A Polish lawyer who felt insulted by the comments that appeared on znanyprawnik.eu website, sued its owner. The case went through all instances. The Polish Supreme Court in its judgment of 18 January 2013 case file IV CSK 270/12 dismissed the cassation complaint filed by the offended lawyer. The Court held that all comments were not about facts that could be verified, only described the experience of cooperation with a lawyer and did not contain offensive or vulgar expressions. The plaintiff is an attorney, a public person performing certain services in the field of law and his services should be subject to assessment, which is not always favorable. Due to the nature of the activities carried out by the plaintiff, the limits of acceptable criticism are wider, because the person undertaking public activities does it voluntary, yet inevitable, undergo evaluation and public reaction.
Archive for: ISP liability
Personal interests, case IV CSK 270/12
April 19th, 2013, Tomasz RychlickiConsumer protection, case XVII Amc 5817/11
August 26th, 2012, Tomasz RychlickiThe Polish Court of Competition and Consumer Protection in its judgment of 31 May 2012 case file XVII Amc 5817/11 held that an entrepreneur cannot include in its terms of telecommunication services any regulations and provisions which would release it from the liability for any loss due to lack of customer access to the service provided. Activities that intend to misinformation, confusion, misconception or are directed to exploit ignorance or naivety of the customers and consumers, are contrary to good customs.
Personal interests, case I C 407/12
August 1st, 2012, Tomasz RychlickiFS File Solutions Ltd. is the owner of a popular hosting website chomikuj.pl that allows for hosting different files by using a simple web interface. The Polish Chamber of Books (PCB) is Poland’s publishing industry trade body that found many of its titles available on chomikuj.pl without the permission of copyright holders. The PCB issued negative press and TV statements regarding chomiku.pl policy and business model. The Company sued the PCB for the infringement of its personal interests. FS claimed that by calling it “pirate service” the PCB infringed on its the company name (firm).
The District Court in Warszawa I Civil Chamber in its judgment of 20 February 2013 case file I C 407/12 ruled that PCB did not infringed personal interests of FS.
Personal data protection, case II SA/Wa 2821/11
July 26th, 2012, Tomasz RychlickiThe Polish company Promedica Care Sp. z o.o requested the Inspector General for Personal Data Protection (GIODO) to issue a decision that would order Agora S.A., the owner of gazeta.pl website, to disclose IP addresses of users who posted negative comments regarding Promedica24.pl website. The GIODO decided that Agora S.A. should disclose requested information, although, it also noticed that the provisions of Article 29 of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments, were repealed as of 7 March 2011.
1. The processing of data is permitted only if:
1) the data subject has given his/her consent, unless the processing consists in erasure of personal data,
2) processing is necessary for the purpose of exercise of rights and duties resulting from a legal provision,
3) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract,
4) processing is necessary for the performance of tasks provided for by law and carried out in the public interest,
5) processing is necessary for the purpose of the legitimate interests pursued by the controllers or data recipients, provided that the processing does not violate the rights and freedoms of the data subject.
However, these regulations should be still applied to proceedings initiated before the entry into force of the Act that repealed the above mentioned provisions, and there was no obstacle to justify the refusal to provide the requested data according to the provisions of Article 30 of the PPD.
Article 30
The controller shall refuse the access to the personal data of the filing system to subjects and persons other than those referred to in Article 29 paragraph 1, if it would:
1) result in the disclosure of the information constituting a state secrecy,
2) pose a threat to national defence or security of the state, human life and health, or security and public order,
3) pose a threat to fundamental economic or financial interests of the state,
4) result in a substantial breach of personal interests of the data subjects or other persons.
The General Inspector did not agree with Agora S.A. that providing the requested data would infringe personal interests of the users of gazeta.pl website and its fora. The violation was only hypothetical, and was not supported by proper evidence. Agora S.A. argued that there are no legal instruments that would allow for monitoring the use of disclosed data, and this may lead to their use not only inconsistent with the purpose for which they were disclosed, but even to such use that is contrary to law. The GIODO noted that the absence of such instruments is not synonymous with the use of disclosed data contrary to the purpose for which it was made available. At the moment such data was disclosed, the Company will become the controller (administrator) as defined in the Article 7(4) of the PPD.
Article 7
Whenever in this Act a reference is made to any of the following, it shall mean:
4) controller – shall mean a body, an organisational unit, an establishment or a person referred to in Article 3, who decides on the purposes and means of the processing of personal data.
According to the GIODO, the processing of these data will be subject to the regulations provided in the provisions of the PPD, in particular the obligation not to undergo further processing of the data collected that would not be in accordance with the objectives of the disclosure (so-called principle of expediency/purposefulness), and the control of data processing in compliance with the provisions on personal data protection will be still the competence of the Inspector General. Agora S.A. argued that the provisions of Article 18 of the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usług droga elektroniczną), published in Journal of Laws (Dziennik Ustaw) No. 144, item. 1204 with subsequent amendments, should be applied in its case, not the provisions of the PPD.
Article 18
1. The service provider may process the following personal data of the service recipient necessary for entering in, designing contents, amending or terminating legal relationship between them:
1) service recipient’s surname and names ,
2) his/her PESEL number (Personal Identification Number),
3) his/her permanent residence address,
4) his/her address for correspondence, if it is different than the address referred to in point 3,
5) data used for verifying the service recipient’s electronic signature ,
6) service recipient’s electronic addresses .
2. In order to effect contracts or other legal activity having been concluded with a service recipient, a service provider may process other data necessary due to nature (characteristics) of the service provided or way of its billing.
3. The service provider distinguishes and marks those data from among the data referred to in paragraph 2, as such being necessary for providing services by electronic means in accordance with art. 22 paragraph 1.
4. The service provider may process, upon consent of s service recipient and for the purposes set forth in art. 19 paragraph 2 point 2, other data concerning the service recipient, which are not necessary for providing service by electronic means.
5. The service provider may process the following data describing the way of using the service provided by electronic means by a service recipient (traffic data):
1) denotations identifying the service recipient assigned on the basis of the data referred to in paragraph 1,
2) denotations identifying the telecommunication network terminal or a teleinformation system, which have been used by a service recipient,
3) information about commencement, termination and a range of every usage of the service provided by electronic means,
4) information about using of the service provided by electronic means by a service recipient.
6. The service provider provides the information on data referred to in paragraphs 1 – 5 to the state authorities for the needs of legal proceedings carried on by them.
