The main themes of the Conference on Personal Data Protection in the Era of Changes included summary of 20 years of the right to personal data protection in Poland and discussion on the forthcoming changes in this regard.
The meeting held on 31 January 2017 in Warsaw was the focal point of the annual celebration of the Data Protection Day established by the Committee of Ministers of the Council of Europe to be celebrated on 28 January. This year it has been celebrated already for the 11th time.
Special occasion for celebration
2017 will be a special year in the history of personal data protection in Poland, which has been reflected in the subject matter and the shape of the meeting. This year is not only the time of the 20th anniversary of the right to personal data in Poland, but also the time of more and more intensive preparations of our country for commencing the application of the General Data Protection Regulation. Therefore, the Conference organised by GIODO was divided into two thematic modules referring to both indicated issues.
The beginning and the essence of the Polish legislation
Opening the meeting, Dr Edyta Bielak-Jomaa, the Inspector General for Personal Data Protection (GIODO), touched upon the origins of the Polish legislation on personal data protection. She indicated that its beginning dates back to the middle of the 1990s.– At that time, various expectations and challenges of the academics, politicians and human rights protection organisations as well as government administration coincided in a special way in the Polish Parliament. Luminaries of the law recognised that it was high time to fill the gap, which was the lack of the Act on Personal Data Protection in the Polish law, and human rights defenders, observing the European discussion on common legal framework for the protection of privacy in the European Union, stated that legislative works in Poland were an obvious step towards preparation of Poland to join the European Union and full participation in the implementation of the Council of Europe’s acquis (Convention No. 108) – said Dr Edyta Bielak-Jomaa. – Whereas, according to the government the perspective of Poland’s accession to NATO required enhanced harmonization of the Polish law with the solutions applicable in the countries with similar legal culture, such as Germany, France or the Benelux countries – she added.
In view of representative of the Cardinal Stefan Wyszyński University, Prof. Irena Lipowicz, the former Commissioner for Human Rights, Member of the Polish Parliament of the 1st, 2nd and 3rd term, initiator of the MP’s draft Act on Personal Data Protection, the protection of personal data in Poland is the work of “Solidarity”. She indicated that members of that circle found it to be a part of our freedom and already in the 1980s they made efforts to introduce regulations in that regard. – However, the Martial Law made it impossible for our dreams to come true – she stated.
As she added, upon beginning the works on Poland’s accession to NATO and the European Union those concepts were recalled. – Being a member of those organizations required mature protection of our personal data – she said.
Many speakers, including the representatives of the GIODO Bureau - Bogusława Pilc, Director of the Inspection Department and Monika Krasińska, Director of the Jurisdiction, Legislation and Complaints Department, said how the system of personal data protection had been evolving. All of them stressed how much our awareness of the need to protect our data and knowledge on our rights had increased within 20 years of the binding force of the Act, which was to a large extent also a result of activities undertaken by GIODO.
The time of challenges
Currently, we are at the time of changes. In the opinion of Prof. Irena Lipowicz, we are watching the borders of privacy disappear. Today, at the time of digitization and more and more common use of Big Data, it is technologically possible to identify the interests and expectations of each citizen, to create a profile of the entire society. This is an enormous danger for democracy, as she indicated, and at the same time a challenge as regards state security. Hence, among others her call for developing the Charter of Fundamental Rights of the digitization era. At the time of informatization, each of those rights experiences shock.
The next challenge is also proper preparation of our country for the application of the General Data Protection Regulation, which as of 25 May 2018 will introduce in all EU Member Staes a harmonised data protection area.
– In this context it seems crucial to ensure that all the principles, rights and obligations resulting from the Regulation are safeguarded by a strong and independent supervisory authority – said Dr Edyta Bielak-Jomaa. – The current discussion on the status and competences of the Polish DPA should focus on these two elements – the powers and the independence of GIODO– she added.
Also Prof. Lipowicz pointed at those issues, indicating inter alia that we destine too few measures for counteracting the future risks. She stated that GIODO was the authority for professionals and that it should not be exposed to political storms.
The works on the national reform of the law of personal data protection were also referred to by Dr Maciej Kawecki representing the Ministry of Digital Affairs, which on the part of the government is in charge of preparation of Poland to the application of the General Data Protection Regulation. In his speech, he presented the basic assumptions underlying the development of the Polish legal provisions in this regard. He indicated that the national legislator’s goal should be to create an efficient institutional system, ensuring effective protection of our rights. – The aim is to elaborate in cooperation with GIODO a model procedure ensuring more flexible and quick reaction to any data breach incidents– he said.
The Conference was attended by over 200 persons – representatives of the Sejm and Senate, judges, public administration, institutions, universities and NGOs specialising in the field of personal data and privacy protection, as well as professionals dealing every day with personal data protection in companies and institutions.