Site map |
serch
Press »
We do not limit access to important information
metadane

The Data Protection Act was harmed when it was evoked in situations in which it was not appropriate to do so. It was treated as an instrument making the citizens' lives more complicated when they had important matters to deal with.

Ten years have passed since the adoption of the Data Protection Act, so there should not be any problems with its interpretation. However, individuals and companies still keep asking the Inspector General questions. What kind of problems do they mention?

During the ten years the Act found its way into public awareness. A typical citizen does know the rules concerning data protection - in this respect we are no different from other EU countries. The problems with applying the provisions of the Act in practice usually concern the permissibility of data processing and the ever wider scope of collecting data - for example ones concerning the clients of banks. In November 2005 the Supreme Administrative Court issued an interesting decision in which it claimed that there was no legal basis for widening the scope of the personal data held by the bank by adding information concerning previous addresses. It was also judged unjustified to obtain data concerning categories and dates of issuing of driver's license.

The first actions of Inspector General were highly radical, they caused surprise and even protests: the lists of inhabitants of blocks of flats disappeared, the Inspector seemed to care more about the debtors than about the creditors...

In the controversial case concerning the transfer of debtors' personal data to factoring companies, the decision of the seven judges of Supreme Administrative Court issued on June 6th 2005 ended the doubts resulting from earlier contradictory decisions. The court ruled that such data could be transferred to factoring companies without the consent of the debtors. However, there is a need to strike a balance between the protection of debtors' rights and freedoms and the interests of the creditors. The court stated that a legally justified objective mentioned in Art. 23 (5.1) of the Data Protection act of August 29th 1997 may also be based on the Civil Code.

- What about limiting the access to the lists of inhabitants?

- As far as the lists are concerts are concerned, until 1990 there were provisions ordering their publication. The Data Protection Act, in its turn, introduced new rules making such publication possible only if every data subject consents. The Act is often difficult to understand for individuals, as it contains some specialized concepts (such as data controller) and concerns data processing by the means of new technologies such as the Internet, video surveillance, RFID and GPS systems. Because of this, the Act was often treated as an instrument meant to complicate the lives of citizens who needed to obtain certain information while dealing with various affairs.

- Who did harm to the Act?

Institutions and officials dealing with those matters often evoked the Act while failing to be helpful. They often explained: the Act forbids us to do it. However, the Data Protection Act has a very general nature. It is completed by the provisions of other acts related to different domains of social life. It means that if specific issues in the field of data processing are regulated in other documents, the latter should be referred to. For example, disclosing data from the lists of citizens is regulated by the Act on registers of citizens and identity cards, and from the registers of grounds and buildings - by the Act on geodesy and cartography. The Data Protection Act in itself is very friendly and protects human and citizen rights.

- The latest report on documents found in trash bags, however, reveals many irregularities that could easily be shocking.

The study showed that three quarters of companies had contact with data protection rules, but a half of them simply throws documents away without destroying them.

Shouldn't you act in the case of problems such as obtaining medical data from hospitals by the Internal Security Agency, publications of lists of agents from the National Remembrance Institute or of agents of Internal Security Services from the communist Poland. Did you ask the control questions to relevant services in all those cases?

- I did all that the law allowed me to do. In the Polish legal system there are limits to the application of the Data Protection Act. It means that the Inspector General has no right to issue administrative decisions and, to accept claims on the violation of the Data Protection Act or to control the police services, the Internal Security Agency, the Central Anti-Corruption bureau and other authorities. The Data Protection Act does not apply to the National Remembrance Institute, in accordance with Art. 71 of the Act on National Remembrance Institute.

Interwiew by Katarzyna Żaczkiewicz

• Michał Serzycki, graduate of Stefan Wyszyński University in Warsaw. In 2006 he was elected by the Parliament for a 4-year term of office.

10 years of Data Protection Act

Right to Privacy in Surveillance Society is the main theme of a two-day conference organized by Mr Michał Serzycki, Inspector General for Personal Data Protection. The meeting attended by representatives of data protection authorities from Sweden, Italy, Czech Republic, Slovakia, Spain, Austria and other European countries, will also be an occasion to discuss the problems of privacy on the internet and protecting the privacy of public figures.


 What's new on the website
* Articles marked with asterisk have been placed on the website within the last 14 days

Privacy Policy  Site map