Article 14.04.2016 2 min. read Text With almost two million requests for telecommunication data and more than two thousand requests for Internet data concerning Polish citizens in 2015, it is clear that the access to metadata in Poland by the country’s secret services is still out of control. Compared to 2014, the Polish Panoptykon Foundation found that the number of requests for telecommunication slightly decreased, while the number of requests for Internet data quadrupled. Secret services are most interested in billing and user information. In 2014, police asked for telecommunication data less frequently than in previous years, but they were much more interested in Internet data that before. As to why, we can only guess. Polish law does not impose control over the secret service activities. However, research has confirmed that data is requested not only in prosecuting serious crime or preventing terrorism, but also minor crimes. The secret services are not obliged to provide full information to the public in what types of cases and for what reasons – statistically speaking – they gain access to such data. As a result, we also don’t know why the numbers are sometimes higher, sometimes lower. Despite the European Court of Justice (CJEU) ruling in April 2014 and the ruling of Polish Constitutional Tribunal, regulations still give secret services open access to telecommunication and Internet data, without an adequate control mechanism with judicial oversight. Instead of limiting secret services powers regarding accessing data, the new Surveillance Act (which entered into force in February 2016) made the procedure of accessing Internet data even easier. So far requesting Internet data required a written request to the Internet operator. The company could reject it – which was often a case – and in any case had control over what data is obtained by the police. When the new Police Act is fully operational, no active cooperation from the ISP will be necessary– once the planned, so-called “fast and secure connections” between ISPs and police or secret services are established, even bulk transfers of data will be possible without sending a single request. According to the new law, secret services are due to submit a report to the court every 6 months – which means ex post control instead of the prior consent of court proposed by the CJEU. The report will not include queries for users’ data, which is approximately 40% of all queries. This solutions provides neither transparency nor adequate control over secret services’ activities. Citizens will have to rely on secret services chiefs’ promise that innocent people do not have to worry – which is far from the standards set by the European Court of Justice and Polish Constitution. The arcticle was originally published on EDRI website, 8 April 2016. Fundacja Panoptykon Author Previous Next See also Article Three layers of your digital profile Your online profile is not always built on facts. It is shaped by technology companies and advertisers who make key decisions based on their interpretation of seemingly benign data points: what movies you choose watch, the time of day you tweet, or how long you take to click on a cat video. 18.03.2019 Text Article Discrimination in datafied world Data-driven technologies are not neutral. A decision to collect, analyse and process specific kind of information is structured and motivated by social, economic and political factors. Those data operations may not only violate the right to privacy but also lead to discrimination and oppression of… 10.07.2018 Text Article Anxious about your health? Facebook won’t let you forget There is little point in telling Facebook which posts you do not want to see – it will not listen. 07.12.2023 Text