Poland celebrated its 25 years of democracy recently. In those two and a half decades, among other changes, most public institutions in Poland have got more or less used to citizens' control. It has taken years of advocacy and watchdog activity, as well as a number of court cases to decide whether a given piece of information is actually “public”. But this investment is now paying off: today even some of the most secret of all secret services answer freedom of information requests concerning their work. There is, however, a stain in the image: one agency – Military Counterintelligence Service (SKW) – that keeps refusing to disclose any kind of information about its activity. Their approach is a reminder of much deeper and systemic problem faced by Polish authorities: the uncontrolled and uncoordinated secret services.

In the post-Snowden world we became well aware that data we store on servers belonging to private companies tends to have a second life. It is where secret services and law enforcement meet the Internet. How to prevent bulk transfers from private to public data bases? How to make sure that due process is in place? What do we know about disclosures of our data and how can we learn more? Katarzyna Szymielewicz explains, what we should know about state authorities access to citizens data and why. She also presents the results of Panoptykon Foundation’s research on public authorities’ access to the data of Internet services users.

Do we really need data protection in this world? Katarzyna Szymielewicz (Panoptykon Foundation) and Jérémie Zimmermann (La Quadrature du Net) talk about usage of data collected in Internet by private companies and changes that new data protection regulation could bring, including explicit consent for data processing as a rule, information about data processing presented in clear manner, regulation of profiling and privacy by default concept.

Access of the law enforcement agencies and secret services upon more or less formal warrants and request do not cover the whole problem of the online surveillance. More and more date is available out there without any warrants – just to read, take and process. It is the situation, when the data that we all publish online, with more or less awareness of the consequences, is used by authorities mention above for whatever purposes. How purpose limitation could possibly be used to limit open source surveillance? To what extent privacy settings that by default enable or enhance making data public help in conducting this type of surveillance? How open source surveillance might influence individual?

Privacy is not about hiding things that we want to keep secret. It is about our right to choose, when, for what purpose and who can see certain data about us. It’s about control. Even data that might seem meaningless, like separate internet application logs or IP address that changes apparently with every new session, but put together they might reveal a lot about Internet user with surprising accuracy. We might lose track of what we have put online, but Internet doesn’t forget. It may even guess things that you never told anybody. Unfortunately usage of digital shadow, especially for profiling purposes, is not regulated by law. What can you do to reduce your digital shadow or stop others form using it against you?