Which topic would you like to know more about?
What is the legal age of adulthood/ majority in your jurisdiction? Are all persons below this age considered a child/ minor?
According to Art. 127 of the Greek Civil Code, persons over the age of 18 years old have an unlimited capacity to conclude contracts. Below this threshold, children have a limited contractual power to proceed with some transactions explicitly set out in law (i.e. children over 10 years old are able to conclude only transactions from which they gain benefit).
Has the UNCRC been directly incorporated into national law in your jurisdiction?
Yes.
In 1992, Greece adopted Law 2101/1992 which ratified the UNCRC.
Is there an ombudsperson/ commissioner for children in your jurisdiction?
Yes.
Since 2003, the Greek Ombudsman is charged with the issues related to children’s rights. In addition, the General Secretariat of Commerce and Consumer Protection of the Ministry of Development and Investments established the Committee for the Protection of Minors Consumers in 2023, which is an advisory body.
If there is an ombudsperson/ commissioner for children in your jurisdiction, do they have any responsibility for upholding children’s rights in the digital world or does the relevant regulator have sole competence?
Yes.
The Greek Ombudsman is in charge of all issues related to children and cooperates with the regional and local authorities that may also be competent for certain cases (i.e. consumers’ ombudsman). It is noted that the role of the Greek Ombudsman is that of a mediator and it does neither have any normative power, nor can it impose any sanctions.
Is there any standalone requirement to collect the consent of one or both parents when processing a child’s personal data (irrespective of any other obligations, e.g. the requirement to have a legal basis for processing)?
No.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. In addition, the Greek Data Protection Authority has not issued any guidance in this regard. The requirement to collect parental consent under Article 8(1) of the GDPR only applies where the service provider is relying on consent as the legal basis under the GDPR for processing a child’s personal data.
If another legal basis is relied on for processing, there is no requirement to collect parental consent for processing the child’s data.
Entirely separate to the requirement to collect parental consent under Article 8(1) is that a digital service provider (controller) may decide to seek parental permissions for a child to access different setting/ features/ functionalities etc. as part of the measures it implements under Articles 24 and 25 of the GDPR to ensure a high level of protection for child users.
At what age can children legally consent to the processing of their own personal data, such that parental permission/ consent is not required?
Pursuant to Article 21 of Law 4624/2019, the minimum age at which a child can provide a valid consent to online services is 15 years old.
Are there specific requirements in relation to collection and/or verification of parental consent/ permission concerning the processing of a child’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. According to Art 8(2) GDPR, controllers are required to make reasonable efforts to verify that consent has been given or authorised by parents. The Greek Data Protection Authority has not to date provided for any specific method(s) that could be used as a verification mechanism.
Are there any particular information or transparency requirements concerning the processing of children’s personal data?
Yes.
There are no national-specific laws in this regard; see more information on the GDPR-level requirements here. The Greek Data Protection Authority has stated in a relevant case (Decision 50/2021) that the vocabulary, tone and style of the language used needs to be suitable for all age groups of children.
Can children directly exercise their rights in relation to their personal data without the involvement of their parents?
Yes.
In general, the Greek legal order encourages the involvement of children in matters pertaining to them and provides that children must have an active role in this regard, to the extent feasible. According to Article 1151 of the Greek Civil Code, children’s opinions must be taken into account, depending on their maturity level, before any decision regarding parental care and their interests. Likewise, the Greek Data Protection Authority has stated in a decision regarding the use of GPS technologies to children (Decision 112/2012) that children must be informed and, as soon as reasonably possible, allowed to participate in the decision to use such technologies.
Can children make complaints on their own behalf directly to your national data protection/ privacy regulator(s)?
Yes.
In general, the Greek legal order encourages the involvement of children in matters pertaining to them and provides that children must have an active role in this regard, to the extent feasible. According to Article 1151 of the Greek Civil Code, children’s opinion must be taken into account, depending on their maturity level, before any decision regarding parental care and their interests. Likewise, the Greek Data Protection Authority has stated in a decision regarding the use of GPS technologies to children (Decision 112/2012) that children must be informed and, as soon as reasonably possible, allowed to participate in the decision to use such technologies.
Are there any particular requirements/ prohibitions related to:
a. processing specific types of children’s personal data;
b. carrying out specific processing activities involving children’s personal data; and/ or
c. using children’s personal data for specific purposes.