The provider is therefore obliged to provide information on all categories of data listed in Article 18(1-5) of the PSEM, to the State authorities for the purpose of the proceedings conducted by them. The Inspector General noted that the disclosed information should also be understood as such data. The GIODO said that the provision of Article 18(6) of the PSEM are constructed in general terms and do not indicate either the types of bodies that may request such information, or the types of proceedings: criminal, civil, administrative or enforcement. The Inspector General noted that the provision of Article 18(6) of the PSEM only requires the provider to disclose information to State bodies, and it should not be interpreted broadly as the legal norm that is prohibiting the disclosure of such information to other entities. The GIODO decided that if the legislature had the intention to limit the disclosure of the information referred to in Article 18(1-5) of the PSEM, only for the bodies referred to in Article18(6) of the Act, it would explicitly formulate this provision, for example, by using the phrase “only”, which is a legislative method of defining the closed circle of entities, as it was provided in other regulations, for instance in the Article 66g and Article 66j § 4 of the Polish Act of 17 June 1966 on Administrative Enforcement Proceedings, or in the Article 72(1) of the Polish Act 5 August 2010 on Protection of Classified Information and in Article 105(1) of the Polish Act of 29 August 1997 Banking Law. The Inspector General noted that the legislature did not use the phrase “only” in the provisions of Article 218 of the Criminal Proceedings Code – CRPC – (in Polish: Kodeks Postępowania Karnego) of 6 June 1997, Journal of Laws (Dziennik Ustaw) No 89, item 555, with subsequent amendments, in relation to an obligation to disclose, at the request contained in the order, to the court or the prosecutor any mail and packages and the data referred to in Article 180c and 180d of the Polish Act of 16 July 2000 on Telecommunications Law – TLA – (in Polish: Prawo telekomunikacyjne), published in Journal of Laws (Dziennik Ustaw) No 171, item 1800 with subsequent amendments.
Article 180c
1. The obligation referred to in Article 180a (1) shall cover the data necessary to:
1) trace the network termination point, telecommunications terminal equipment, an end user:
a) originating the call,
b) called;
2) identify:
a) the date and time of a call and its duration,
b) the type of a call,
c) location of telecommunications terminal equipment.
2. The minister competent for communications in agreement with the minister competent for internal affairs, having regard to the type of telecommunications activities performed by operators of a public telecommunications network or providers of publicly available telecommunications services, data specified in paragraph 1, costs of data collection and retention as well as the need to avoid multiple retention and storage of the same data, shall specify, by means of an ordinance:
1) a detailed list of data referred to in paragraph 1;
2) types of public telecommunications network operators or providers of publicly available telecommunications services obliged to retain and store the data.Article 180d
Telecommunications undertakings shall be obliged to provide conditions for access and retention as well as to make available at their own cost the data referred to in Article 159 (1) (1) and (3) to (5), in Article 161 and in Article 179 (9) related to the provided telecommunications service and processed by them to authorized entities, to the court and to the prosecutor, under the terms and observing the procedures specified in separate provisions.
The Inspector General stressed that the legislature has indicated that only the court or the prosecutor is allowed to open the correspondence, mail and data, or order for their opening.
Article 218
§ 1. Offices, institutions and entities operating in post and telecommunications fields, customs houses, and transportation institutions and companies, shall be obligated to surrender to the court or state prosecutor upon demand included in their order, any correspondence or transmissions significant to the pending proceedings. Only the court and a state prosecutor shall be entitled to inspect them or to order their inspection.
The Inspector General also stressed that the above-cited provisions of the CRPC should not be applied in this case, because Promedica Care Sp. z o.o is not the authority conducting the proceedings in a criminal case, and the disclosed personal data will be used by it to initiate civil, not criminal proceedings. The GIODO indicated that Promedica may follow the procedure provided for in Article 29 of the PPD, and civil proceedings under the Civil Proceedings Code – CPC (in Polish: Kodeks Postępowania Cywilnego) of 17 November 1964, published in Journal of Laws (Dziennik Ustaw) No. 43, item 296, with subsequent amendments, regardless of actions taken under the criminal proceedings. Agora S.A. filed a complaint.
The Voivodeship Administrative Court in Warsaw in its judgment of 8 March 2012 II SA/Wa 2821/11 repealed the contested decision, and held that according to the provisions of Article 18(6) of the PSEM, the only one empowered to obtain data collected by the service provider within the meaning of that Act, are the State bodies. The PSEM does not contain any other provision, which serve as the basis for disclosure of data to the entities other than state authorities. The court stated that if the legislature’s intention was to give permission to obtain operational data to entities other than state authorities, it would have included a clear regulation providing for such permission in the PSEM. Data protection is a general rule. The service provider may process personal and operational data only in the extent and on terms defined in the PSEM. Only in the absence of regulations provided in the PSEM such processing may be based on an appropriate application of the PPD. The disclosure of data to third parties – such as Promedica Care – is breaking of that protection and as an exception to the rule cannot be interpreted broadly.
See also “Polish regulations on personal data protection“, “Polish case law on personal data protection“
Personal data protection, case IX Nc 1850/11
April 14th, 2012, Tomasz RychlickiThe Regional Court in Wrocław in its judgment of 2 February 2012 case file IX Nc 1850/11 held that that there was no reason to accept the view that electronic services providers are required to bear costs for rendering information on given data to the state authorities for the needs of legal proceedings carried on by them. Therefore, the court ruled that the Police has to pay to the company that operates social-networking site for gathering and processing requested data and information, according to the specifiaction that was received from the Police.
Personal interest, case I CSK 111/11
March 25th, 2012, Tomasz RychlickiCezary Pazura sued Grupa o2, the owner and publisher of pudelek.pl website. Mr Pazura claimed that the company infringed his dignity, the inviolability of the home, privacy and publicity, by publishing 17 articles that concerned his relationship with Edyta Zajac, then fiancee, and now his wife. He argued that comments like “his mistress was no longer pretending, what she meant?”, “oldish playboy” were clear examples of the infringement. The District Court agreed with Mr Pazura, but Grupa o2 appealled, and the Appellate Court reversed the contested judgment and dismissed the suit. Mr Pazura filed a cassation complaint.
The Supreme Court in its judgment of 14 December 2011 case file I CSK 111/11 repealed the contested decision and returned it to the Appellate Court for further reconsideration. The Court held that the public status of a person does not automatically mean that his or her private life becomes also a “public life”. The Court clarified the understanding of the provision of Article 14(6) of the Polish Act of 26 January 1984 on Press law – APL – (in Polish: ustawa Prawo prasowe), published in Journal of Laws (Dziennik Ustaw) No. 5, item 24, with subsequent amendmets.
It is not allowed to publish information and data concerning the private sphere of life without the consent of the person concerned, unless it is connected directly with the public activity of such a person.
The Court ruled that in this case it was necessary to demonstrate the relationship between the public activity carried out by Mr Pazura, and published image, or private information that was published on pudelek.pl website. Therefore, it had to be a relationship between a person’s behavior in the public sphere. In addition, the disclosure of such information should serve to protect specific, socially legitimate interest. Therefore, the primary task of the courts was to determine whether in this case, Mr. Pazura’s consent was granted, or whether it was not needed at all.
Criminal law, case XI W 1497/11/P
March 15th, 2012, Tomasz RychlickiThe publisher of histmag.org website requested its users to donate money via PayPal or similar services, in order to raise funds for the functioning of this history site. An anonymous user made a complaint to the former Polish Ministry of Internal Affairs and Administration, now Ministry of Interior, claiming that this action constituted an illegal public money collection, which is prohibited according to the provisions of Article 56 § 1 of the Polish Code of Offences – PCO – (in Polish: Kodeks wykroczeń) of 20 May 1971, published in Journal of Laws (Dziennik Ustaw) of 1971 No 12, item 114, with subsequent amendments.
Whoever, without the required permit or in violation of its conditions, organizes, or holds a public collection of donations, shall be subject to a fine.
According to the Polish Act of 5 March 1933 on Public Collections, any public collections of donations in cash or in kind, for a pre-determined goal, requires prior authorization from the authority. This permit should be granted as an administrative decision. The Regional Court in Kraków in its warrant ruling found the publisher guilty. The publisher filed objections to this judgment.
