Article 14.04.2016 2 min. read Text With almost two million requests for telecommunication data and more than two thousand requests for Internet data concerning Polish citizens in 2015, it is clear that the access to metadata in Poland by the country’s secret services is still out of control. Compared to 2014, the Polish Panoptykon Foundation found that the number of requests for telecommunication slightly decreased, while the number of requests for Internet data quadrupled. Secret services are most interested in billing and user information. In 2014, police asked for telecommunication data less frequently than in previous years, but they were much more interested in Internet data that before. As to why, we can only guess. Polish law does not impose control over the secret service activities. However, research has confirmed that data is requested not only in prosecuting serious crime or preventing terrorism, but also minor crimes. The secret services are not obliged to provide full information to the public in what types of cases and for what reasons – statistically speaking – they gain access to such data. As a result, we also don’t know why the numbers are sometimes higher, sometimes lower. Despite the European Court of Justice (CJEU) ruling in April 2014 and the ruling of Polish Constitutional Tribunal, regulations still give secret services open access to telecommunication and Internet data, without an adequate control mechanism with judicial oversight. Instead of limiting secret services powers regarding accessing data, the new Surveillance Act (which entered into force in February 2016) made the procedure of accessing Internet data even easier. So far requesting Internet data required a written request to the Internet operator. The company could reject it – which was often a case – and in any case had control over what data is obtained by the police. When the new Police Act is fully operational, no active cooperation from the ISP will be necessary– once the planned, so-called “fast and secure connections” between ISPs and police or secret services are established, even bulk transfers of data will be possible without sending a single request. According to the new law, secret services are due to submit a report to the court every 6 months – which means ex post control instead of the prior consent of court proposed by the CJEU. The report will not include queries for users’ data, which is approximately 40% of all queries. This solutions provides neither transparency nor adequate control over secret services’ activities. Citizens will have to rely on secret services chiefs’ promise that innocent people do not have to worry – which is far from the standards set by the European Court of Justice and Polish Constitution. The arcticle was originally published on EDRI website, 8 April 2016. Fundacja Panoptykon Author Previous Next See also Article Can the EU Digital Services Act contest the power of Big Tech’s algorithms? A progressive report on the Digital Services Act (DSA) adopted by the Committee on Civil Liberties, Justice and Home Affairs (LIBE) in the European Parliament in July is the first major improvement of the draft law presented by the European Commission in December. MEPs expressed support for default… 03.08.2021 Text Article Discrimination in datafied world Data-driven technologies are not neutral. A decision to collect, analyse and process specific kind of information is structured and motivated by social, economic and political factors. Those data operations may not only violate the right to privacy but also lead to discrimination and oppression of… 10.07.2018 Text Article Digital sanctions won’t solve the problem of war propaganda online. Robust platform regulations will European officials urged Big Tech to ban Kremlin-related accounts in the effort to tackle the propaganda online, as the Internet – and particularly the social media – became an important front of Russian invasion on Ukraine. But such “digital sanctions” are just a Band-Aid on a bullet wound. Yet… 14.03.2022 Text