Why do we need the data protection reform? How to protect right to personal data in new digital age? Could new, more harmonized law lead to better and more up-to-date protection? Katarzyna Szymielewicz (Panoptykon Foundation), Kirsten Fiedler (European Digital Rights) and Jan Albrecht (member of the European Parliament) discuss main problematic issues in current data protection framework (based on data protection directive from 1995) and solutions proposed by civil society and European Commission for the new regulation.

Poland celebrated its 25 years of democracy recently. In those two and a half decades, among other changes, most public institutions in Poland have got more or less used to citizens' control. It has taken years of advocacy and watchdog activity, as well as a number of court cases to decide whether a given piece of information is actually “public”. But this investment is now paying off: today even some of the most secret of all secret services answer freedom of information requests concerning their work. There is, however, a stain in the image: one agency – Military Counterintelligence Service (SKW) – that keeps refusing to disclose any kind of information about its activity. Their approach is a reminder of much deeper and systemic problem faced by Polish authorities: the uncontrolled and uncoordinated secret services.

In the post-Snowden world we became well aware that data we store on servers belonging to private companies tends to have a second life. It is where secret services and law enforcement meet the Internet. How to prevent bulk transfers from private to public data bases? How to make sure that due process is in place? What do we know about disclosures of our data and how can we learn more? Katarzyna Szymielewicz explains, what we should know about state authorities access to citizens data and why. She also presents the results of Panoptykon Foundation’s research on public authorities’ access to the data of Internet services users.

Do we really need data protection in this world? Katarzyna Szymielewicz (Panoptykon Foundation) and Jérémie Zimmermann (La Quadrature du Net) talk about usage of data collected in Internet by private companies and changes that new data protection regulation could bring, including explicit consent for data processing as a rule, information about data processing presented in clear manner, regulation of profiling and privacy by default concept.

Access of the law enforcement agencies and secret services upon more or less formal warrants and request do not cover the whole problem of the online surveillance. More and more date is available out there without any warrants – just to read, take and process. It is the situation, when the data that we all publish online, with more or less awareness of the consequences, is used by authorities mention above for whatever purposes. How purpose limitation could possibly be used to limit open source surveillance? To what extent privacy settings that by default enable or enhance making data public help in conducting this type of surveillance? How open source surveillance might influence individual?