The Regional Court for Kraków-Podgórze in Kraków, Wydział XI Karny in its judgment of 6 February 2012 case file XI W 1497/11/P acquitted the publisher of any charges. The court ruled that the public collection was conducted by receiving direct wire transfers or via PayPal. The provisions of the PCO and the definition of public collection included in the Act on Public Collections refers to public collections of cash or in kind, and are not applicable to electronic transfers.
Copyright law, case C-360/10
February 22nd, 2012, Tomasz RychlickiThe Court of Justice of the EU in its judgment of 16 February 2012 Case C-360/10 Belgische Vereniging van Auteurs, Componisten en Uitgevers CVBA (SABAM) v Netlog NV ruled that Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (Directive on electronic commerce), Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the in formation society, and Directive 2004/48/EC of the European Parliament and of the Council of 29 April 2004 on the enforcement of intellectual property rights, read together and construed in the light of the requirements stemming from the protection of the applicable fundamental rights, must be interpreted as precluding a national court from issuing an injunction against a hosting service provider which requires it to install a system for filtering:
– information which is stored on its servers by its service users;
– which applies indiscriminately to all of those users;
– as a preventative measure;
– exclusively at its expense; and
– for an unlimited period,
which is capable of identifying electronic files containing musical, cinematographic or audio-visual work in respect of which the applicant for the injunction claims to hold intellectual property rights, with a view to preventing those works from being made available to the public in breach of copyright.
Personal interest, case IV CSK 665/10
November 7th, 2011, Tomasz RychlickiWriting under a pseudonym, Dariusz B. posted a comment on the website “Gazeta online Elbląg 24″. In his post Dariusz B. wrote to the Mayor of the Elbląg town, that he has photographs of people who sit in the city council, and he described the content of these pictures as a “sex scandal”. He noted that the Mayor’s spokesman ignored this case, so he wanted to know what should he do next with such photographs. Other anonymous Internet users posted comments under the post that has been written by Dariusz B. One of them has disclosed who is the author of the post, and also expressed a negative opinion about the post, by calling it a blackmail. This person also suggested that Dariusz B. has used the media for his own purposes in order to manipulate press journalists. The intentions of Dariusz B. and his honesty, were also undermined. The post of Dariusz B. was described as a blatant violation of the law for which he should bear criminal responsibility. “Gazeta online Elbląg 24″ is a service available for free. It is operated by the Municipality of the Elblag town. The comment in which personal data of Dariusz B. was disclosed was written from a computer that had the IP address belonging to the organizational unit of the Elblag town. The unit operates wireless Wi-Fi, whose range includes several publicly accessible areas of the building and parking lot adjacent to it. It was not possible to identify the person who posted this comment. The Police, at the request of Dariusz B. commenced an investigation and failed to establish who was the author of the comment, even when the Municipality of Elblag has disclosed all data, including IP addresses. Dariusz B. sued the Municipality of Elbląg for the infringement of his personal interests. The District Court and the Appellate Court dismissed the suit. Dariusz B. filed a cassation complaint.
The Supreme Court in its judgment of 8 July 2011 case file IV CSK 665/10, published in electronic database LEX, under the no. 898708, held that critical comments of the content of post and the very fact of its posting, or disclosure of the name and surname of Dariusz B., was not a violation of his personal interest. However, it was a violation of personal interests (dignity and reputation) when such action has been called illegal activity, fraudulent and manipulative, a blackmail and provocation, which undoubtedly discredited Dariusz B. in public opinion, especially as a social activist, who was active at another online forum. Such statement, not supported by the facts, was unlawful. In the case of an infringement of one’s personal interests, the court may award pecuniary compensation to a person whose personal interests have been infringed, an approriate amount as pecuniary compensation for the wrong suffered or may, on his demand, adjudge an appropriate amount of money to be paid for a social purpose chosen by him, irrespective of other means necessary to remedy the effects of the infringement. Not only the person who directly caused the damage shall be liable, but also any person who has induced or helped another person to cause the damage, including those who consciously took benefit from a damage caused to another person. However, the Court ruled that there was no normal causal link between the actions of the Municipality of Elblag, and the damage suffered by Dariusz B., and such a link occurs only when the action is directed to accomplish the tortious activity.
By opearating a website “Gazeta online Elbląg 24″ and a discussion forum, the Municipality of Elbląg was deemed as the Internet services provider. However, such ISPs, are responsible for the violation of personal rights performed by others only when they knew that the post violates these interests and they did not immediately prevent the access to the post. Therefore, the ISP is not obliged to control the content of posts written by users on a free discussion forum website. Taking into account the nature and purpose of services based on making available free of charge of a discussion website, and considering also that there were no general rules for the management of such services and systems, the Court held that there were no grounds to impose a general obligation on the ISP to provide tools to identify users of such a website. The Court ruled that the anonymity of persons using the publicly available online news website, is a generally accepted principle and essence of this type of service. It provides freedom of expression, which is the goal of such websites. Consequently, the Court held that the ISP that created and provides free access to the website with a discussion forum, has no obligation to ensure the ability to identify the users who maded posts on this website.
Personal interest, case II SA/Wa 364/11
October 13th, 2011, Tomasz RychlickiOn January 2010, a couple of entries signed by the nick “arfulik” appeared on few Polish websites. The author wrote critically about the company Bavaria Consulting and a person who is a member of the board. It seemed that this unknown author conducted a competitive activity. Bavaria and Krystiana D. decided to sue for the infringement of personal interest. They needed personal data of a person who wrote questioned comments. Telekomunikacja Polska (TP), one of the largest ISPs, refused to provide such information, referring to the telecommunications confidentiality included in the Article 159 of the Polish Act of 16 July 2000 on Telecommunications Law – TLA – (in Polish: Prawo telekomunikacyjne), published in Journal of Laws (Dziennik Ustaw) No 171, item 1800 with subsequent amendments. Allegedly slandered filed a complaint to the Inspector General for Personal Data Protection (GIODO). The GIODO ordered the disclosure the personal data but he overturned this decision after TP filed a request for reconsideration. The GIODO decided that such information is subject to the telecommunications confidentiality and found no reason to disclose it. The offended persons lodged a complaint against this decision.
The Voivodeship Administrative Court in its judgment of 7 October 2011 case file II SA/Wa 364/11 dismissed it, and ruled that the intention of bringing action against the author of a forum post or comment is not a sufficient condition to disclose personal data. One has to file a suit for protection of personal interest. Only then, a court in order to avoid procedural deficiency, will summon the telecommunications operator to disclose personal data of the author of the questioned post.
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Personal interests, case I CSK 743/10
October 8th, 2011, Tomasz RychlickiThe Supreme Court in its judgment case file I CSK 743/10 ruled that if the newspaper, which lost a case for protection of personal interests and was ordered to publish an apology in the paper version, has also an online edition, then such a newspaper should also place a reference to apologies for this publication in its online archive.
