You are here



Thanks to Panoptykon’s initiative bank customers in Poland will have the right to receive explanation of their creditworthiness. It’s the first right of this kind in Europe and a higher standard than the one envisioned in the GDPR.


Who Targets Me (us) and What Can I (we) Do About It – Katarzyna Szymielewicz's speech at the 2019 edition of Personal Democracy Forum is already available online.


Legal regulations take shape by practice. The GDPR - as a legal document - was born in 2016. After two years of incubation it was thrown into the market. A year later, many are curious to see whether it can swim. But the expectations were higher. We wanted it to change the whole ecosystem, change the distribution of power over data. Are these hopes lost already?   


On 7 May 2019 Spoleczna Inicjatywa Narkopolityki (Civil Society Drug Policy Initiative, “SIN”), supported by the Panoptykon Foundation, filed a lawsuit against Facebook in a strategic litigation aimed at fighting private censorship on the Internet. Online platforms act as the ‘gatekeepers’ to online expression, thus gaining tremendous power over the information circulated on the Internet – power which they wield without an adequate accountability or responsibility. Moderation is necessary to fight illegal, harmful content but unfortunately perfectly legal and socially valuable materials often fall prey to it.  We hope that our lawsuit against Facebook will help change this.

  • ISPs liability

The Polish DPA decided that Panoptykon’s complaints against IAB Europe and Google, who are responsible for the functioning of targeted advertising, have a cross-border character, which means that they affect data subjects residing not only in Poland. In order to ensure a consistent application of the GDPR in the entire European Union, the Polish DPA referred our complaints to DPAs in Belgium and in Ireland where IAB and Google respectively have their European headquarters. This gives hope for a systemic change of how behavioural advertising works in the entire EU.



Jan Nowak, previously a general manager at the DPA’s office and a long-term member of PiS, the ruling party, will become the new chair of the Polish Data Protection Authority. The nomination raised controversy as to whether Jan Nowak meets the legal requirements for this position.


Your online profile is not always built on facts. It is shaped by technology companies and advertisers who make key decisions based on their interpretation of seemingly benign data points: what movies you choose watch, the time of day you tweet, or how long you take to click on a cat video.


Videos from CPDP 2019: Data Protection and Democracy are already available (featuring Katarzyna Szymielewicz and Karolina Iwańska).



On the International Data Protection Day, 28 January 2019, Panoptykon Foundation filed complaints against Google and IAB Europe under the General Data Protection Regulation (GDPR) to the Polish Data Protection Authority (DPA). The complaints are related to the functioning of online behavioural advertising (OBA) ecosystem.


Let us introduce you to GDPR Today – your online hub for staying tuned to the (real) life of EU data protection law. Every two months we will be publishing statistics showing how the GDPR is being applied across Europe. More often we will be sharing relevant news – from legal guidelines and decisions to data breaches, new codes of conduct, important business developments, and memes.

  • data protection reform