Polish IP & IT law » computer law

Archive for: computer law

Telecommunications law, case I OSK 1079/10

August 3rd, 2010, Tomasz Rychlicki

This is the continuation of a story described in “Personal data protection, case II SA/Wa 1598/09“. The Supreme Administrative Court in its order of 15 July 2010 case file I OSK 1079/10 decided to stay the execution of the decision issued by the Inspector General for Personal Data Protection (GIODO) and ruled that the Polish Act of 16 July 2000, Telecommunications Law – TLA – (in Polish: Prawo telekomunikacyjne), published in Journal of Laws (Dziennik Ustaw) No 171, item 1800 with later amendments, provides broader protection of personal data because of telecommunications confidentiality, than the provisions of the Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), Journal of Laws (Dziennik Ustaw) of 29 October 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with later amendments.

The Court held that the disclosure of IP addresses which enable identification of specific individuals, that was ordered during administrative proceedings initiated with regard to disclosure of such data, while such proceedings did not ended with judgment in force, may violate the provisions of Article 160 of the TLA.

Article 160.
1. An entity participating in the performance of telecommunications activities within public networks and entities cooperating with it shall keep the telecommunications confidentiality.
2. Entities referred to in paragraph 1 shall maintain due diligence, within the scope justified by technical or economic reasons, while securing telecommunications equipment, telecommunications networks and data collections from disclosing the telecommunications confidentiality.
3. A person coming into possession of a message not meant to be read by him/her when using radio or terminal equipment shall keep the telecommunications confidentiality. The provisions of Article 159 (3) and (4) shall respectively apply.
4. The recording of a message acquired in a manner described in paragraph 3 by a body executing control of telecommunications activities in order to document a violation of a provision of the Act, shall not be a violation of the telecommunications confidentiality.

While assessing the validity of the request to stay the execution of GIODO’s decision to disclose the requested IP address at this stage of proceedings, the Court agreed with the author of the cassation complaint, that the execution of the questioned decision at this stage makes it impossible to reverse the actions taken after the disclosure of the IP addresses, and such action should be seen as causing the effects that are difficult to reverse according to Article 61(3) of the Act on the Law on proceedings before administrative courts – PBAC – (in Polish: Prawo o postępowaniu przed sądami administracyjnymi) of 30 August 2002, Journal of Laws (Dziennik Ustaw) No 153, item 1270, with later amendments.

§ 1 Filing a complaint does not stay the execution of the act or actions.

(…)

§ 3 After the delivery of a complaint to the court, the court may issue at the request of the applicant, the order to stay the execution, in whole or in part of the act or actions referred to in § 1, if there is a risk of causing significant damage or cause to be difficult to reverse, with the exception of the provisions of local law which entered into force, unless the special Act excludes the stay of their execution. The refusal to stay the execution of the act or actions by the authority, does not deprive the applicant of action to the court. This also applies to acts issued or adopted in all proceedings conducted within the same case.

The SAC held that if the Supreme Administrative Court would agree with the cassation complaint filed against the judgment of the Voivodeship Administrative Court of 3 February 2010 case file II SA/Wa 1598/09, the effects of the execution of the questioned decision could not be reversed, because the IP address identifying a specific person is available to another participant in the proceedings. Accordingly, the court held that the correct solution at this stage of proceedings, is to stay the execution of the questioned decision also with a view to the impact of which its execution might result in, as well as the nature of the protection of personal data resulting from the relevant regulations such as, inter alia, the TLA.

Personal rights, case I ACa 1402/09

July 16th, 2010, Tomasz Rychlicki

The Appellate Court in Warsaw in its judgment of 15 July 2010 case file I ACa 1402/09 held that even if a website only republishes articles or summaries of works published in major periodicals, it is not absolved from responsibility for infrigement of personal right/interests of a person who was described in such an article.

Computer crimes, case I KZP 7/10

July 9th, 2010, Tomasz Rychlicki

The Supreme Court in its order of 29 June 2010 case file I KZP 7/10 held that, the prescription of defamation crime is counted from the date of publication of the offensive content. This crime is defined in article 212 of the Criminal Code – CRC – (in Polish: Kodeks Karny) of 6 June 1997, Journal of Laws (Dziennik Ustaw) No 88, item 553, with later amendments.

Article 212. § 1. Whoever imputes to another person, a group of persons, an institution or organisational unit not having the status of a legal person, such conduct, or characteristics that may discredit them in the face of public opinion or result in a loss of confidence necessary for a given position, occupation or type to activity
shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to one year.
§ 2. If the perpetrator commits the act specified in § 1 through the mass media
shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.
§ 3. When sentencing for an offence specified in §1 or 2, the court may adjudge a supplementary payment in favour of the injured person or of the Polish Red Cross, or of another social purpose designated by the injured person a supplementary payment (nawiązka).
§ 4. The prosecution of the offence specified in § 1 or 2 shall occur upon a private charge.

