Mirosław Wróblewski, President of the Personal Data Protection Office (UODO), has submitted official comments to Dariusz Standerski, Secretary of State at the Ministry of Digital Affairs, regarding the draft amendment to the Act on Providing Services by Electronic Means. The bill is intended to ensure the effective application of the European Union’s Digital Services Act (DSA).
According to the President of UODO, incorporating these proposals during the legislative process is essential to significantly raising the level of personal data protection and user privacy in the Polish digital landscape.
Combating Illegal Content and Data Misuse
A key challenge highlighted in the opinion is the need to provide effective legal protection for internet users against illegal content and to curb the unlawful processing of personal data, particularly on social media platforms.
The President of UODO emphasized that it is necessary to establish practical and efficient regulations to combat cyber threats, especially those that violate privacy and fundamental rights. Special protection must be extended to children, teenagers, and vulnerable individuals, specifically in the context of sexual offenses.
Deepfakes as a Growing Threat
The submission draws urgent attention to the dangers posed by the rapid evolution of deepfake technology. Materials generated by artificial intelligence are becoming increasingly indistinguishable from authentic recordings or photographs. Furthermore, the accessibility of creation tools allows almost anyone to publish fraudulent content using someone else’s image or voice.
The criminal use of deepfakes can lead to severe and irreversible consequences for the private lives, mental health, and physical safety of victims. UODO advocates for systemic solutions to counter the harmful use of this technology and calls for these new regulations to be synchronized with other legislative projects focused on fighting disinformation and illegal content.
Expanding the List of Prohibited Acts
The President of UODO also moved to expand the catalog of prohibited acts that would trigger the procedure for an order to act against illegal content—including blocking or disabling access to such materials.
The authority identified a significant gap in the current draft: the omission of crimes related to the illegal processing of personal data. This includes acts defined under Article 107 of the Personal Data Protection Act and Article 54 of the Act on processing data in connection with preventing and combating crime.
These acts carry a high risk of further unlawful data exploitation, such as public dissemination on the internet. In the President’s view, law enforcement agencies should have the power to request the immediate blocking of such content.
A Fast-Track Procedure for Children’s Safety
Special consideration was given to the most severe cybercrimes, particularly those affecting children. The President of UODO suggested that the legislator should consider a separate, expedited procedure for the immediate blocking of content related to sexual exploitation or the indecent treatment of minors.
In such critical cases, lengthy administrative or legal procedures can lead to permanent harm to the victims.
Large-Scale Data Processing and GDPR Compliance
The proposed regulations will involve personal data processing on a massive scale—including both “standard” data and special categories, such as health information, political opinions, and biometric data.
The procedure for removing and blocking illegal content will also involve the data of potential offenders, requiring a stricter protection regime (under Article 10 of the GDPR) regarding criminal convictions and offenses. Legally privileged information will also be at stake.
The President of UODO points out that the legislator must conduct a Privacy Test and a Data Protection Impact Assessment (DPIA) in accordance with GDPR requirements. It is vital to provide specific and effective safeguards for the rights and freedoms of individuals whose data will be processed under these new procedures.
Privacy vs. Digital Security
In the view of the UODO President, the amendment should not only implement the EU’s Digital Services Act but also fully embody the personal data protection standards established in European law.
These recommendations aim to strike a balance between the effective fight against illegal content and cybercrime and the respect for the fundamental rights and privacy of internet users. Addressing these concerns could significantly strengthen Poland’s data protection system in an era of escalating digital threats.
Source: CEO.com.pl