Trade mark law, case C-236/08
September 6th, 2011, Tomasz RychlickiThe Court of Justice of the EU in its judgment of of 23 March 2010 joinded Cases C-236/08 to C-238/08 ruled that the Article 5(1)(a) of First Council Directive 89/104/EEC of 21 December 1988 to approximate the laws of the Member States relating to trade marks and Article 9(1)(a) of Council Regulation (EC) No 40/94 of 20 December 1993 on the Community trade mark must be interpreted as meaning that the proprietor of a trade mark is entitled to prohibit an advertiser from advertising, on the basis of a keyword identical with that trade mark which that advertiser has, without the consent of the proprietor, selected in connection with an internet referencing service, goods or services identical with those for which that mark is registered, in the case where that advertisement does not enable an average internet user, or enables that user only with difficulty, to ascertain whether the goods or services referred to therein originate from the proprietor of the trade mark or an undertaking economically connected to it or, on the contrary, originate from a third party.
2. An internet referencing service provider which stores, as a keyword, a sign identical with a trade mark and organises the display of advertisements on the basis of that keyword does not use that sign within the meaning of Article 5(1) and (2) of Directive 89/104 or of Article 9(1) of Regulation No 40/94.
3. Article 14 of Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (‘Directive on electronic commerce’) must be interpreted as meaning that the rule laid down therein applies to an internet referencing service provider in the case where that service provider has not played an active role of such a kind as to give it knowledge of, or control over, the data stored. If it has not played such a role, that service provider cannot be held liable for the data which it has stored at the request of an advertiser, unless, having obtained knowledge of the unlawful nature of those data or of that advertiser’s activities, it failed to act expeditiously to remove or to disable access to the data concerned.
Personal interest, case I ACa 544/10
March 22nd, 2011, Tomasz RychlickiA critical article was published in a paper magazine entitled “Forum Akademickie”. It concerned one of the scientist from the University of Opole. Some offensive comments appeared also at magazine’s online forum. These entries were removed after the administrator received a notice from the researcher. There was another offensive entry published on 30 November 2008, but on the same day it has been removed by a site administrator. The researcher sued the editor for allowing for the publication of inaccurate and defamatory comments which in consequence infringed on his personal interests. The District Court in Lublin dismissed the claim as unjustified. The Court held that according to regulations included in Article 14 and 15 of the PSEM the defendants cannot be held responsible because they prevented the access to questioned data/entries. The plaintiff appealed.
The Appellate Court in Lublin in its judgment case file I ACa 544/10 held that defendants should be held liable because they provided a website that was used for discussion and exchange of different views and they posted also a warning message about the moderation or deletion of entries that will not fit for certain rules, although according to the Court they were not obliged to do so, but they also employed for this purpose a person whose duty included monitoring the entries and the removal of those that were posed not in accordance with law and social norms. Therefore, The Court ruled that defendants had knowledge of illegal entries. As a result, they were responsible for failing to remove them without delay and to do so only after many months, at the request of the plaintiff.
The Court ordered the defendants (the editor of the magazine and its publisher) to publish under the article the statement of apology and to pay jointly 5.000 PLN to charity. The judgement is not final.
Personal data protection, case II SA/Wa 1212/10
February 4th, 2011, Tomasz RychlickiThe case of Tomasz W. and his image treated as personal data still continues. See “Personal data protection, case I OSK 667/09“. GIODO annulled its earlier decision, however it also refused to take account Tomasz W. requests in its new decision. GIODO ruled that personal data (photos and captions) of Tomasz W. are not presented on the website, and are not publicly available because they were removed from the specified address. GIODO also noted that Nasza-Klasa is still processing the personal data treating it as evidence, because it keeps them on its servers and in the system’s memory. GIODO finally held that the Company, as controller, is processing these data under provisions of Article 23(1)(v) of the PPD, under which such the processing of data is permitted because it is necessary for the purpose of the legitimate interests pursued by the controller and that the processing does not violate the rights and freedoms of the data subject. Among the reasons justifying the data processing, GIODO mentioned the possibility of establishing the responsibility of the recipient for violations of the Terms of Service that were set by the Company. This judgment is not final yet. GIODO filed a cassation complaint.
The Voivodeship Administrative Court in Warsaw in its judgment of 1 December 2010 case file II SA/Wa 1212/10 ruled that, these circumstances do not fulfill the conditions for legitimate interests of data processing. It should be noted that the condition relates to the existing and unquestionable situation, so if there is a need to demonstrate a need to claim in business, not a situation where the data are processed for eventual trial and the possible need to prove that personal data obtained without the consent of the person concerned shall be processed in accordance with the law. The Court also noted that Tomasz W. only announced but he did not initiate any courts proceedings against Nasza-Klasa. Therefore, according to the Court, Nasza-Klasa was not allowed to process personal data only to protect itself against any future and uncertain claims mentioned by Tomasz W. Otherwise, there are doubts how long to process personal data if Tomasz W. fails to comply with his announcement.
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Personal interest, case XXIV C 760/09
October 26th, 2010, Tomasz RychlickiKataryna, actually Katarzyna Sadło appeared in the Polish blogoshpehre shortly after the so-called Rywin affair. Since then Kataryna simultaneously publish her blogs on both blox and salon24.pl websites. She quickly became well-known person who comments on political life in Poland and received a large number of comments. Her identity quickly began to attract the interest of the mass-media. A few journalists were suspected for writing under this pseudonym. Kataryna gave interviews in press but did not disclose her identity.
In May 2009, the owner Salon24 website announced that Krzysztof Czuma, son of the Polish Minister of Justice Andrzej Czuma, sent a letter to Salon24 seeking the removal of lying and offensive blog entry of “a Kataryna”. Salon24 responded that the content of the blog posts does not affect the TOS of Salon24 and therefore it will not be removed. However, Kataryna announced that if the minister Czuma would like to bring the civil lawsuit against her, she will reveal her personal data.
Shortly after that, the Polish daily newspaper “Dziennik Polska-Europa-Świat” published information that it knows the identity of the blogger. Although the newspaper did not publish her name, but described it in a way that allowed for unambiguous identification. These were more than enough information to let Internauts to identify Katarzyna Sadło as Kataryna.
Kataryna decided to reveal (tweet) the contents of SMS, which has received from Sylwia Czubkowska, a journalist reporter from Dziennik, in which the she urged Kataryna to disclose her identity in the newspapers and warned that otherwise the information may be used by “Fakt” which is a tabloid owned by the same publisher – Axel Springer Poland. Kataryna sued Axel Springer, the publisher of “Dziennik” and the editors of this newspaper for violation of her right to privacy. The case was brought before the District Court in Warsaw case file XXIV C 760/09, however it was settled out of the court.
Personal data protection, case DOLiS/DEC-1013/10 concerning DOLiS-440-276/10
September 27th, 2010, Tomasz RychlickiThe Inspector General for Personal Data Protection (GIODO) in its decision of 13 September 2010 case file DOLiS/DEC-1013/10 concerning DOLiS-440-276/10 ruled that according to the wording of Article 18(1) pt 2 of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments, in the event of the breach of provisions on personal data protection, the GIODO ex officio or at the request of the person concerned, by an administrative decision, shall order the restoration of the situation in accordance with the law and, in particular, to complete, update correct, disclose or not to disclose of personal data.
Article 18
1. In case of any breach of the provisions on personal data protection, the Inspector General ex officio or upon a motion of a person concerned, by means of an administrative decision, shall order to restore the proper legal state, and in particular:
1) to remedy the negligence,
2) to complete, update, correct, disclose, or not to disclose personal data,
3) to apply additional measures protecting the collected personal data,
4) to suspend the flow of personal data to a third country,
5) to safeguard the data or to transfer them to other subjects,
6) to erase the personal data.
