photo
17.06.2024

The draft Law on Electronic Communications requires changes

The draft Law on Electronic Communications replicates the model of storing (retention) and sharing telecommunications data, which is inconsistent with the case law of the Court of Justice of the European Union.

On June 7, 2024, the President of the Personal Data Protection Office submitted comments on the project to the Chancellery of the Sejm (lower chamber of the Polish Parliament),  (Sejm form No. 423). This project has already undergone consultations and opinions at the government stage. The President of the Personal Data Protection Office participated in it, and a significant part of his concerns were taken into account.

The President of the Personal Data Protection Office reports the comments again in a letter to the deputy head of the Chancellery of the Sejm, Dariusz Salamończyk. In the current term, the Polish Sejm collects opinions on parliamentary projects (which are not subject to consultation) and government projects. These are then used during the parliamentary work on the project.

There are two basic concerns of the President of the Personal Data Protection Office. The first relates the mode of work on the project. The drafter has missed conducting a privacy test in the n the law-making process. Meanwhile, when preparing such projects, it is necessary to examine how new solutions will affect the protection of personal data (in accordance with Article 25(1) and Article 35 of the GDPR).

The second relates the model for retention and sharing of user data with authorised entities. The draft replicates solutions from the Telecommunications Law.

The project assumes (in Article 47) that telecommunications entrepreneurs will have to store detailed data on connections for one year and make them available to courts, Prosecutor's Offices, Police, Office for Internal Oversight, Border Guard, Prison Service, State Protection Service, Internal Security Agency, Military Counterintelligence Service, Military Police, Central Anti-Corruption Bureau and the National Revenue Administration. This will be data allowing the identification of users, time, place and type of connection. The exact scope of stored data will be determined by regulation. According to the President of the Personal Data Protection Office, such important details should be specified in the Act.

The President of the Personal Data Protection Office also points out that such an undifferentiated method of collecting data about all users is inconsistent with the Charter of Fundamental Rights of the European Union. He cites the relevant rulings of the CJEU, which were issued after Poland adopted the Telecommunications Law. These include:

In the opinion of the President of the Personal Data Protection Office, the currently used model of unconditional collection of data of all users does not ensure the application of the principles arising from the provisions of the GDPR regarding the processing of personal data: lawfulness, fairness and transparency (Article 5(1)(a)), purpose limitation (Article 5(1)(b)), data minimisation principle (Article 5(1)(c) and storage limitation (Article 5(1)(e)), as well as the principle resulting from Article 51(2) of the Constitution of the Republic of Poland to limit the collection of information on citizens by public authorities.

The comments of the President of the Personal Data Protection Office on the draft Law on Electronic Communications are available in the file attached below.

Attached files

Pobierz plik DOL.401.60.2024