminal offense. The fact that the same recording would be entirely lawful in the traveler's home country provides no defense under Greek law.

Key points for international travelers and businesses:

Remote calls with Greek parties: If you are outside Greece but record a call with a person located in Greece, the legal position is less certain. Greek criminal jurisdiction typically requires a territorial link (the act or its effects occurring in Greece). If the Greek party's communications are intercepted within Greek territory, Greek law may apply.

EU business operations: Companies with operations in Greece that centrally record customer service calls for their Greece-based customers must comply with Greek law regardless of where the recording infrastructure is physically located. GDPR's one-stop-shop mechanism does not displace Greek criminal law obligations.

Comparison with other EU member states: Most EU countries require all-party consent for recording, but Greece's penalties are among the harshest. The 10-year maximum prison sentence under the 2022 amendments exceeds penalties in Germany (up to 3 years for comparable wiretapping offenses), France (up to 1 year), and Italy (up to 4 years). The United States varies by state, with even strict all-party consent states like California and Illinois imposing lower criminal maxima than Greece.

---

---

Disclaimer

This article presents general legal information about recording and communications privacy law in Greece. It does not constitute legal advice and is not a substitute for advice from a lawyer licensed to practice in Greece or another relevant jurisdiction. Laws and regulations can change; the information here was verified as of May 2026. Readers facing a specific legal situation in Greece should consult a qualified Greek lawyer.

---

About the Author

[PLACEHOLDER: Author roster pending. Information last verified by the RecordingLaw.com editorial team on 2026-05-15.]

---

Authorities Cited

1. Greek Constitution, Arts. 9, 9A, 19. https://www.hellenicparliament.gr/en/Vouli-ton-Ellinon/To-Politevma/Syntagma/
2. Greek Penal Code, Art. 370A (as amended by Law 5002/2022). https://sherloc.unodc.org/cld/en/legislation/grc/penal_code/article_370-_/article_370.html
3. Law 5002/2022: Procedure for Waiving Communications Secrecy, Cybersecurity, and Protection of Citizens' Personal Data. https://kalaw.gr/law-5002-2022-waiving-of-communications-secrecy-cybersecurity-and-data-protection/
4. Greek Penal Code, Art. 346 (added by Law 4947/2022, NCII/revenge porn). https://www.datawo.org/2022/07/30/the-addition-of-article-346-to-the-penal-code-about-revenge-pornography-and-the-crime-of-image-based-sexual-abuse-as-a-form-of-gender-based-violence-in-the-digital-age/
5. Greek Civil Code, Arts. 57-59 (personality rights). https://www.bahagram.com/wp-content/uploads/2015/11/GREEK_LAW_AND_JURISPRUDENCE_ON_INFRINGEMENTS_OF_PERSONAL_PRIVACY.pdf
6. Law 4624/2019 (GDPR implementation in Greece), translated by the HDPA. https://www.dpa.gr/sites/default/files/2020-08/LAW%204624_2019_EN_TRANSLATED%20BY%20THE%20HDPA.PDF
7. Law 3471/2006: Protection of Personal Data and Privacy in Electronic Communications. https://www.dpa.gr/sites/default/files/2019-10/law_3471_06en.pdf
8. Hellenic Data Protection Authority (HDPA) Official Website. https://www.dpa.gr/en
9. ADAE: Hellenic Authority for Communication Security and Privacy. https://adae.gov.gr/en/adae-en
10. HDPA Decision 45/2025: Smart Policing system unlawful (EDRi analysis). https://edri.org/our-work/greeces-ai-smart-policing-system-ruled-unlawful-after-e4-million-public-spending/
11. IAPP: HDPA imposes EUR 20 million fine on Clearview AI. https://iapp.org/news/a/greek-dpa-imposes-20m-euro-fine-on-clearview-ai-for-unlawful-processing-of-personal-data
12. Regulation (EU) 2024/1689 (EU AI Act). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202401689
13. Directive (EU) 2024/1385 on combating violence against women and domestic violence. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202401385
14. Amnesty International: Convictions in Predatorgate Scandal (Feb 2026). https://www.amnesty.org/en/latest/news/2026/02/greece-spyware-scandal/
15. ICIJ: Greek court convicts Intellexa founder Tal Dilian (Feb 2026). https://www.icij.org/investigations/cyprus-confidential/greek-court-convicts-intellexa-founder-tal-dilian-three-others-in-wiretapping-scandal/
16. Human Rights Watch: Greek Court Finds Spyware Executives Guilty (Mar 2026). https://www.hrw.org/news/2026/03/02/greek-court-finds-spyware-executives-guilty
17. Human Rights Watch: Greece Problematic Surveillance Bill (2022). https://www.hrw.org/news/2022/12/08/greece-problematic-surveillance-bill
18. ICLG: Data Protection Laws and Regulations 2025-2026, Greece. https://iclg.com/practice-areas/data-protection-laws-and-regulations/greece
19. Lexology: Violation of the confidentiality of telephone communication and oral conversation under Greek law. https://www.lexology.com/library/detail.aspx?g=1bafb03e-8bd6-489a-94ab-3e199d06427f
20. Digestaonline: Exclusion of Illegally Obtained Evidence in Greek Civil and Penal Proceedings. http://www.digestaonline.gr/index.php/digestaonline/16-2015/38-2015-kaissis-evidence
21. GovWatch: ADAE Report on Communications Secrecy Protection Issues. https://govwatch.gr/en/finds/ekthesi-adae-zitimata-prostasias-toy-syntagmatika-katochyromenoy-aporritoy-ton-epikoinonion/
22. Greek City Times: Greek Watchdog Reports Sharp Increase in Secret Wiretaps (2025). https://greekcitytimes.com/2025/10/08/greek-wiretaps/
23. Kyriakoulaw.gr: Revenge porn establishment in the New Penal Code. https://kyriakoulaw.gr/en/articles/revenge-porn-h-stoixeiothethsh-toy-ston-neo-poiniko-kwdika
24. EITHOS: Challenging Deepfakes in Greece. https://eithos.eu/challenging-deepfakes-awareness-and-legal-safeguards-in-greece/

---

Related Articles

• International Recording Laws Overview
• Germany Recording Laws
• France Recording Laws
• Italy Recording Laws
• GDPR and Recording: What Businesses Need to Know

---

Last updated: 2026-05-15. Statutes cited reflect their in-force version as of 2026-05-15.