Another European court judgment confirms that supervision of service operations needs to be improved
The judgment of the European Court of Justice (CJEU) of 13 June 2024 in the case C-229/23 HYA and Others is another decision resulting in the need for changes concerning the rules on the use of operational control of telecommunications data by state authorities.
This is the conclusion of the President of the Personal Data Protection Office (UODO) in response to a question from the Minister for the European Union in the Prime Minister's Office, Adam Szłapka. It follows from the judgment asked by Minister Szłapka, inter alia, that by the norms of European law it is required that a court decision authorising the application of the so-called operational control of telecommunication data should contain a written justification. Thus, it is impossible to maintain the situation that a Polish court, while agreeing to the Police's request for an operational control, does not justify this request.
Under Polish law, the request for the application of operational control contains a justification, however, the court, when issuing a decision to order operational control, does not justify it. Such a model of using operational control of telecommunication data by the authorities, is inconsistent with the European standards of protection of fundamental rights, including the right to privacy.
In his correspondence with the authorities, the President of the Polish SA also once again recalls the judgment of the European Court of Human Rights (ECtHR) of 28 May 2024 in the case Pietrzak, Bychawska-Siniarska and Others v. Poland (application nos. 72038/17 and 25237/18). In it, the ECHR stated that Polish law needs to be amended as we do not have effective oversight of how the services apply operational control.