This issue was referred to the Supreme Court by the District Court, who had inquired whether the defamation is a crime of continuous nature, which means that in case of defamatory entry placed on the Internet, it is committed as long as entry is available on the website. Interestingly, the SC refused to answer this question but the Court deliberated very wide on this issue in the justification of the order. The Supreme Court ruled that on-line defamation is not a continuous crime, which would involve creating and maintaining the status recognized by law as unlawful. The Court was aware of the fact the interests of the victim are violated as long as the defamatory content is publicly available on a website. However, per analogy to the printed press, where the victim’s interests are harmed as long as there are archived copies of newspapers containing offensive words.

The Supreme Court held that the offense involving the placement of a defamatory content in the Internet as referred to in article 212 § 2 of the CC is committed at the moment to making an entry and not while removing it. This means that the perpetrator cannot be prosecuted with the private charge after a year from the time when the victim learned about the offender, but no later than the expiry of three years from the time it was committed.

Internet domains and trade mark law, case I ACa 1334/07

June 17th, 2010, Tomasz Rychlicki

The District Court in Warsaw in its judgment of 29 August 2007, case file XVI GC 756/06 dismissed the complaint filed by “Euro–net” sp. z o.o. against the judgment of the Court of Conciliation for Internet Domains at the Polish Chamber of Information Technology and Telecommunications of 23 March 2006, case file 22/05/PA PDF file, in which the Court of Conciliation dismissed the “Euro-net” complaint against Rafał Falęcki in case of infringement of trade mark rights and unfair competition delict/tort concerning eurortv.com.pl domain name.

The Appellate Court in Warsaw in its judgment of 16 April 2008, case file I ACa 1334/07, DOC file, dismissed the appeal, although it also found that some of the allegations included in the complaint proved to be accurate.

The Court of Conciliation violated the adversarial rule because it has conducted an investigation of evidence ex officio, by looking on web pages and performing a search for disputed words “euro” and “rtv” in Google. The Court has not made any survey protocol or notes. This was made personally by the arbitrator without a request of both parties, however, the parties have not raised any comment to that evidence. The Court of Conciliation should issue the provision of evidence, indicating the date and place to carry out, so the parties could participate in this investigation. However, the appeal did not contain any allegations as to the veracity of the abovementioned evidence. The court may conduct investigation of evidence ex officio and on its own initiative but it should do it only in situations of an exceptional nature.

The Appellate Court did not agree with the “Euro-net” that the circumstances in which the investigation of evidence was conducted required special knowledge, and therefore should be subject to expert opinion. The Court of Conciliation made only a visual overview of the web pages of the plaintiff and the defendant, to which it was not necessary to posses special knowledge in the field of IT. The Appellate Court held that since the issue of the case was the infringement of “Euro-net” rights of protection for trade marks that was allegedly made by Rafał Falęcki in the Internet, therefore the inspection of his websites was sufficient way to determine whether and how the defendant used plaintiff’s trademarks. The expertise is not needed for such action, because a regular Internet user usually does not have such knowledge. It was a regular Internet user who could be mislead, in particular by a risk of associating the domain name with a registered trade marks, as defined in article 296(2)(ii) of the Polish Act of 30 June 2000 on Industrial Property Law – IPL – (in Polish: ustawa Prawo własności przemysłowej) of 30 June 2000, Journal of Laws (Dziennik Ustaw) of 2001 No 49, item 508, consolidated text of 13 June 2003, Journal of Laws (Dziennik Ustaw) No 119, item 1117, with later amendments.

2. Infringement of the right of protection for a trademark consists of unlawful use in the course of trade of:
(ii) a trademark identical or similar to a trademark registered in respect of identical or similar goods, if a likelihood of misleading the public, including in particular a risk of associating the trademark with a registered trademark, exists;

However, there were no doubts for the Court that provisions of article 153 of the IPL mean that one cannot infringe the protection rights for a trade mark in the Internet.

Article 153
1. The right of protection shall confer the exclusive right to use the trademark for profit or for professional purposes throughout the territory of the Republic of Poland.

2. The term of the right of protection shall be 10 years counted from the date of filing of a trademark application with the Patent Office.

3. The term of protection may, at the request of the right holder, be extended for subsequent ten-year periods in respect of all or of a part of the goods.

4. The request referred to in paragraph (3) shall be submitted before the expiration of a running protection period, however not earlier than one year before the expiration thereof. The request shall be submitted together with the payment of a due protection fee.

5. The request referred to in paragraph (3) may also be submitted, against payment of an additional fee, within six months after the expiration of a protection period. The said time limit shall be non-restorable.

6. The Patent Office shall make a decision on refusal to extend the term of protection for a trademark, where the request has been submitted after the expiration of the time limit referred to in paragraph (5) or the due fees referred to in paragraphs (4) and (5) have not been paid.

According to the Court, one cannot use signs (or its elements) or similar trade marks, in its Internet domain names, if its business deals with selling the same group of products. There was no question that the abovementioned rule belongs to the fundamental socio-economic principles of the legal order of the Republic of Poland. However, in this case, such conditions were not met, bacuse all signs constituting “Euro-net” trade marks and used by Rafał Falęcki lack distinctive character, there was no risk of confusion, and there existed the exclusion of protection of signs as set out in article 156(1)(ii) of the IPL.

