Article 24.04.2025 4 min. read Text Image Panoptykon Foundation supports activists and attorney-at-law Artur Kula to demand four biggest telecom companies in Poland to delete data stored for the purpose of law enforcement in the last 12 months. They want to challenge the current unlawful data retention regime in Poland.Polish data retention regime threatens fundamental rightsPolish national law obliges telecom companies to retain all users’ data, including call history and location data, for a period of 12 months. Secret services may access people’s location data and call history at any time as they have remote access to the major companies’ databases. To be precise: unscrutinised access, as neither prior nor subsequent a court order is required.Indiscriminate data retention and unscrutinised access to data by secret services not only threatens privacy, but also endangers fundamental rights such as freedom of speech or the right to a fair trial.10 secret services and law enforcement agencies entitled to do so access telecom data approximately 2 million times every year. Even if a person has not broken the law, their data is still retained in case secret services wish to access it. There is no control of individual cases, only a collective report submitted to court twice a year.When Panoptykon reviewed the situation in 2017, courts did not always dive deeper than the table submitted by the institutions authorized to access the data. In 2023, courts audited only 254 cases (out of almost 2 million, which is 0,01% of all the cases) and found no violations. However, violations do occur: proven cases include journalists whose call history was examined by the Central Anti-Corruption Bureau.Activists submit requests to erase their dataThe lack of action of the Polish government prompted Panoptykon to search for a different way to challenge the unlawful data regime. They invoked the EU data protection rules – specifically article 17(1)(d) of the GDPR – to challenge it. How? By demanding from four biggest telecom companies to erase their unlawfully stored data.As telecoms have to comply with Polish data retention law, they expect their applications will be rejected. So they are already planning to complain to the data protection authority – and then to the court. They hope the case will reach the Court of Justice of the European Union (CJEU) and that the CJEU will state beyond any doubt that the Polish legislation should be changed.Polish data retention regime vs EU regulationsThe unlawfulness of the Polish data regime was already confirmed by the European Court of Human Rights in the case Pietrzak, Bychawska-Siniarska and others v. Poland (May 2024). Indiscriminate data retention was previously also rejected by the Court of Justice of the European Union (Digital Rights Ireland, Tele2/Watson). It has declared national regulations providing for generalized and indiscriminate retention of all traffic and location data of all users incompatible with EU law.While the CJEU judgement led to the annulment of the Data Retention Directive, Polish authorities have not yet amended the national regulations accordingly. Moreover, since the annulment of the directive, successive governments have consistently expanded secret services’ access to data while simultaneously weakening scrutiny. Pretexts for these measures range from the “war on terror” to “migrant pressure” or “hybrid war”. As a result all Polish citizens are under scrutiny while secret services – aren’t. This is against the EU’s e-Privacy Directive and the Charter of Fundamental Rights of the EU, leading to controversies such as the use of spyware against opposition politicians.According to the recent (November 2024) report on data retention regulations in the EU member states, Poland stands as an exception rather than the norm in its approach. The indiscriminate retention of all users’ data coupled with the secret services’ unrestricted and unscrutinised remote access to databases is not a common practice across the EU. Anna Obem Author Mateusz Wrotny Author Topic data retention Previous See also Article No control over surveillance by Polish intelligence agencies. ECHR demands explanations from the government The European Court of Human Rights demanded the Polish government to provide an explanation in the case of surveillance by intelligence agencies. 18.12.2019 Text Article European Court of Human Rights: secret surveillance in Poland violates citizens’ privacy rights According to the precedent judgment announced today by the European Court of Human Rights, the operational-control regime, the retention of communications data, and the secret-surveillance regime under the Anti-Terrorism Act in Poland violate the right to privacy. The activists from Poland’s… 28.05.2024 Text Article Polish law on “protecting the freedoms of social media users” will do exactly the opposite Polish government’s proposal for a new law on “protecting free speech of social media users” introduces data retention, a new, questionable definition of “unlawful content”, and an oversight body (Free Speech Council) that is likely to be politically compromised. In this context, “Surveillance and… 10.02.2021 Text
