Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

The new Polish Surveillance Act – back door for law enforcement

By Dariusz Czuchaj
March 4, 2016
  • Europe
  • New and Proposed Laws
Share on Facebook Share on Twitter Share via email Share on LinkedIn

While US mass surveillance is heavily debated across Europe, the new Polish government swiftly moved to adopt a new set of laws which allow Polish law enforcement authorities extensive access to electronic communications. The new law, generally known as the “Surveillance Act”, came into effect on February 7, 2016.

Who are caught by new rules?

The new law applies mostly to domestic service providers, however due to the lack of clarity of the provisions, it is still unclear whether foreign service providers will be caught as well. Much will depend on the interpretation of the law enforcement authorities.

Main highlights:

  • The “uniformed” enforcement authorities (e.g. Polish Police, Intelligence Agency, tax intelligence services etc.) will now have increased rights of access to digital data.
  • Their access will only be monitored in limited circumstances by regional courts.
  • Telecom companies, postal operators and e-service providers will be required to provide the data free of charge by establishing and maintaining an “access route”.
  • New rules for handling data containing or likely to contain client-attorney privileged content – investigators will now be able to access all data, before the court approves the use of such data in the investigation. This change will make the control exercised by court an illusion.
  • Surveillance by enforcement authorities can last up to 18 months; during this time the suspect is not aware of the surveillance, neither is he/she informed when the surveillance ends.
  • The issue of encryption is not addressed, so Polish law still allows encryption.

What is the concern?

  • Vast scope of data which may be “covertly” accessed by the Polish authorities. This new law considerably impairs an individual’s ability to protect their private or confidential information, including legally privileged secrets, intellectual property. The amendments provide that the Polish authorities will now have a right to obtain and record, e.g.:
    • Correspondence, including emails (prior court approval is however required for emails) : this category may include correspondence sent by means of computer applications (e.g. mobile) and certain internet portal functionalities (e.g. chat).
    • Data stored on IT systems – it is possible that the Polish authorities may be authorised to use malware installed on the users’ devices to systematically access and download data stored in these systems
    • Data regarding the use of e-services – this includes the user’s full name, PESEL number, residential address, e-mail address, IP address, as well as information on scope of use of the e-service (i.e. “meta-data”). This raises concerns that use of social media, websites and cloud services will be monitored.

What should you do?

We recommend you take the following action:

  • Introduce a “risk assessment system/process” to evaluate the risk associated with the processing of certain business information, implement or scrutinize your current policies (e.g. information security policies, IT procedures etc.) and revisit contracts with IT solution providers.
  • Consider increasing the level of security of your confidential information by using adequate IT data protection technologies (including data or email message encryption software).
  • When in doubt – consider limiting electronic communications for certain types of data (i.e. communications with your lawyers), storing certain categories of documents separately to avoid access.

Challenges?

The Commissioner for Human Rights (Polish Ombudsman) filed a petition to the Constitutional Court to assess the legality of the new law. Until the verdict of the Constitutional Court is issued, this law is deemed to be lawful and binding in Poland.

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Dariusz Czuchaj

About Dariusz Czuchaj

Dariusz Czuchaj, attorney at law, counsel at Dentons’ Warsaw office, is a member of the Intellectual Property and Technology practice team.

All posts Full bio

RELATED POSTS

  • Consumer Protection
  • Data Breach
  • Health Information Privacy
  • New and Proposed Laws
  • Privacy Rights
  • United States

New Mexico Becomes 48th State To Enact Data Breach Notification Law

By Peter Stockburger
  • Canada
  • Data Transfers
  • Government Information
  • New and Proposed Laws
  • Privacy Rights

PIPEDA: Substantial Amendments Proposed by Parliamentary Committee

By Karl Schober
  • New and Proposed Laws

Upcoming seminars on the draft Data Protection Regulation

As you may already know, we’re hosting two seminars next week on the draft Data Protection Regulation. On Tuesday, 19 […]

By Nick Graham

About Dentons

Dentons is the world’s largest law firm, delivering quality and value to clients around the globe. Dentons is a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. Dentons’ polycentric approach and world-class talent challenge the status quo to advance client interests in the communities in which we live and work. www.dentons.com.

Dentons Digital

Twitter

Categories

  • Accountability
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2021 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site