1. The right of protection shall not entitle the right holder to prohibit third parties from using, in the course of trade:
(ii) indications concerning, in particular, the features and characteristics of goods, the kind, quantity, quality, intended purpose, origin, the time of production or of expiration of usability period,

There is one thing I wanted to add. I asked the Appellate Court in Warsaw to send me the judgment via e-mail. My request was based on the Polish Act on access to public information. On 14 June 2010 I received an e-mail from the Court.

W związku z wnioskiem z dnia 11 czerwca 2010 r. o udostępnienie informacji publicznej uprzejmie informuję, że opłata za udostępnienie treści wyroku Sądu Apelacyjnego w Warszawie z dnia 16 kwietnia 2008 r. w sprawie o sygn. akt I ACa 1334/07 wraz z uzasadnieniem – zgodnie z Zarządzeniem Nr 130/09 Prezesa Sądu Apelacyjnego w Warszawie z dnia 31 lipca 2009 r. – wynosi 8 zł (1 zł za stronę) – w wersji elektronicznej. Opłatę można uiścić w kasie Sądu, znakami sądowymi lub przelewem bankowym na konto Sądu Apelacyjnego w Warszawie nr 93 1010 1010 0404 1322 3100 0000 z dopiskiem ” informacja publiczna Adm. 0137-119/10″.

I was informed that according to the Decree No 130/09 of the President of the Court of Appeal in Warsaw of 31 July 2009, the fee for access to the judgment – is 8 PLN (1 PLN per page) – in the electronic version. I had no time to argue so I paid. However, as you may remember from my post entitled “E-access to public information, case I C 19/10“, price-lists and flat-rate charges for making the public information available, may violate the provisions of the Polish Act of 6 September 2001 on access to public information.

See also “Polish case law on domain names“.

Social networking sites, case I C 1272/09

March 19th, 2010, Tomasz Rychlicki

The District Court in Wrocław in a judgment of 18 March 2010, case file I C 1272/09, ruled that the advertising of one of the Polish banks that promoted payment cards in such a way that it used profile pictures of users of nasza-klasa.pl website infringed their personal rights. A user who logged into his or her profile was presented with an advertising that showed his or her face/image placed on credit card together with a slogan “your card for your personal account may look like this”. The Court held that users agreed to the provisions of the terms of service, but the permission to use their pictures concerned solely the purpose of social networking, not advertising. The Court ordered the owner of nasza-klasa.pl to pay the plaintiff 5000 PLN as a compensation. This judgment is not yet final.

Social networking sites, case I A Ca 1202/09

March 3rd, 2010, Tomasz Rychlicki

Nasza-Klasa.pl website is a very popular Polish social networking service bringing together classmates. It provides its users with a possibility to contact and search for old friends. In 2008, an unknown person created an account for the name of Dariusz B., The fake profile included his personal data: name, place of residence, phone number, age and images. This account was set without the knowledge and the consent of Dariusz B. Many offensive comments were sent from this fake account to other users of the portal. These comments provoked negative emotions and responses from its recipients. Dariusz B. and his wife, tried to apologize to every person they met. Dariusz B. was also forced to change his phone number, and met with harsh comments from friends, and especially from the strangers. Maria B. – wife of Dariusz B. contacted Nasza-Klasa.pl by e-mails with the request to remove or to block the fake account. When it did not bring any results, they brought a lawsuit against Nasza-Klasa.pl.

Nasza-Klasa.pl was found responsible by both the District and the Apellate courts because it has not removed, or at least not immediately blocked the fake account, created in the name of Dariusz B., thereby making violations of his personal interests possible.

The Appellate Court in Wrocław in a judgment of 15 January 2010, case file I A Ca 1202/09, DOC file, ruled that nature of the infringement performed by Nasza-Klasa.pl was to allow a third party to encroach on personal rights of Dariusz B., by not fulfilling its obligations under the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usłóg droga elektroniczną), Journal of Laws (Dziennik Ustaw) No. 144, item. 1204, as amended.

Article 14
1. A person who gives access to the contents of a network IT system to a customer, where the customer stores data, is not aware of the illegal features of the data or activity connected with the data and upon receiving an official notification or credible information about the illegal features of the data or activity connected with it, immediately bars access to the data, shall not be responsible for the data.

2. A Service provider who has received the official notification of an illegal character of the stored data that was supplied by the customer, and prevented the access to the data, shall not be liable to the customer for damages resulting from preventing access to such data.

3. A service provider who has received credible information of the illegal character of the stored data supplied by the customer and prevented access to the data, shall not be liable to the customer for the damage resulting from preventing access to such data, if it has immediately notified the customer of the intention to prevent access to data.

Nasza-Klasa.pl did not immediately block, and then delete the questioned fake account. Therefore, it forced Dariusz B. to bear a humiliating behavior caused by another person, which in consequence violated his serenity, good mood, sense of personal dignity, i.e. his personal interests.

E-access to public information, case II SAB/ Wa 57/09

February 18th, 2010, Tomasz Rychlicki

In 2008, the Polish media reported a story on the Polish Post which allegedly tested a system that scans envelopes and parcels. There were rumours that information gathered by such scanning could be used by the Internal Security Agency (ABW). ABW denied, but the Inspector General for Personal Data Protection has decided to investigate how the collected data are processed during the scan.

