Personal data protection, I CSK 190/12

August 29th, 2013, Tomasz Rychlicki

The Supreme Court in its judgment of 8 November 2012 case file I CSK 190/12 held that without a doubt, the first name and surname constitute personal data of the individual, therefore, the important question arose, whether they belong to the scope of the individual’s privacy as understood in the provisions of Article 5(2) of the Polish Act of 6 September 2001 on Access to Public Information – API – (in Polish: Ustawa o dostępie do informacji publicznej), published in Journal of Laws (Dziennik Ustaw) No. 112, item 1198, with subsequent amendments.

Article 5. 1. The right to public information is subject to limitation to the extent and on the principles defined in the provisions on the protection of confidential information and on the protection of other secrets being statutorily protected.
2. The right to public information is subject to limitation in relation to privacy of a natural person or the secret of an entrepreneur. The limitation does not relate to the information on persons performing public functions, being connected with performing these functions, including the conditions of entrusting and performing these functions and in the event when a natural person or entrepreneur resigns from the right to which he was entitled to.

Previous opinions of the Supreme Court on the relationship between the right to protect of personal data and the right to privacy are not clear. They were formulated mainly from the point of view of the protection of personal interests as defined in Articles 23 and 24 of the Civil Code – CC – (in Polish: Kodeks Cywilny) of 23 April 1964, published in Journal of Laws (Dziennik Ustaw) No. 16, item 93, with subsequent amendments.

Article 23
The personal interests of a human being, in particular to health, dignity, freedom, freedom of conscience, surname or pseudonym, image, secrecy of correspondence, inviolability of home, and scientific, artistic, inventor’s and rationalizing achievements, shall be protected by civil law independent of protection envisaged in other provisions.

Article 24
§ 1 The person whose personal rights are threatened by someone else’s action, may require the desist of that action, unless it is not illegal. In the event of the infringement one may also require, the person who committed the violation, to fulfill the actions necessary to remove its effects, in particular, to make a statement of the relevant content and appropriate format. According to the conditions laid down in the Code one may also require monetary compensation or payment of an appropriate amount of money for a social purpose indicated.
§ 2 If as the result of a breach of personal rights one has suffered pecuniary prejudice, the aggrieved person may claim compensation based on general principles.
§ 3 The above shall not prejudice the entitlements provided by other regulations, in particular in copyright law and the patent (invention) law.

The Supreme Court in its judgment of 15 February 2008 case file I CSK 358/07 (published in OSNC 2009, no. 4, item 63) ruled that legal commentators and case law of the Constitutional Court agree that the right to protect of personal data is derived directly from personal rights such as human dignity and the right to privacy, citing judgments of the Polish Constitutional Tribunal of 19 February 2002 case file U 3/01 (published in OTK-A 2002, no. 1, item 3) and of 12 November 2002 case file SK 40/01 (published in OTK-A 2002, no. 6, item 81). Nowadays, the collection and processing of the personal data is technically relatively simple, therefore it is necessary to protect a person against uncontrolled collection and use of his or her personal data, often without the contribution or even awareness of the person concerned. For these reasons, the legislator specifically regulated the issues of data collection, processing, use and protection of personal data in the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), published in Journal of Laws (Dziennik Ustaw) of 29 October 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments. While interpreting its provisions, one cannot ignore the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and its preamble that explicitly states that data-processing systems are designed to serve man, whereas they must, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably the right to privacy. The Supreme Court in its judgment of 28 April 2004 III CK 442/02 (unpublished) stressed that when assessing whether there has been the breach of privacy protected by the law, this concept cannot be absolutized due to the degree of its generality, it requires interpretation, taking into account the specific circumstances of the situation. Events and circumstances that form the personal and family life can be classified as private sphere of life. The special nature of this area of man’s life justify the grant of its strong legal protection. However, this does not mean that any reference to a particular person was information in the field of his or her personal life. The regime of protection of privacy and personal data protection regime are therefore independent. Undoubtedly, when it comes to the relationships and the impact of these regimes, because in certain situations, the actual processing of personal data may result in a violation of personal interests in the form of the right to privacy, or protection of the right to privacy will required the objection to the use of personal data. It is difficult to unequivocally determine whether the disclosure of the first name and the surname of an individual by a local government violates his or her right to privacy. This problem can be resolved only while assessing particular circumstances of each case. In this case, the city was requested to disclose the names of individuals with whom it has entered into a contract of mandate and contract of work. One of these contracts concerned preparation and delivery of a lecture. It was difficult for the Court to accept that anonymization and hiding of the surname of a person giving such a lecture would have any meaning. Other agreements related to use of the electronic system of sociological analysis and organization of the conference. They were entered by specific individuals with a public body, which was the city. These people had to reckon with the fact that their personal data will not remain anonymous. For a person requesting access to public information related contracts entered by a local authority, names of parties to such agreements are often more important than the content, and it is understandable for obvious reasons. It would be difficult in this case to defend the view that the disclosure of names of people in the present context would be deemed as a limitation on the exercise of constitutional freedoms and rights of these persons. It had therefore to be assumed, that the disclosure of the names of persons entering civil contracts with a local authority does not affect the right to privacy of those persons referred to in Article 5(2) of the API.

See also “Polish regulations on personal data protection“, “Polish case law on personal data protection“.