The Polish digital rights group Panoptykon Foundation recently published harrowing findings regarding abuses of Poland’s mandatory data retention law. Using a Freedom of Information Act request, Panoptykon obtained documents that reveal that in 2011, Polish authorities requested users’ traffic data retained by telcos and ISPs over 1.85 million times — half a million times more than in 2010. These findings underscore fundamental flaws in the Polish mandatory data retention law that was fast-tracked in legislation without public debate in 2009.

Thanks to Panoptykon’s initiative bank customers in Poland will have the right to receive explanation of their creditworthiness. It’s the first right of this kind in Europe and a higher standard than the one envisioned in the GDPR.

Access of the law enforcement agencies and secret services upon more or less formal warrants and request do not cover the whole problem of the online surveillance. More and more date is available out there without any warrants – just to read, take and process. It is the situation, when the data that we all publish online, with more or less awareness of the consequences, is used by authorities mention above for whatever purposes. How purpose limitation could possibly be used to limit open source surveillance? To what extent privacy settings that by default enable or enhance making data public help in conducting this type of surveillance? How open source surveillance might influence individual?

Privacy is not about hiding things that we want to keep secret. It is about our right to choose, when, for what purpose and who can see certain data about us. It’s about control. Even data that might seem meaningless, like separate internet application logs or IP address that changes apparently with every new session, but put together they might reveal a lot about Internet user with surprising accuracy. We might lose track of what we have put online, but Internet doesn’t forget. It may even guess things that you never told anybody. Unfortunately usage of digital shadow, especially for profiling purposes, is not regulated by law. What can you do to reduce your digital shadow or stop others form using it against you?