Roman P. has requested the GIODO to make available the results of the investigation. Since Roman P. filed his request by phone and then by e-mail, the GIODO informed that it will consider the request only after it receives personal data of Roman P.

The GIODO based its opinion on the provisions of article 63 § 3 of the Administrative Proceedings Code – APC – (in Polish: Kodeks postępowania administracyjnego) of 14 June 1960, Journal of Laws (Dziennik Ustaw) No 30, item 168, consolidated text of 9 October 2000, Journal of Laws (Dziennik Ustaw) No 98, item 1071 with subsequent amendments.

§ 1. Applications (requests, explanations, appeals, complaints) may be filed in writing or by telegram, telex, fax, email or by using the form available on the website of the competent public administration, allowing data entry into the communications system of the body, as well as verbally to the protocol.

§ 2 The application shall include at least an indication of the person from whom it comes, its address and it shall satisfy other requirements stipulated in the special regulations.

§ 3 The application submitted in writing or orally to the protocol shall be signed by the applicant, and also by an employee who made the protocol. When the application is filed by a person who can not or do not know how to make a signature, the application or a protocol is signed by other person authorized, by making a reference next to the signature.

The GIODO decided that the application filed by Roman P. shall indicate the person from whom it derives, its address and the scope of the request, otherwise, the request will not be examined.

Roman P. brought a complaint to the Voivodeship Administrative Court (VAC) in Warsaw. The VAC in a judgment case file II SAB/ Wa 57/09, ruled that the GIODO failed to act and ordered the Inspector General for Personal Data Protection to examine Roman P. request within 14 days because information he demanded, is deemed as the public information as defined in article 5(2) of the Polish Act of 6 September 2001 on access to public information – API – (in Polish: Ustawa o dostępie do informacji publicznej) Journal of Laws (Dziennik Ustaw) No. 112, item 1198, with later amendments. The Court also ruled that arguments and findings to leave the application without further examination, because it was sent by e-mail, have no support in the APC.

See also my post entitled “Polish case law on e-access to public information“.

Personal data protection, case I OSK 667/09

February 13th, 2010, Tomasz Rychlicki

On 15 January 2008, Tomasz W. filed with the General Inspector for Personal Data Protection (GIODO) a complaint concerning an unauthorized processing of personal data carried out by the Polish company Nasza Klasa Sp. z o.o. from Wroclaw, the owner of nasza-klasa.pl website. He informed the GIODO, that this very popular Polish website on classmates, hosts a photo featuring his image together with a list of names of other photographed people attached to it. Tomasz W. has repeatedly appealed to the website administrators with the request to remove his name from the list. However, he received no response from Nasza Klasa company.

As a result of the investigation, the GIODO found that on 31 December 2007, a registered user of nasza-klasa.pl posted classmates’ photo featuring students of a primary school. On the same day, another registered user, placed the names of people who were portrayed at the photograph – including the name and surname of Tomasz W. On 2, 9 and 14 January 2008, Tomasz W. requested Nasza Klasa Sp. z o.o. the removal of his personal data.

In a decision of 27 May 2008, case file DOLiS/DEC-314/08/13239, the GIODO, relying on the provisions of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), Journal of Laws (Dziennik Ustaw) of 29 October 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with later amendments, ruled that information on the applicant’s full name, school and class to which he attended, together with his image, are personal data and the data collector is Nasza Klasa Sp. z o.o.

However, the GIODO also ruled that it should be borne in mind that according to the provision of the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usłóg droga elektroniczną), Journal of Laws (Dziennik Ustaw) No. 144, item. 1204, as amended, Nasza Klasa sp. z o.o. provides electronic services for registered users of the portal website, consisting of the storage of data of these users in the computer system. This activity is the condition to legalize the processing of personal data in accordance with article 23(1) pt. 5 of the PPD. In addition, the GIODO found that in this case the applicant’s rights have not been violated, because the access to its data was limited to a group of people registered on nasza-klasa.pl website.

Tomasz W. asked the GIODO for the retrial. He pointed out that the reasons for the decision have many contradictions, inconsistencies and is ambiguous. He accused the GIODO of laconic and cursory treatment of his case. He again emphasized that his personal data have been published on the nasza-klasa.pl website without his knowledge or consent, in violation of his civil rights and liberties.

After the rehearing of the case, the GIODO annulled the contested decision, and discontinued the proceedings. GIODO claimed that the re-examination of the case leads to the conclusion that the disputed information about Tomasy W. did not fall within the definition of personal data. The name and surname have been given under his old image from many years ago. Hence, the combination of photos from the past, with a name and surname of a person and a primary school, which such person attended did not allow for the identification of a person without excessive costs and time. The findings that the disputed information is not personal data within the meaning of the PPD caused the proceedings in the matter to be groundless and on the basis of article 105 § 1 of the APC, it had to be discontinued.