Yes.
a) processing specific types of children’s personal data
Article 23 of Law 4624/2019 explicitly prohibits the processing of genetic data for health and life insurance purposes. This prohibition applies to both minors and adults.
b) carrying out specific processing activities involving children’s personal data; and/ or
There are no national-specific laws in this regard; however, the Greek Data Protection Authority (Greek DPA) has issued some statements/guidance in this regard on its website. Based on Recital 71 of the GDPR, the Greek DPA has stated that automated decision-making based on the processing of children’s personal data is prohibited, insofar as such processing produces legal effects concerning them or similarly significantly affects them. It also mentions that the exceptions set out in Article 22(2) of the GDPR apply as long as suitable measures have been implemented in order to safeguard the children’s rights.
c) using children’s personal data for specific purposes
Pursuant to Article 9(2) of Law 4779/2021 transposing the Audiovisual Media Services Directive (AVMSD) into national law, minors' personal data collected or otherwise generated by communication media service providers cannot be used for commercial purposes such as direct marketing, profiling and behavioural advertising.
Additionally, see more information on the EU-level requirements here.
Has there been any enforcement action by your national data protection/ privacy regulator(s) concerning the processing of children’s personal data? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
The Greek Data Protection Authority (Greek DPA) has issued Decision 50/2021 relating to the processing of children’s personal data on the distance-learning platform operated by the Ministry of Education and Religious Affairs (Ministry) during the COVID-19 pandemic. In making its findings, the Greek DPA imposed reprimands on the Ministry and ordered it to address various violations related to the operation of the platform. Among other violations, the Greek DPA found that the privacy policy provided to children was inadequate, lacking in detail and was not written in child-centred language.
Are there specific rules concerning electronic direct marketing to children?
Yes.
Pursuant to Article 9(2) of Law 4779/2021 transposing the Audiovisual Media Services Directive (AVMSD) into national law, minors' personal data collected or otherwise generated by communication media service providers cannot be used for commercial purposes such as direct marketing, profiling and behavioural advertising.
Greece has implemented e-Privacy Directive into national law by virtue of Law 3471/2006. This Law is not specifically directed at communications made solely to children; however, for all direct marketing activities targeting both adults and minors, this Law requires data subjects’ prior consent to receiving the communication in question (except for communications aimed at the provision of similar products or services in the context of a customer relationship). In addition, according to Guidelines 2/2011 of the Greek Data Protection Authority on electronic consent in the context of Law 3471/2006, the recipients of marketing emails have to provide their prior explicit consent.
Are there specific rules concerning the use of adtech tracking technologies, profiling and/or online targeted advertising to children?
Yes.
Pursuant to Article 9(2) of Law 4779/2021 transposing the Audiovisual Media Services Directive (AVMSD) into national law, minors' personal data collected or otherwise generated by communication media service providers cannot be used for commercial purposes such as direct marketing, profiling and behavioural advertising.
See more detail on these EU law requirements here.
Are there specific rules concerning online contextual advertising to children?
Yes.
Pursuant to Article 9(2) of Law 4779/2021 transposing the Audiovisual Media Services Directive (AVMSD) into national law, minors' personal data collected or otherwise generated by communication media service providers cannot be used for commercial purposes such as direct marketing, profiling and behavioural advertising.
See more detail on these EU law requirements here.
Has there been any regulatory enforcement action concerning advertising to children? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To the best of our knowledge, no enforcement action concerning advertising to children has been taken so far.
At what age does a person acquire contractual capacity to enter into an agreement to use digital services?
According to Article 127 of the Greek Civil Code, persons who are over 18 years old have full contractual power. Below this threshold, children have a limited contractual power to proceed with some transactions explicitly set forth in law (i.e. children over 10 years old are able to conclude only transactions from which they gain benefit).
Do consumer protection rules apply to children?
Yes.
The laws on consumer protection apply to both adults and children. Consumers will have to be provided with all necessary information that relates to distance and off-premises contracts, as well as to contracts concluded on online marketplaces. Furthermore, misleading advertising constitutes an unfair commercial practice and is prohibited. The behaviour of the average consumer to whom the envisaged product is addressed constitutes a criterion for assessing the unfair character of a commercial practice. Minors constitute a vulnerable target group and thus general laws on consumer protection apply, together with specific provisions addressed solely to them - for further information, see the response to this question.
