Communications Privacy Bill: The key innovations – What changes from the original

by

The bill was tabled in Parliament – The bill seeks to ensure the necessary balance between the protection of privacy and national security, within the constitutional framework

The final form of the bill for the procedure for the removal of communications, the cyber security and the protection of personal data for citizens, the ministry announced.

The Communications Deprivation, Cybersecurity and Personal Data Protection Bill tabled today in Parliament seeks to ensure the necessary balance between the protection of privacy and national security, within the constitutional framework and on the basis of the best international practices. It strengthens citizens’ rights in the face of threats linked to technological development, while modernizing the relevant legislative framework dating back to 1994 and addressing recently identified shortcomings.

The innovations it includes

Particularly:

-Criminal legislation is equipped with the necessary tools to deal with surveillance software and devices. The use of tracking software and devices by private individuals is being upgraded to a felony and punishable by up to ten years in prison, whereas today it is a simple misdemeanor. Accordingly, trafficking and simple possession, which are not currently criminalized, are classified as misdemeanors with a penalty of up to five years. Prohibited software and monitoring devices are recorded in a special publicly accessible and constantly updated list, while the procurement of monitoring software by the State is only possible under the conditions of a presidential decree, which will have been processed by the Council of State.

– New safety measures are being put in place in the operation of the National Intelligence Service. For the first time, an Intelligence and Counterintelligence Academy with the mission of training, training and specialization of the staff and an Internal Audit Unit to control the phenomena of breach of duty and corruption in the EYP are established, while guarantees of publicity are foreseen in the operation of the Center of Technological Support, Development and Innovation of the EYP. Special conditions are set for the selection of the Commander, who can only be a diplomat or a retired senior officer.

-The privacy removal framework is tightened. For the first time, the term “national security” is specified legislatively, while it is provided that only the Ministry of Defense and the anti-terrorist service can request the removal, if they meet strict documentation requirements. Additional hurdles are set, also for the first time, when the removal concerns political figures, in which case an immediate and extremely possible threat to national security is required, as well as the permission of the Speaker of the Parliament. Provision is made for the mandatory notification of the removal, after three years have passed since its cessation, provided that the purpose for which the removal was ordered is not compromised, as assessed by a special three-member body with the participation of two prosecutors and the president of the Security Authority of Privacy of Communications. The list of crimes justifying declassification is streamlined and systematized while the procedure and times for the destruction of surveillance material are standardized by law.

-A new strict cyber security protection framework is established and the protection of personal data is strengthened. A coordination committee for cyber security issues is being established to combat the problem of fragmentation of relevant structures, while a Unified Cyber ​​Security Reference Center is operating at the Ministry of Digital Governance. For the first time, a National Information and Communication Technology Systems Risk Assessment Plan is also being prepared for the identification, analysis and assessment of risks and their effects on the security of information and communication technology systems at the national level. Finally, ambiguities in the integration of the relevant EU framework for the protection of personal data are removed.

What changes compared to the original version?

The Communications Deprivation, Cyber ​​Security and Privacy Bill tabled in Parliament today incorporates a number of proposals made during both consultation and public debate, as well as further improvements. Particularly:

-The definition of “reasons of national security” that can justify declassification is substantially limited. “Reasons of national security” are now defined as reasons related to the protection of the basic functions of the state and the fundamental interests of Greek citizens, while the relevant indicative list includes exclusively reasons related to national defense, foreign policy, energy security and cyber security.

-Increased documentation requirements are placed on the request for declassification for reasons of national security. This request must include the reasons that constitute a risk to national security, the necessity of declassification to address the risk, the object of the declassification, i.e. the external elements of the communication or its content, and the absolutely necessary time period . Any extension of the declassification for reasons of national security beyond ten months is only possible if it is confirmed that there are still specific elements that make the endangerment of national security immediate and highly probable.

-Increased guarantees of independence of the three-member body that decides on the disclosure of declassification for reasons of national security are provided. Two public prosecutors and the President of the Authority for Ensuring the Privacy of Communications are now participating in this. On the contrary, the participation of the Governor of E.Y.P. is no longer foreseen. and the Director of Counter-Terrorism. It is also provided for the observance of confidential summary minutes, while the opinion of the minority is also recorded.

-The tracking material destruction process is further standardized. It is clarified that the files containing the documentary material can be destroyed after ten years, while the material captured in the attachment system is deleted after six months. In every case of destruction or erasure, a relevant report is drawn up.

– The list of crimes justifying removal of privacy is further streamlined. The removal of confidentiality is now only permitted in crimes of particular infamy, for the verification of which the limitation of the right to privacy of communication is necessary. The relevant list is also systematized in the same legislation, to enhance legal certainty.

-A Unified Cybersecurity Reference Center is introduced in the General Directorate of Cybersecurity of the General Secretariat of Telecommunications and Posts of the Ministry of Digital Governance. The Center aims to develop, support and strengthen capacities at the national level for the early detection and response of cyber threats across the territory, in particular by strengthening the capabilities of early warning, detection and response to cyber attacks.

You May Also Like

Recommended for you

Immediate Peak