Tomasz W. lodged a complaint with the Viovodeship Administrative Court (VAC) in Warsaw. The complainant asked for annulment of the decision of first and second instance. Tomasz W. claimed the violation of the substantive law, i.e. article 6(1) of the PPD, through its improper interpretation, of article 32(1) pt 7 and 8 of that Act, by recognizing that Tomasz W. is not entitled to request cessation of the processing of his data and the right to object, and a breach of article 7 of the APC by not explaining all the relvant facts. Tomasz W. disagreed with the statement of the GIODO that questioned information about his person is not personal data within the meaning of the PPD. He stated that any information about an identified or identifiable individual is personal data. Furthermore, he argued that the claim of the GIODO that the data are available only for specific people – registered users of the portal is not acceptable, because nasza-klasa.pl has no mechanisms for verification of users identity, which makes the questioned data easily accessible for everyone. Moreover, Tomasz W. also argued that a registered user who does not know him would have some difficulty in identifying his person but such obstacles would not happen to a person who knows about Tomasy W., and is looking for additional information.

The Voivodeship Administrative Court in a judgment of 3 March 2009, case file II SA/Wa 1495/08, ruled that the GIODO erred in its decisions, because information about the name and surname of Tomasz W., combined with information about the name and address of the primary school and the determination of the class to which he attended in 1978/79, even if it was thirty years ago, are personal data. According to the Court provisions of article 1 of the PPD introduced the principle of autonomy of human information, meaning the protection of information about human being. This provision is a kind of emanation of the general right guaranteed by the Polish Constitution in article 47, according to which “Everyone shall have the right to legal protection of his private and family life, of his honour and good reputation and to make decisions about his personal life”. This means that the protection of personal data is related to the protection of privacy rights. This follows from the wording of article 6 of the PPD, indicating that the personal data concern identified or identifiable natural or legal person and that the identifiable is a person is one whose identity can be determined. From wording of that provisions the VAC concluded that personal data are data that identify a person’s identity.

VAC also relied on the content of recital 12 of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which emphasized the protection of all data relating to a person, and therefore also information about someones past.

(12) Whereas the protection principles must apply to all processing of personal data by any person whose activities are governed by Community law; whereas there should be excluded the processing of data carried out by a natural person in the exercise of activities which are exclusively personal or domestic, such as correspondence and the holding of records of addresses

However, in recital 26 of the abovementioned Directive states that data protection rules must apply to any information concerning an identified or identifiable person. In order to determine whether a person is identifiable, all the means which can be used by the controller or any other person to identify a person, should be taken into the account. The rules of data protection do not apply to data rendered anonymously in such a way that a subject of the data can not be identified. The identification of a given person concerns also past information about a specific human being, by which information one can learn about such person’s identity. Accordingly, the VAC held that European law means the protection of personal data as the protection of all the facts concerning the past of a particular person, which corresponds with the content of article 6(2) of the PDP. So this means that such data would also be protected.

Referring to the foregoing facts of Tomasz W. case, the VAC ruled that that nasza-klasa.pl website published his image and name. In the opinion of the court these are the personal data which are protected by the PPD, because on their basis one is able to identify given person.

Nasza Klasa sp. z o.o. filed a cassation complaint with the Supreme Administrative Court (SAC) challenging in entirety the judgment of the VAC. The Supreme Administrative Court in a judgment of 18 November 2009, case file I OSK 667/09, rejected the complaint.

The SAC held that the primary issue arising in this case was whether a classmates’ picture that was taken thirty years ago, at which Tomasz W. is potrayed, in the circumstances of the case, can be analyzed to determine his identity without necessarily involving excessive resources or time, and therefore, whether the data disclosed in the photo in question, constitutes personal data within the meaning of article 6 of the PPD, and whether it should be protected.

The concept of “personal data” on the Polish law includes any information concerning an individual if it is possible to define its identity and its identification. Personal data is a set of messages about a particular person such integrated that it allows for its individualization. It includes at least information necessary for identification (name, surname, place of residence), but this is not restricted, because it also include further information, strengthening the degree of identification. Such information will also include pictures of the individual, even if they were taken in the past, allowing to identify a person. In a situation where such a photograph is presented with a name and surname of the person portrayed, in a place accessible to an unlimited number of entities, it must be considered that it constitutes personal data subject to protection under the PPD. Mainly, the objective evaluation criteria decides for the qualification of given information as personal data, but it also should comprise of all information, including extralinguistic (context), to which third party may have or has an access. A different approach to the presented issues would maginalize the importance of the laws and it would not relate to its designated function.

Thus it should be considered that the image of Tomasz W. portrayed at the photograph that was taken 30 years ago, affixed with the class, his name and surname, and then published at nasz-klasa.pl website constitutes personal data within the meaning of article 6(2) of the PPD, and the cassation complaint was not justified. The SAC also noted that the consent for the processing of personal data cannot be in any way implied.

The SAC also stressed the fact the Internet as a source of information is increasing on a unknown scale and importance. It provides an access to specific information to a vast number of persons and allows for any of its processing within the meaning of the PPD. At the same time there are not yet developed appropriate mechanisms for the protection of individual rights when those rights have been violated as a result of the disclosure of information on the Internet. Then, it is a great role of law enforcement bodies, including the Inspector General for Personal Data Protection in creating practice to comply with applicable laws also on the Internet. It is an unacceptablr situation in which the entity seeks to remove its image from a particular website, and the administration fails to take action to ensure the protection of civil rights. The image is one of the very personal property rights and lack of consent to its publication, if it is not a public person, is a sufficient reason to believe that regulations of the PPD apply, if the conditions set in the article 6(2) of the PPD have been met.