Additionally, see more information on the EU-level requirements here.
Are there any consumer protection rules which are specific to children only?
Yes.
Law 2251/1994 on the Protection of Consumers, as amended and currently in force, provides a series of restrictions for the protection of the mental health of minors and prohibits the placement on the market of products that entail risks for the mental or moral development of minors or encourage discrimination based on race, gender, religion, nationality, disability or sexual orientation.
According to Article 7(a) of the Law, providers of electronic and video games are bound to display those products according to the age group to which they are addressed. A Regulation for the Protection of Minor Consumers is expected to be issued for businesses engaged in electronic games and digital applications by way of a Ministerial Decision.
In addition, pursuant to the Consumer Code of Ethics and the Consumer Code of Ethics for Electronic Commerce, advertisements addressed to minors must be accurate, objective, easily understandable and accessible so as not to mislead them as to the size, value, nature, purpose, durability, performance and fees of the product.
Additionally, see more information on the EU-level requirements
here.
Has there been any regulatory enforcement action concerning consumer protection requirements and children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To the best of our knowledge, no enforcement action has been taken so far.
Are there any age-related restrictions on when children can legally access online/ digital services?
Yes.
Law 2251/1994 on the Protection of Consumers prohibits the offering of products/services that entail risks to the mental, intellectual or moral development of minors.
According to this Law, such products/services are considered, in particular, those that:
- cause minors insecurity or fear;
- encourage, directly or indirectly, aggressive behaviour and in particular the use or exercise of violence;
- offend human dignity;
- encourage the adoption of behavioural standards that are inconsistent with moral and legal rules of modern society or are harmful to the environment;
- promote discrimination based on race, sex, religion, nationality, disability or sexual orientation;
- encourage addictions and activities that are harmful to minors;
- directly or indirectly arouse, prematurely, eroticism through verbal or visual representations with sexual messages that are inconsistent with the image of childhood and its special characteristics or reproduce gender stereotypes; or
- directly or indirectly acquaint minors with immoral or disrespectful actions.
The Law does not provide for an exhaustive list of restricted services, and thus all online/digital services with the aforementioned characteristics cannot be offered to minors.
Are there any specific requirements relating to online/ digital safety for children?
Yes.
The Law 4779/2021 that transposed Audiovisual Media Services Directive provides for a general obligation of media service providers to employ the appropriate measures for restricting access to audiovisual media services, such as age verification, without however mentioning concrete tools/measures.
See more information on the EU-level requirements here.
Are there specific age verification/ age assurance requirements concerning access to online/ digital services?
Yes.
The Law 4779/2021 that transposed Audiovisual Media Services Directive provides for a general obligation of media service providers to employ the appropriate measures for restricting access to audiovisual media services, such as age verification, without however mentioning concrete tools/measures.
See more information on the EU-level requirements here.
Are there requirements to implement parental controls and/or facilitate parental involvement in children’s use of digital services?
Yes.
Law 4779/2021 transposing the Audiovisual Media Services Directive (AVMSD) provides for a general obligation of media service providers to employ the appropriate measures for restricting access to audiovisual media services, such as age verification, without however mentioning concrete tools/measures.
See more information on the EU-level requirements here.
Has there been any regulatory enforcement action concerning online/ digital safety? In your answer, please include information on the volume, nature and severity of sanctions.
Yes.
To the best of our knowledge, no enforcement action has been taken so far.
Are there any existing requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific laws in this regard; the AI Act (Regulation 2024/1689) applies in this context. See EU-level response here.
Are there any upcoming requirements relating to children and AI in your jurisdiction?
Yes.
There are no national-specific requirements in this regard; see EU-level response here.
Has there been any other regulatory enforcement activity to date relevant to children’s use of digital services? In your answer, please include information on the volume, nature and severity of sanctions.
No.
To the best of our knowledge, no enforcement action has been taken so far.
Are there any other existing or upcoming requirements relevant to children’s use of digital services?
Yes.
According to Law 2251/1994 on the Protection of Consumers, a Regulation for the Protection of Minor Consumers is expected to be issued that will apply to businesses engaged in electronic games and digital applications. This Regulation is expected to determine the applicable fines and penalties in case of breach, as well as the competent authority for imposing such fines.
Additionally, see more information on the upcoming EU-level requirements here.
Contributors
Marianna Katrakazi
Tsibanoulis & Partners