2. The Inspector General’s decisions referred
Given the circumstances of the case, the GIODO considered that he is authorized – by the established rules – to order the Company to disclose to the applicant information about a person who, on in 2010, at 20:29 had registered on www.gowork.pl web portal using the nickname “anonymous”, i.e. information about IP address of a computer used to post the questioned entry.
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Personal interest, case I C 144/10
August 15th, 2010, Tomasz RychlickiA Polish citizen filed a civil suit against Nasza Klasa company – the owner and operator of social networking website. He seek an apology and a payment for the infringement of his personal interest by the fact that Nasza Klasa refused to provide the plaintiff with personal data of the person who set up a fake profile, and allowed for the creation of such a profile, which was finally closed after several unsuccessful requests.
The Inspector General for Personal Data Protection in its decision of 5 March 2010 ordered Nasza Klasa to provide the plaintiff with information (full name, address, e-mail and IP address of a computer) of the person who set up the profile of the YYY number on nasza-klasa.pl website, ordering at the same time, to fulfill the obligation referred to in Article 33(1) of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments.
Article 33
1. At the request of the data subject, within the period of 30 days, the controller shall be obliged to notify the data subject about his/her rights, and provide him/her with the information referred to in Article 32 paragraph 1 point 1-5a as regards his/her personal data, and in particular specify in an intelligible form:
1) the category of personal data contained in the file,
2) the means of data collection,
3) the purpose and the scope of data processing,
4) the recipients of the data and the scope of access they have been granted.
While executing this decision Nasza Klasa informed the plaintiff that the fictional profile was set up on behalf of a person of a first name “s d.”, the second name “w. I’m gay”, having e-mail address xyz@wp.pl. At the same time the company informed the plaintiff that it has no data with regard to IP addresses from which the profiles are set on its website, these data are not collected, and kept or archived. However, as it was also clear from the order of the District Court in Poznań of 16 June 2010 on an ongoing parallel criminal proceedings that Nasza Klasa provided the Police with the IP number, host and e-mail address of the person who has registered this fictitious profile containing personal information of the plaintiff.
The District Court in Wrocław in its judgment of 23 July 2010 case file I C 144/10 ruled that the way that Nasza Klasa has executed the decision bears hallmarks of malignancy, where the repetition of the contents of the fake profile certainly violated the plaintiff’s dignity. The Court noted also that the activity of Nasza Klasa which allows its users for the opening of online accounts, including fictitious accounts does not have the characteristics of illegality. Therefore, the plaintiff was not allowed to infer the responsibility of Nasza Klasa, because during the use of legal mechanisms, there was an infringement of his personal interests. In other words, the illegal nature has only the act of the direct infringer – an unknown person who registered fictional profile on nasza-klasa.pl website, that was containing personal information of the plaintiff, including his image, in the context of information insulting him.
The mere creation of a registration/login mechanism within defendant’ hosting services, without any specific negligence in the performance of duties imposed by law cannot justify the defendant’s liability for the infringement of personal rights of the plaintiff. According to the Court such reasoning would justify shifting the liability of the direct offender of personal right to the hosting service provider.
The Court, held that Nasza Klasa committed a violation of personal rights by refusing to grant the plaintiff an access to personal data of the person who set up a fake profile infringing on his personal interest and being opprobrious to his identity, despite the fact that the plaintiff was entitled to obtain it, which was confirmed by final decision of the GIODO. The Court ruled that Nasza Klasa company as a professional hosting provider, which created and maintains a social networking website – in accordance with its TOS – should be aware of how the decision of Inspector General for Personal Data Protection should be executed. Moreover, Nasza-Klasa was aware of the circumstances of the plaintiff’s case, which lasted almost a year. At that time, the plaintiff has shown a determination to assert his rights, despite the fact that without a personal data of the offender, has repeatedly been put in a kind of a hopeless situation, not only by law enforcement, but also by Nasza-Klasa company. Since Nasza-Klasa did not have the name of the person who registered the fictitious profile with the data of the plaintiff, it shall inform the plaintiff and explain the problem and execute the decision of the GIODO with regard to available data (IP, e-mail address of the perpetrator). Nasza Klasa decided to file an appeal complaint. The Appelatte Court in Wrocław in its judgment of 18 Nobember 2010 case file I ACa 1129/10 reversed the previous judgment and dismissed the suit.
Telecommunications law, case I OSK 1079/10
August 3rd, 2010, Tomasz RychlickiThis is the continuation of a story described in “Personal data protection, case II SA/Wa 1598/09“. The Supreme Administrative Court in its order of 15 July 2010 case file I OSK 1079/10 decided to stay the execution of the decision issued by the Inspector General for Personal Data Protection (GIODO), and ruled that the Polish Act of 16 July 2000 on Telecommunications Law – TLA – (in Polish: Prawo telekomunikacyjne), published in Journal of Laws (Dziennik Ustaw) No 171, item 1800 with subsequent amendments, provides broader protection of personal data because of telecommunications confidentiality, than the provisions of the Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), published in Journal of Laws (Dziennik Ustaw) of 29 October 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments. The Court held that the disclosure of IP addresses which enable identification of specific individuals, that was ordered during administrative proceedings initiated with regard to disclosure of such data, while such proceedings did not ended with judgment in force, may violate the provisions of Article 160 of the TLA.
Article 160.
1. An entity participating in the performance of telecommunications activities within public networks and entities cooperating with it shall keep the telecommunications confidentiality.
2. Entities referred to in paragraph 1 shall maintain due diligence, within the scope justified by technical or economic reasons, while securing telecommunications equipment, telecommunications networks and data collections from disclosing the telecommunications confidentiality.
3. A person coming into possession of a message not meant to be read by him/her when using radio or terminal equipment shall keep the telecommunications confidentiality. The provisions of Article 159 (3) and (4) shall respectively apply.
4. The recording of a message acquired in a manner described in paragraph 3 by a body executing control of telecommunications activities in order to document a violation of a provision of the Act, shall not be a violation of the telecommunications confidentiality.
While assessing the validity of the request to stay the execution of GIODO’s decision to disclose the requested IP address at this stage of proceedings, the Court agreed with the author of the cassation complaint, that the execution of the questioned decision at this stage makes it impossible to reverse the actions taken after the disclosure of the IP addresses, and such action should be seen as causing the effects that are difficult to reverse according to Article 61(3) of the Act of 30 August 2002 on the Law on Proceedings Before Administrative Courts – PBAC – (in Polish: Prawo o postępowaniu przed sądami administracyjnymi), published in Journal of Laws (Dziennik Ustaw) No 153, item 1270, subsequent amendments.
§ 1 Filing a complaint does not stay the execution of the act or actions.
§ 3 After the delivery of a complaint to the court, the court may issue at the request of the applicant, the order to stay the execution, in whole or in part of the act or actions referred to in § 1, if there is a risk of causing significant damage or cause to be difficult to reverse, with the exception of the provisions of local law which entered into force, unless the special Act excludes the stay of their execution. The refusal to stay the execution of the act or actions by the authority, does not deprive the applicant of action to the court. This also applies to acts issued or adopted in all proceedings conducted within the same case.