See also my posts entitled “Polish regulations on personal data protection” and “Polish case law on personal data protection“.

Computer crime, case V K 1595/08

February 9th, 2010, Tomasz Rychlicki

Arnold Buzdygan brought a private accusation before the Regional Court for Wrocław Śródmieście V Criminal Division against Olgierd Rudak. The indictment was based on articles 212 § 2 and 216 § 2 of the Criminal Code – CRC – (in Polish: Kodeks Karny) of 6 June 1997, Journal of Laws (Dziennik Ustaw) No 88, item 553, with later amendments.

Article 212. § 1. Whoever imputes to another person, a group of persons, an institution or organisational unit not having the status of a legal person, such conduct, or characteristics that may discredit them in the face of public opinion or result in a loss of confidence necessary for a given position, occupation or type to activity
shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to one year.
§ 2. If the perpetrator commits the act specified in § 1 through the mass media
shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to 2 years.

Article 216
§ 1. Whoever insults another person in his presence, or though in his absence but in public, or with the intention that the insult shall reach such a person,
shall be subject to a fine or the penalty of restriction of liberty .
§ 2. Whoever insults another person using the mass media, shall be subject to a fine, the penalty of restriction of liberty or the penalty of deprivation of liberty for up to one year.

The court in Wroclaw was obliged ex officio under article 35 § 1 of the Criminal Proceedings Code – CRPC – (in Polish: Kodeks Postępowania Karnego) of 6 June 1997, Journal of Laws (Dziennik Ustaw) No 89, item 555, with later amendments, to examine its jurisdiction and if found otherwise, to refer the case to the court with the proper one. The Court in Wrocław held that pursuant to article 31 § 1 of the CRPC, the jurisdiction is where the offense was committed (the teritorial jurisdiction).

Buzdygan claimed that the offense was commited in the article entitled “Trolls scour in the Net” which was published in the Polish magazine Przekrój of 11 November 2007, in addition the allegedly defamatory content was broadcasted by TV stations such as TVN, Polsat and TVP, in their news and in the Internet. Judge Jolanta Pol-Kulig had to decide on the location of the Internet.

[b]oth the editorial office of Przekrój and the abovementioned TV stations and the Internet are located in Warsaw, one should consider that the commitment of a crime to the detriment of the private prosecutor was performed in that place.

The court in an order of 31 December 2008, case file V K 1595/08, referred the case to the Regional Court for Warszawa Śródmieście II Criminal Division. Interestingly, the court in Wrocław did not consider that the alleged offense was not committed.

See also “Personal rights, case I ACa 949/09“.

Personal rights, case I ACa 949/09

February 9th, 2010, Tomasz Rychlicki

Since a couple of years he is a very controversial figure of the Polish Internet and he also has become the cause of two interesting judgments which I am going to report. Arnold Buzdygan appeared on different Polish newsgroups, where he wrotre, inter alia, on topics such as copyright, sexology, psychology and politics. His style of writing was, at least, very controversial. Due to the vulgarity of some of his statements (he claimed that such actions were performed by his followers who allegedly used his name), offers to make a bet and announcements of lawsuits and threats of beatings, a part of the Usenet community defined these behaviors as trolling and such informations was posted in the Polish Wikipedia’s entry devoted to Buzdygan’s persona. Arnold Buzdygan decided to sue.

In the petition for libel filed against the Association Wikimedia Poland and Agnieszka K., he demanded an order to remove the existing contents of the article Arnold Buzdygan in both English and Polish-language versions of Wikipedia, and to put the apology instead of these entries, and to block the possibility of future edition of the questioned article, He also requested the Court to order the Association Wikimedia Poland to pay him the compensation of moral injury and the costs of the process in the sum of 100000 PLN.

In the response to a petition, the Association of Wikimedia Poland requested the Court to dismiss the claim, pointing that such charges cannot be brought against it because of the lack of the so-called “passive legitimacy”. Wikimedia Poland stated that neither the Association itself, or persons acting on its behalf are not engaged in editing of the article on Arnold Buzdygan, Wikimedia Poland argued that it is not a database administrator of Wikipedia or administrator of the servers on which the information is stored, so it would not be possible to remove or permanent blocking of such entries.

The District Court in Wrocław dismissed the suit in judgment of 8 June 2009, case file I C 802/07. Buzdygan appealed, and his petition was rejected by the Appellate Court in Wrocław in a judgment of 17 November 2009, case file I ACa 949/09, published in Orzecznictwo Apelacji Wrocławskiej, Biuletyn Sądu Apelacyjnego we Wrocławiu, No 1 (13), p. 5, Year MMX. The court ruled that the statements published in the disputed article and the mention of trolling do not infringe on Buzdygan’s personal rights. Descriptions of Buzdygan’s activity on different forums, though they may have a pejorative connotation, were the evaluation of the expression of views issued by Arnold Buzdygan, not the description of himself. The wording that was challenged by Buzdygan does not refer to his person, but it concerned the way of formulation of his speech in a public discussion, and the measure of negative evaluation did not exceed the permissible limit.

