Saturday, March 15, 2025
Google News icon

Poland’s 2024 Budget Revision and 2025 Deficit Forecast: Challenges and Opportunities

In late October, the Polish government announced...

2024: A Year of Missed Opportunities for Deregulation in Poland

The year 2024 was supposed to be...

USA-China Tensions Transform Global Market

After the U.S. elections, relations between the...

Poland’s Supreme Administrative Court to Rule on Data Protection Dispute Between UODO and WSA

LAWPoland’s Supreme Administrative Court to Rule on Data Protection Dispute Between UODO and WSA

A recent ruling by the Provincial Administrative Court (WSA) in Warsaw regarding a damaged and incomplete court shipment—which may have led to a breach of data confidentiality—has sparked significant controversy in the context of personal data protection.

Case Overview

The case concerns a damaged and incomplete court shipment delivered by a postal operator, potentially leading to a breach of confidentiality. The WSA ruled that such an incident falls under the scope of “the administration of justice,” thereby excluding the authority of the President of the Office for Personal Data Protection (UODO) to assess the violation.

In response, the President of UODO appealed the verdict to the Supreme Administrative Court (NSA), citing potential negative consequences for personal data protection.

UODO’s Decision and Its Consequences

Following an investigation, the President of UODO issued a decision on December 19, 2023, stating that the district court had violated the General Data Protection Regulation (GDPR). The violations included:

  • Failure to notify UODO of the data protection breach within the required 72-hour deadline.
  • Failure to inform affected individuals without undue delay.

As a result, the court was fined PLN 10,000 and was ordered to notify the affected individuals within three days of receiving the decision.

WSA’s Position – Exclusion of UODO’s Competence

The WSA overturned UODO’s decision, arguing that court correspondence falls under the administration of justice. Under Article 55(3) of the GDPR, data protection supervisory authorities have no jurisdiction over judicial activities.

The court reasoned that delivering legal documents, including a statement of claim, is a procedural action carried out by an independent judge and constitutes a part of case management in court proceedings.

Additionally, the WSA stated that UODO had failed to collect sufficient evidence and had incorrectly determined that a data breach had occurred. Consequently, the court annulled UODO’s decision and discontinued the proceedings.

UODO’s Appeal to the Supreme Administrative Court (NSA)

The President of UODO disagreed with WSA’s ruling and filed a cassation appeal with the NSA. UODO argues that upholding the WSA ruling could leave affected individuals without the legal protection guaranteed by the Polish Constitution and GDPR.

Key arguments presented by UODO include:

  • Court correspondence delivery is an administrative task, not part of administering justice.
  • UODO’s oversight of data controllers (courts) does not interfere with judicial independence.
  • Accepting WSA’s stance could lead to an absurd situation where a postal operator delivering court correspondence would also be considered as administering justice.

Preliminary Questions to the Court of Justice of the European Union (CJEU)

Due to the significance of the case, UODO has requested that the NSA refer preliminary questions to the Court of Justice of the European Union (CJEU). These questions address:

  1. Do cases concerning data protection breaches related to court correspondence fall under the administration of justice?
  2. Are such activities technical (administrative) tasks that should be subject to UODO oversight?
  3. Which supervisory authority should assess such breaches if no specific jurisdictional rules apply?

Implications for Data Protection

If the WSA ruling remains in force, courts may no longer report data protection breaches to UODO or notify affected individuals, leading to serious consequences:

  • Failure to report breaches could escalate risks and pose a greater threat to citizens’ privacy.
  • Affected individuals may not take necessary protective actions, increasing their exposure to fraud and abuse.
  • Courts and their service providers, such as postal operators, may remain outside effective data protection oversight.

Conclusion

The dispute between UODO and WSA is of fundamental importance for data protection in Poland. The NSA, and potentially the CJEU, will need to determine whether court correspondence should be subject to UODO’s supervision or if it falls entirely under judicial immunity from data protection oversight.

Source: CEO Magazyn

Adam Ujazdowski
Editor: Adam Ujazdowski
Check out our other content
Related Articles

Check out other tags:

PolandWarsawInflationEuropean UnionUkraineArtificial IntelligenceUSDTarget
The Latest Articles
Explore
Your go-to source for news from Poland

Stay informed and empowered with Poland Insight, your one-stop source for in-depth analysis and insightful guides on Poland's evolving economic and political landscape. 

Industries
Others
Financial Markets
Follow us

© All Rights Reserved, POLAND INSIGHT