The SAC held that if the Supreme Administrative Court would agree with the cassation complaint filed against the judgment of the Voivodeship Administrative Court of 3 February 2010 case file II SA/Wa 1598/09, the effects of the execution of the questioned decision could not be reversed, because the IP address identifying a specific person is available to another participant in the proceedings. Accordingly, the court held that the correct solution at this stage of proceedings, is to stay the execution of the questioned decision also with a view to the impact of which its execution might result in, as well as the nature of the protection of personal data resulting from the relevant regulations such as, inter alia, the TLA.
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Internet websites, case I C 1532/09
March 13th, 2010, Tomasz RychlickiThe Observatory of Media Freedom in Poland run by the Helsinki Foundation for Human Rights reported on a case of Augustyn Ormanty, the mayor of Kalwaria Zebrzydowska town, who sued Tomasz Baluś, the administrator of naszakalwaria.pl website, for personal rights infringement after he found that the website hosted defamatory comments directed to his person. Mr. Ormanty decided to request the court to order the removal of 18 comments because he received negative response from Tomasz Baluś who claimed that these questioned statements put in the form of comments to information published at his website, are the individual opinions of people who wrote it, for the content of which, Tomasz Baluś is not responsible, because they are owned by their authors.
The District Court I Civil division in Kraków in a judgment of 11 MArch 2010 case file I C 1532/09 ruled that naszakalwaria.pl website cannot be deemed as the press according to provisions of the Polish Act of 26 January 1984 on Press law – APL – (in Polish: ustawa Prawo prasowe), published in Journal of Laws (Dziennik Ustaw) No. 5, item 24, with subsequent amendmets, because it did not meet the criterion of periodicity. The court noted that naszakalwaria.pl website is rather a collection of publications and serves as a wall on which people are able to post their comments. The court emphasized that the purpose of Internet portals, such as naszakalwaria.pl is primarily to initiate and shape public debate on issues important to the local community. The court added that the Internet is, in principle, free from control and could be subject to control only, if it fits the regulation provided in the APL. The court also stated that Augustyn Ormanty failed to prove that the offensive – in his opinion – comments related to the facts. According to the Court, they were rather opinions, which in principle cannot be judged based on the criterion of truth and falsehood.
In addition, the court held that Tomasz Baluś had a limited capacity for meticulousy checking and editing of the entries appearing on the forum of his website because of their large numbers. The court stated that the measures taken by the Mr. Baluś to search and control the entries for vulgarity and to remove obviously insulting comments were sufficient. According to the Court, Mr. Ormanty had a possibility and the right to request the removal of comments he found insulting, based on provisions of Article 14 of the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usług droga elektroniczną), published in Journal of Laws (Dziennik Ustaw) No. 144, item. 1204 with subsequent amendments.
1. A person who gives access to the contents of a network IT system to a customer, where the customer stores data, is not aware of the illegal features of the data or activity connected with the data and upon receiving an official notification or credible information about the illegal features of the data or activity connected with it, immediately bars access to the data, shall not be responsible for the data.
2. A Service provider who has received the official notification of an illegal character of the stored data that was supplied by the customer, and prevented the access to the data, shall not be liable to the customer for damages resulting from preventing access to such data.
3. A service provider who has received credible information of the illegal character of the stored data supplied by the customer and prevented access to the data, shall not be liable to the customer for the damage resulting from preventing access to such data, if it has immediately notified the customer of the intention to prevent access to data.
The court pointed out to the argument stating that the mayor is a public figure who must reckon with the fact that its activities may be subject to criticism. As a public figure, Mr. Ormanty should show greater resistance to critical opinions, negatively evaluating the performance of the functions entrusted to him. In conclusion, the Court added that the law has not kept pace with the development of modern technology and therefore, it does not precisely regulate the issues of freedom of expression in the Internet. Therefore, the careful evaluation of such situations, is entrusted to the judges. Their task is to ensure and guarantee the freedom of expression in similar cases.
See also “Social networking sites, case I A Ca 1202/09“.
Press law, case VII Ka 715/09
March 7th, 2010, Tomasz RychlickiTwo partners of a civil partnership have been accused that in the period from 10 April 2002 to 4 June 2006, they have been acting jointly and in the agreement, and they have been publishing without the adequate and propert registration a periodical entitled “www.bielsko.biala.pl” that was available in the Internet, i.e., they were accused of commiting an offense under Article 45 of the Polish Act of 26 January 1984 on Press law – APL – (in Polish: ustawa Prawo prasowe), published in Journal of Laws (Dziennik Ustaw) No. 5, item 24, with subsequent amendmets.
Anybody who publishes a daily newspaper or a periodical without registration or with registration suspended is subject to a fine penalty or the restriction of liberty.
The Prosecutor from the Regional Prosecution Office in Bielsko-Biala wrote clearly in the indictment act file 2 Ds. 196/08/MŁ, that Article 45 of the APL protects freedom of press.
The Regional Court in Bielsko-Biała in a judgment of 2 June 2009, case file IX K 2011/08, found them guilty. The defendants appealed.
The District Court in Bielsko-Biała, VII Criminal Appeals Division, in a judgment of 14 January 2010, case file VII Ka 715/09, has overturned the earlier sentence and discontinued the criminal proceedings. The court agreed with the court of the first instance that the accused persons commited the offence, however, the court also ruled that the degree of social harmfulness of their activity was minimal. By performing the publishing activities without the registration, both defendants did not cause anyone any harm.
What is more interesting, on 18 April 2008 both partners and later the accused persons, have applied for the registration of press activity/publishing in the form of a website available at www.bielsko.biala.pl. The request contained information that the website is updated daily. The District Court Civil Division I, in a decision of 5 June 2008, case file NS Rej. Pr. 12/08 k. 26-27, ordered the entry of the “www.bielsko.biala.pl” press title into the Register of Daily Newspapers and Periodicals.
See also “Press law, case VI Ka 409/07” and “Press law, case II K 367/08“.
Social networking sites, case I A Ca 1202/09
March 3rd, 2010, Tomasz RychlickiNasza-Klasa.pl website is a very popular Polish social networking service bringing together classmates. It provides its users with a possibility to contact and search for old friends. In 2008, an unknown person created an account for the name of Dariusz B., The fake profile included his personal data: name, place of residence, phone number, age and images. This account was set without the knowledge and the consent of Dariusz B. Many offensive comments were sent from this fake account to other users of the portal. These comments provoked negative emotions and responses from its recipients. Dariusz B. and his wife, tried to apologize to every person they met. Dariusz B. was also forced to change his phone number, and met with harsh comments from friends, and especially from the strangers. Maria B. – wife of Dariusz B. contacted Nasza-Klasa.pl by e-mails with the request to remove or to block the fake account. When it did not bring any results, they brought a lawsuit against Nasza-Klasa.pl.
Nasza-Klasa.pl was found responsible by both the District and the Apellate courts because it has not removed, or at least not immediately blocked the fake account, created in the name of Dariusz B., thereby making violations of his personal interests possible.
The Appellate Court in Wrocław in its judgment of 15 January 2010 case file I A Ca 1202/09 ruled that nature of the infringement performed by Nasza-Klasa.pl was to allow a third party to encroach on personal rights of Dariusz B., by not fulfilling its obligations under the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usług droga elektroniczną), published in Journal of Laws (Dziennik Ustaw) No. 144, item. 1204 with subsequent amendments.