An active participant of online forums, being a well-known and recognizable in such community is, in this sense, a “public personality”. As a public person, participating in discussions, one agrees and must reckon with the fact that his or her opinions and statements will be subjected to criticism by other users, sometimes very radically and one has to demonstrate greater tolerance and even resistance to unfavourable and unflattering opinions, and even violent attacks. The boundaries of acceptable criticism are wider in fact, than in the case of persons not participating in such discussions. The evidence proceedings during the hearings has shown that Buzdygan was and is very active participant in online forums, and he is a known figure. By applying the test of the higher degree of tolerance for unflattering opinions, the Court found that the wording of the Wikipedia entry devoted to Arnold Buzdygan did not exceed the agreed and acceptable standard.

See also “Computer crime, case V K 1595/08“.

Internet domains, case I ACa 272/06

February 8th, 2010, Tomasz Rychlicki

The Appellate Court in Katowice, in a judgment of 16 June 2006, case file I ACa 272/06, ruled that it is pointless to talk about the “ownership” of Internet domains, because the civil law sets the property rights in article 140 of the Civil Code, which only refers to tangibles, and domains are not such things, and further, due to the closed list of property rights in intangibles (the so-called numerus clasus of IP rights – the principle that the system of estates allows only a limited number of property rights available in a legal system), there are no regulations in the Polish law, which suggests that the effect of registering Internet domain names is, to acquire by the subscriber, the right to use and dispose of the domain. The agreement between the subscriber and the Internet domain registrar is a contract to provide telecommunications services within the meaning of article 1(1) of the Polish Act of 16 July 2000, Telecommunications Law – TLA – (in Polish: Prawo telekomunikacyjne), published in Journal of Laws (Dziennik Ustaw) No 171, item 1800 with later amendments. The subscriber may transfer his or her claims (contractual claims against the registrar) to another entity, if it comes with the assumption of debt from subscriber fees.

I realize that this differs significantly from the US law. Easpecially if you read Kremen v. Cohen, 335 F.3d 1035, (9th Cir. 2003).

The parties do not dispute that domain names are a kind of property. This proposition appears to be consistent with California’s broad definition of “property.” See Cal. Civ.Code §§ 654 & 655(property includes “all inanimate things which are capable of appropriation or of manual delivery”). The parties disagree, however, whether a domain name like sex.com is the kind of intangible property that can support a claim for conversion. At issue is whether such intangible property constitutes a sufficiently definite right and whether such intangible property must also be merged into a document or other writing.

Same opinions were issued in Harrods, Ltd. v. Sixty Internet Domain Names, 302 F.3d 214 (4th Cir. 2002), Caesars World, Inc. v. Caesars-Palace.Com, 112 F. Supp. 2d 502 (E.D. Va. 2000) or In re Larry Koenig & Assoc., 2004 WL 3244582 (Bankr. M.D. La. 2004). But there are also different judgments such as Dorer v. Arel, 60 F. Supp. 2d 558 (E.D. Va. 1999), Zurakov v. Register.com, Inc., 304 A.D.2d 176, 760 N.Y.S.2d 13 (1st Dep’t 2003), Network Solutions, Inc. v. Umbro International, Inc., 259 Va. 759, 529 S.E.2d 80 (2000) and the latest I know which is Palacio del Mar Homeowners Assn., Inc. v. McMahon, — Cal.Rptr.3d —, 2009 WL 1668294 (Cal. App. 4 Dist. June 16, 2009). The Court ruled that a domain name registration is not property, but merely supplies the intangible contractual right to use a unique domain name for a specified period of time. Does it sound familiar to you?

See also “Polish case law on domain names“.

Personal data protection, case II SA/Wa 1598/09

February 5th, 2010, Tomasz Rychlicki

According to lawyers representing the singer Maryla Rodowicz, on the forum of one of the Polish portal websites appeared entries with the content which allegedly violated her personal rights (interests). The lawyers requested the owner to reveal IP addresses of users who posted these entries. The administrator of the portal website deleted the disputed entries but did not reveal any of the IP addresses. Lawyers filed a request to the Inspector General for Personal Data Protection (GIODO), who ordered the portal to disclose IPs on the grounds that these numbers are personal data. The owner of the portal again refused. The case went to the Voivodeship Administrative Court (VAC) in Warsaw, which in a judgment of 3 February 2010, case file II SA/Wa 1598/09 upheld the decision of the GIODO. The company who owns the portal may file a cassation to the Supreme Administrative Court (SAC). The VAC judgment provides the interpretation that IP address is a personal data, in accordance with the statutory definition included in article 6 of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), Journal of Laws (Dziennik Ustaw) of October 29, 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of July 6, 2002, No. 101, item 926, with later amendments.

Article 6
1. Within the meaning of the Act personal data shall mean any information relating to an identified or identifiable natural person.
2. An identifiable person is the one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
3. A piece of information shall not be regarded as identifying where the identification requires an unreasonable amount of time, cost and manpower.

