Greece
AI behavior law: bot and agent disclosure, crawler and training-data rules, automated-agent transactions, and algorithmic decision-making.
Summary
Greece has a specific multi-article computer crime framework in the Penal Code (Poinikos Kodikas) that is directly relevant to scraping. Art. 370B criminalises unauthorised access to electronic data (up to 2 years or fine). Art. 370D par. 2 criminalises access to an information system or data transmitted through telecommunications "by violating prohibitions or security measures taken by its legal owner" (10 days to 5 years). The security-measures requirement means public pages with no technical barrier carry no criminal exposure; bypassing a technical control triggers Art. 370D par. 2. Greece transposed DSM Directive 2019/790 via Law 4996/2022, which amended the Copyright Law (L. 2121/1993) to introduce dual-track TDM exceptions. The full EU sui generis database right applies. The Hellenic Data Protection Authority (HDPA/APDPX) is an active GDPR enforcer — it issued the largest-ever fine in Greece (EUR 20M) against Clearview AI in 2022 for biometric scraping of Greek residents' images from public web pages. EU AI Act applies from August 2025.
Automated-access legality
Carried forward from the crawler-law index. Governs whether automated clients may access public websites in this jurisdiction.
| Dimension | Value |
|---|---|
| Authorization test | security mechanism bypass |
| Public-page carve-out | yes |
| Terms-of-service browsewrap enforceable | notice dependent |
| Terms-of-service clickwrap enforceable | yes |
| Copyright exception model | tdm dual track |
| Text and data mining — commercial status | with optout |
| Text and data mining — opt-out mechanism | robots txt |
| robots.txt legal weight | evidentiary |
| AI training-specific law | binding |
| Privacy regime | GDPR |
| Trespass to chattels | not recognized |
Last reviewed: 2026-05-23. Confidence: medium. Fast-moving area — verify before relying. Not legal advice.