Article 14
1. A person who gives access to the contents of a network IT system to a customer, where the customer stores data, is not aware of the illegal features of the data or activity connected with the data and upon receiving an official notification or credible information about the illegal features of the data or activity connected with it, immediately bars access to the data, shall not be responsible for the data.2. A Service provider who has received the official notification of an illegal character of the stored data that was supplied by the customer, and prevented the access to the data, shall not be liable to the customer for damages resulting from preventing access to such data.
3. A service provider who has received credible information of the illegal character of the stored data supplied by the customer and prevented access to the data, shall not be liable to the customer for the damage resulting from preventing access to such data, if it has immediately notified the customer of the intention to prevent access to data.
According to the Court, Nasza-Klasa.pl did not immediately block, and then delete the questioned fake account. Therefore, it forced Dariusz B. to bear a humiliating behavior caused by another person, which in consequence violated his serenity, good mood, sense of personal dignity, i.e. his personal interests. However, the Court did not agree with the argument that the standard of conduct, professionalism, requires the administrator to filter and delete statements that violate the law or may violate the law in an objective view, without a prior notice regarding such event. Putting such a requirement would be contrary to the provisions of Articles 14 and 15 in connection with Article 12 of the PSEM.
Personal data protection, case I OSK 667/09
February 13th, 2010, Tomasz RychlickiOn 15 January 2008, Tomasz W. filed with the General Inspector for Personal Data Protection (GIODO) a complaint concerning an unauthorized processing of personal data carried out by the Polish company Nasza Klasa Sp. z o.o. from Wroclaw, the owner of nasza-klasa.pl website. He informed the GIODO, that this very popular Polish website on classmates, hosts a photo featuring his image together with a list of names of other photographed people attached to it. Tomasz W. has repeatedly appealed to the website administrators with the request to remove his name from the list. However, he received no response from Nasza Klasa company.
As a result of the investigation, the GIODO found that on 31 December 2007, a registered user of nasza-klasa.pl posted classmates’ photo featuring students of a primary school. On the same day, another registered user, placed the names of people who were portrayed at the photograph – including the name and surname of Tomasz W. On 2, 9 and 14 January 2008, Tomasz W. requested Nasza Klasa Sp. z o.o. the removal of his personal data.
In a decision of 27 May 2008, case file DOLiS/DEC-314/08/13239, the GIODO, relying on the provisions of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), published in Journal of Laws (Dziennik Ustaw) of 29 October 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of 6 July 2002, No. 101, item 926, with subsequent amendments, ruled that information on the applicant’s full name, school and class to which he attended, together with his image, are personal data and the data collector is Nasza Klasa Sp. z o.o.
However, the GIODO also ruled that it should be borne in mind that according to the provision of the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usług droga elektroniczną), published in Journal of Laws (Dziennik Ustaw) No. 144, item. 1204 with subsequent amendments, Nasza Klasa sp. z o.o. provides electronic services for registered users of the portal website, consisting of the storage of data of these users in the computer system. This activity is the condition to legalize the processing of personal data in accordance with article 23(1) pt. 5 of the PPD. In addition, the GIODO found that in this case the applicant’s rights have not been violated, because the access to its data was limited to a group of people registered on nasza-klasa.pl website.
Tomasz W. asked the GIODO for the retrial. He pointed out that the reasons for the decision have many contradictions, inconsistencies and is ambiguous. He accused the GIODO of laconic and cursory treatment of his case. He again emphasized that his personal data have been published on the nasza-klasa.pl website without his knowledge or consent, in violation of his civil rights and liberties.
After the rehearing of the case, the GIODO annulled the contested decision, and discontinued the proceedings. GIODO claimed that the re-examination of the case leads to the conclusion that the disputed information about Tomasy W. did not fall within the definition of personal data. The name and surname have been given under his old image from many years ago. Hence, the combination of photos from the past, with a name and surname of a person and a primary school, which such person attended did not allow for the identification of a person without excessive costs and time. The findings that the disputed information is not personal data within the meaning of the PPD caused the proceedings in the matter to be groundless and on the basis of article 105 § 1 of the APC, it had to be discontinued.
Tomasz W. lodged a complaint with the Viovodeship Administrative Court in Warsaw. The complainant asked for annulment of the decision of first and second instance. Tomasz W. claimed the violation of the substantive law, i.e. article 6(1) of the PPD, through its improper interpretation, of article 32(1) pt 7 and 8 of that Act, by recognizing that Tomasz W. is not entitled to request cessation of the processing of his data and the right to object, and a breach of article 7 of the APC by not explaining all the relvant facts. Tomasz W. disagreed with the statement of the GIODO that questioned information about his person is not personal data within the meaning of the PPD. He stated that any information about an identified or identifiable individual is personal data. Furthermore, he argued that the claim of the GIODO that the data are available only for specific people – registered users of the portal is not acceptable, because nasza-klasa.pl has no mechanisms for verification of users identity, which makes the questioned data easily accessible for everyone. Moreover, Tomasz W. also argued that a registered user who does not know him would have some difficulty in identifying his person but such obstacles would not happen to a person who knows about Tomasy W., and is looking for additional information.
The Voivodeship Administrative Court in its judgment of 3 March 2009 case file II SA/Wa 1495/08 ruled that the GIODO erred in its decisions, because information about the name and surname of Tomasz W., combined with information about the name and address of the primary school and the determination of the class to which he attended in 1978/79, even if it was thirty years ago, are personal data. According to the Court provisions of article 1 of the PPD introduced the principle of autonomy of human information, meaning the protection of information about human being. This provision is a kind of emanation of the general right guaranteed by the Polish Constitution in article 47, according to which “Everyone shall have the right to legal protection of his private and family life, of his honour and good reputation and to make decisions about his personal life”. This means that the protection of personal data is related to the protection of privacy rights. This follows from the wording of article 6 of the PPD, indicating that the personal data concern identified or identifiable natural or legal person and that the identifiable is a person is one whose identity can be determined. From wording of that provisions the VAC concluded that personal data are data that identify a person’s identity. The VAC also relied on the content of recital 12 of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, which emphasized the protection of all data relating to a person, and therefore also information about someones past.
(12) Whereas the protection principles must apply to all processing of personal data by any person whose activities are governed by Community law; whereas there should be excluded the processing of data carried out by a natural person in the exercise of activities which are exclusively personal or domestic, such as correspondence and the holding of records of addresses
However, in recital 26 of the abovementioned Directive states that data protection rules must apply to any information concerning an identified or identifiable person. In order to determine whether a person is identifiable, all the means which can be used by the controller or any other person to identify a person, should be taken into the account. The rules of data protection do not apply to data rendered anonymously in such a way that a subject of the data can not be identified. The identification of a given person concerns also past information about a specific human being, by which information one can learn about such person’s identity. Accordingly, the VAC held that European law means the protection of personal data as the protection of all the facts concerning the past of a particular person, which corresponds with the content of article 6(2) of the PDP. So this means that such data would also be protected. Referring to the foregoing facts of Tomasz W. case, the VAC ruled that that nasza-klasa.pl website published his image and name. In the opinion of the court these are the personal data which are protected by the PPD, because on their basis one is able to identify given person.
