Five years ago data retention directive was adopted, introducing mandatory retention of the telecommunications of all citizens and resident of European Union. Since that time privacy movement against data retention in many European states has risen, national constitutional courts in Romania, Czech Republic and Germany have declared data retention laws illegal and case against directive is pending before the Court of Justice of the European Union. Civil society representatives, including Katarzyna Szymielewicz (Panoptykon Foundation), discuss problems regarding data retention directive, its evaluation and actions taken and needed to be taken to change European law in accordance with human rights.

The Polish digital rights group Panoptykon Foundation recently published harrowing findings regarding abuses of Poland’s mandatory data retention law. Using a Freedom of Information Act request, Panoptykon obtained documents that reveal that in 2011, Polish authorities requested users’ traffic data retained by telcos and ISPs over 1.85 million times — half a million times more than in 2010. These findings underscore fundamental flaws in the Polish mandatory data retention law that was fast-tracked in legislation without public debate in 2009.

Access of the law enforcement agencies and secret services upon more or less formal warrants and request do not cover the whole problem of the online surveillance. More and more date is available out there without any warrants – just to read, take and process. It is the situation, when the data that we all publish online, with more or less awareness of the consequences, is used by authorities mention above for whatever purposes. How purpose limitation could possibly be used to limit open source surveillance? To what extent privacy settings that by default enable or enhance making data public help in conducting this type of surveillance? How open source surveillance might influence individual?

Privacy is not about hiding things that we want to keep secret. It is about our right to choose, when, for what purpose and who can see certain data about us. It’s about control. Even data that might seem meaningless, like separate internet application logs or IP address that changes apparently with every new session, but put together they might reveal a lot about Internet user with surprising accuracy. We might lose track of what we have put online, but Internet doesn’t forget. It may even guess things that you never told anybody. Unfortunately usage of digital shadow, especially for profiling purposes, is not regulated by law. What can you do to reduce your digital shadow or stop others form using it against you?

This paper is aims to give a brief overview of the following issues: (i) Polish data retention regime and its drawbacks; (ii) the use of data retention in practice and available
data on the subject; (iii) campaign run by the Panoptykon Foundation over last two years; and (iv) political shifts that occurred in Poland.