The VAC also noted that the IP address is personal data if it is permanently assigned to the specified device and that is used or operated by a specified entity. This dependence makes certain in given situations that there is the possibility of identifying such entity. The Court said that it is true that the same IP address is not sufficient to identify a person who use it, but together with other information a person can be identified.

This judgment is not yet final. A cassation complaint may be filed to the Supreme Administrative Court. There was another court’s decision with regard to the aforementioned case and the disclosure of IP addresses. See “Telecommunications law, case I OSK 1079/10“.

The U.S. courts and judges have quite different views on this issue. Read for example Johnson v. Microsoft Corp., 2009 WL 1794400 (W.D. Wash. June 23, 2009).

E-signatures in Poland

January 29th, 2010, Tomasz Rychlicki

Current Polish legislation on e-signature include the Act of 18 September 2001 on Electronic Signature – ESA – (in Polish: ustawa o podpisie elektronicznym) Journal of Laws (Dziennik Ustaw) of 15 November 2001, No 130, item 1450, with later amendments. The ESA introduced in article 3 two types of e-signature: “electronic signature”, which means data in electronic form which, together with other data, either attached thereto or logically associated therewith, are capable of identifying the signatory and the so-called “secure electronic signature”, which means electronic signature which is uniquely assigned to the signatory, is made using secure signature-creation device and signature-creation data that the signatory can maintain under his sole control, is related to the data to which it has been attached in such a manner that any subsequent change of the data is recognizable.

According to article 5 of the ESA, the data in electronic form bearing a secure electronic signature verified by a valid qualified certificate shall be legally recognized as equivalent to documents bearing handwritten signatures. A secure electronic signature verified by a valid qualified certificate shall ensure the integrity of the data bearing the signature and unambiguous indication of the qualified certificate by assuring that any subsequent changes of the data and any subsequent changes of the indication of the certificate used to verify the signature are recognizable.

Recently, the Polish Ministry of Economy proposed amendments to the ESA. The draft provides new types of e-signatures that are consistent with the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signature.

The draft provides 4 types of e-signature: normal, advanced, personal and certified. The normal one will be the same features as present “electronic signature” as defined in article 3 of the ASA and will primarily serve as a declaration of identity.

The advanced e-signature will have to meet the additional requirements for certification of the person using it. It will certify the data integrity and allow you to establish the identity of the signatory to both individuals and legal persons, such as when submitting electronic invoices.

The data in electronic form signed by a qualified (secure) electronic signature will have specific legal effects – the same as a handwritten signature for the data recorded on paper. Such data will be admissible as evidence in legal proceedings. The signature will be used to sign statements of knowledge and will.

One case – 1542 disputed domain names

January 26th, 2010, Tomasz Rychlicki

1. The Parties

The Complainants are Inter-Continental Hotels Corporation and Six Continents Hotels, Inc. of Atlanta, Georgia, United States of America, represented by The Gigalaw Firm, United States.

The Respondent is Daniel Kirchhof of Leipzig, Germany.
2. The Domain Names and Registrar

The 1,542 disputed domain names, which are set out in Annex A to this decision, are (or were) registered with PSI-USA, Inc. dba Domain Robot.

WIPO Arbitration and Mediation Center, Administrative Panel Decision, Inter-Continental Hotels Corporation, Six Continents Hotels, Inc. v. Daniel Kirchhof, Case No. D2009-1661.

Categories: CC TLDs | computer law | domain names | e-proceedings.

Polish police says downloading MP3s is legal

January 21st, 2010, Tomasz Rychlicki

On December 2009, the Warsaw’s Metropolitan Police (in Polish: Komenda Stołeczna Policji) published on its website 6 Christmas carols recorded in MP3 files. These songs were sung by the Choir of the Warsaw’s Metropolitan Police. My friend Piotr Waglowski wanted to know if Internet users who are downloading MP3 files, are allowed to do it according to regulations included in the Polish Act on Authors Rights and Neighbouring Rights – ARNR – (in Polish: ustawa o prawie autorskim i prawach pokrewnych) of 4 February 1994, published in Journal of Laws (Dziennik Ustaw) No. 24, item 83, consolidated text of 16 May 2006, Journal of Laws (Dziennik Ustaw) No. 90, item 631, with later amendments. Article 23 of the ARNR says

Lawful Use of Protected Works
Art. 23.-1. It shall be permissible, without the consent of the creator, to make use free of charge, of a work that has already been disclosed. However, this provision shall not authorize the construction of a building based on an architectural work or a work of urban architecture made by another person.
2. Personal use shall extend to use within a circle of persons who are personally related, in particular by blood or marriage, or who entertain social relations.

In his post entitled “Otrzymałem odpowiedź od rzecznika Komendanta Stołecznego Policji w sprawie MP3“, Piotr informs about the answer he received from podinspektor Maciej Karczyński – spokesman for the Commandant of the Warsaw’s Metropolitan Police.

Internet users who are downloading MP3 files available on the Internet, and then listening to them on their computers, operate on the basis of article 23 of the Act on Authors Rights and Neighbouring Rights, i.e. for the personal use.

wrote Mr Karczyński. Simply saying, the Polish police acknowledged and confirmed the fact that downloading MP3s is legal in Poland.

See also my previous post entitled “Say it loud and clear“.