Nasza Klasa sp. z o.o. filed a cassation complaint with the Supreme Administrative Court (SAC) challenging in entirety the judgment of the VAC. The Supreme Administrative Court in a judgment of 18 November 2009, case file I OSK 667/09, rejected the complaint. The SAC held that the primary issue arising in this case was whether a classmates’ picture that was taken thirty years ago, at which Tomasz W. is potrayed, in the circumstances of the case, can be analyzed to determine his identity without necessarily involving excessive resources or time, and therefore, whether the data disclosed in the photo in question, constitutes personal data within the meaning of article 6 of the PPD, and whether it should be protected.
The concept of “personal data” on the Polish law includes any information concerning an individual if it is possible to define its identity and its identification. Personal data is a set of messages about a particular person such integrated that it allows for its individualization. It includes at least information necessary for identification (name, surname, place of residence), but this is not restricted, because it also include further information, strengthening the degree of identification. Such information will also include pictures of the individual, even if they were taken in the past, allowing to identify a person. In a situation where such a photograph is presented with a name and surname of the person portrayed, in a place accessible to an unlimited number of entities, it must be considered that it constitutes personal data subject to protection under the PPD. Mainly, the objective evaluation criteria decides for the qualification of given information as personal data, but it also should comprise of all information, including extralinguistic (context), to which third party may have or has an access. A different approach to the presented issues would maginalize the importance of the laws and it would not relate to its designated function.
Thus it should be considered that the image of Tomasz W. portrayed at the photograph that was taken 30 years ago, affixed with the class, his name and surname, and then published at nasz-klasa.pl website constitutes personal data within the meaning of article 6(2) of the PPD, and the cassation complaint was not justified. The SAC also noted that the consent for the processing of personal data cannot be in any way implied.
The SAC also stressed the fact the Internet as a source of information is increasing on a unknown scale and importance. It provides an access to specific information to a vast number of persons and allows for any of its processing within the meaning of the PPD. At the same time there are not yet developed appropriate mechanisms for the protection of individual rights when those rights have been violated as a result of the disclosure of information on the Internet. Then, it is a great role of law enforcement bodies, including the Inspector General for Personal Data Protection in creating practice to comply with applicable laws also on the Internet. It is an unacceptablr situation in which the entity seeks to remove its image from a particular website, and the administration fails to take action to ensure the protection of civil rights. The image is one of the very personal property rights and lack of consent to its publication, if it is not a public person, is a sufficient reason to believe that regulations of the PPD apply, if the conditions set in the article 6(2) of the PPD have been met. There is a legal sequel to this story. See “Personal data protection, case II SA/Wa 1212/10“.
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Personal data protection, case I OSK 1079/10
February 5th, 2010, Tomasz RychlickiAccording to lawyers representing the singer Maryla Rodowicz, on the forum of one of the Polish portal websites appeared entries with the content which allegedly violated her personal rights (interests). The lawyers requested the owner to reveal IP addresses of users who posted these entries. The administrator of the portal website deleted the disputed entries but did not reveal any of the IP addresses. Lawyers filed a request to the Inspector General for Personal Data Protection (GIODO), who ordered the portal to disclose IPs on the grounds that these numbers are personal data. The owner of the portal again refused. The case went to the Voivodeship Administrative Court (VAC) in Warsaw, which in a judgment of 3 February 2010, case file II SA/Wa 1598/09 upheld the decision of the GIODO. The company who owns the portal may file a cassation to the Supreme Administrative Court (SAC). The VAC judgment provides the interpretation that IP address is a personal data, in accordance with the statutory definition included in article 6 of the Polish Act of 29 August 1997 on the Protection of Personal Data – PPD – (in Polish: Ustawa o ochronie danych osobowych), Journal of Laws (Dziennik Ustaw) of October 29, 1997, No. 133, item 883, unified text published in Journal of Laws (Dziennik Ustaw) of July 6, 2002, No. 101, item 926, with later amendments.
Article 6
1. Within the meaning of the Act personal data shall mean any information relating to an identified or identifiable natural person.
2. An identifiable person is the one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity.
3. A piece of information shall not be regarded as identifying where the identification requires an unreasonable amount of time, cost and manpower.
The VAC also noted that the IP address is personal data if it is permanently assigned to the specified device, and that device is used or operated by a specified entity. This dependence makes certain, in given situations, that there is the possibility of identifying such entity. The Court said that it is true that the IP address itself is not sufficient to identify a person who use it, but together with other information a person can be identified. Grupa o2, the owner of a portal website filed a cassation complaint.
The Supreme Administrative Court in its judgment of 19 May 2011 case file I OSK 1079/10 dismissed the complaint and decided that information on the date and contents of the posts that are correlated with IP addresses, allows for unambiguous determination of identity of persons who have violated someone’s personal interests.
There was another court’s decision with regard to the aforementioned case and the disclosure of IP addresses. See “Telecommunications law, case I OSK 1079/10“. The U.S. courts and judges have quite different views on this issue. Read for example Johnson v. Microsoft Corp., 2009 WL 1794400 (W.D. Wash. June 23, 2009).
See also “Polish regulations on personal data protection” and “Polish case law on personal data protection“.
Press law, case VI Ka 202/09
August 3rd, 2009, Tomasz RychlickiThis is the continuation of a story described in “Press law, case II K 367/08“. The District Court in Słupsk in its judgment of 18 June 2009 case file VI Ka 202/09 held that gby.pl – a portal website operated by Leszek Szymczak constituted press under the Press law, however, comments posted on this website by the Internauts do not constitute a press material for the content of which the website administrator could be held responsible. The District Court held that the posts are not letters to the editor or are not – as the Prosecutor argued – “quasi-letters” to the editor. The court said that the posting process on an internet forum is made automatically, there is no prior moderation of such messages.
The administrator of a portal website, which allows for posting comments, is the hosting service provider and is subject to regulations included in Article 14 of the Polish Act of 18 July 2002 on Providing Services by Electronic Means – PSEM – (in Polish: ustwa o świadczeniu usług droga elektroniczną), published in Journal of Laws (Dziennik Ustaw) No. 144, item. 1204 with subsequent amendments.
1. A person who gives access to the contents of a network IT system to a customer, where the customer stores data, is not aware of the illegal features of the data or activity connected with the data and upon receiving an official notification or credible information about the illegal features of the data or activity connected with it, immediately bars access to the data, shall not be responsible for the data.
2. A Service provider who has received the official notification of an illegal character of the stored data that was supplied by the customer, and prevented the access to the data, shall not be liable to the customer for damages resulting from preventing access to such data.
3. A service provider who has received credible information of the illegal character of the stored data supplied by the customer and prevented access to the data, shall not be liable to the customer for the damage resulting from preventing access to such data, if it has immediately notified the customer of the intention to prevent access to data.
The Court ruled that the service provider cannot be held liable for material posted by its users. The court noted that the decision does not mean that no one should be held liable for the posts that contain an offensive material that is a subject to criminal prosecution. The responsibility for this activity should be borne by a direct perpetrator and the prosecution authorities should identify such persons by using the available technical resources (IP addresses). The Prosecution cannot go after the smallest line of resistance and charge the administrators, instead of the actual perpetrators.
See also “Press law, case VI Ka 409/07” and “Internet websites, case I C 1532/09“.