Following a number of complaints filed in 2018 and 2019, including by Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.

The report looks at what happens at the interface of Internet service providers and public authorities in Poland. Who sends requests for users data, how many and for what purpose, what legal procedures are followed and what safeguards apply. During our research we analysed legal provisions and collected data from both major Internet service providers and public authorities. On that basis we were able to identify several systemic problems that should be solved in order to ensure adequate standard of protection for individuals.

In our first attempt at a “transparency report”, we looked at what happens at the interface of Internet service providers and public authorities in Poland. Who sends requests for users' data? How many and for what purpose? What legal procedures are followed and what safeguards apply? Our pilot study includes analysis of legal provisions and collection of data from both major Internet Service Providers and public authorities. The report explains systemic problems that were identified in our research and that should be solved in order to ensure adequate standard of protection for individuals.

The current Polish Data Protection Commissioner (DPC) will remain on his post for another, second term after the Polish Parliament confirmed his nomination on 25 July 2014. The decision did not come as a surprise: Wojciech Wiewiórowski was the only candidate for the post and has an excellent background for the role. Just like during the previous nomination process four years ago, EDRi member Panoptykon monitored the process, to ensure its transparency to the public.