Polish Digital Rights Activists Challenge Country's Data Retention Scheme
Poland's data retention regime violates the General Data Protection Regulation, Polish digital activists said Wednesday. To challenge the regime, members of Panoptykon Foundation, part of the European Digital Rights organization, said they'll ask the four largest telcos to delete activists' personal data stored for law enforcement purposes in the prior year.
Sign up for a free preview to unlock the rest of this article
Under Polish law, telcos must retain all users' data, including call history and location data, for 12 months, Panoptykon said. The country's 10 secret service and law enforcement agencies can access people's location data and call history at any time because they have remote access to the major telcos' databases and don't require a prior or subsequent court order, it added.
The indiscriminate data retention and unchecked access not only threaten privacy, they also endanger fundamental rights such as free speech, the foundation alleged.
The European Court of Human Rights confirmed the illegality of Poland's data retention system and the European Court of Justice (ECJ) rejected indiscriminate data retention, the foundation noted. But while the ECJ ruling annulled the EU Data Retention Directive, Poland never amended its national rules accordingly, it said.
Panoptykon said it expects the telcos to refuse to delete their data since they're bound by national law, and it will then complain to the national data protection authority and the courts. Panoptykon's plan is for the case to reach the ECJ and for the high court to then force Poland to amend its law.