At the end of January a group of Members of Parliament submitted a motion to the Polish Constitutional Tribunal to assess the constitutionality of certain provisions of the Polish Telecommunications Act (Prawo telekomunikacyjne) concerning the retention of telecommunications data in connection with rules authorizing the police and other law enforcement agencies to access such telecommunications data.
The case is particularly interesting because the provisions of the Telecommunications Act at issue transpose the Directive 2006/24/EC on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks (so-called Data Retention Directive). The telecommunications data in question include traffic data, location data and data necessary to identify a subscriber or a user. The Data Retention Directive is a controversial piece of regulation and raises concerns of privacy watchdogs all over Europe. National implementing measures were subject to scrutiny of constitutional courts in Germany and Romania, and a case concerning the Directive itself was brought before the European Court of Justice by Ireland (case C-301/06). It was argued that the choice of legal basis for the adoption of the Directive was inappropriate and that it should have been adopted as a framework decision under the previous 3rd pillar regime. The Court, however, held otherwise, ruling that it pertains principally to the functioning of the internal market.
It should be first of all noted that the applicants do not question the legality of data retention itself, but in connection with rules pertaining to the authorization of the police, the internal security agency, the intelligence services and other law enforcement agencies to access such data and process them. Under the current Polish legal framework these agencies have a right to access telecommunications data without a court order, by means of a law enforcement officer’s simple request. The data can be made available to these agencies via electronic means. Therefore there is no judicial control over the agencies’ access to, and use of, telecommunications data. In the opinion of the Members of Parliament who submitted the motion, such rules are contrary to the following constitutional principles: the democratic state subject to the rule of law, the protection of private and family life, the freedom of privacy of communications, the general prohibition of collection of information by the public authorities on the citizens beyond what is necessary in a democratic state subject to the rule of law, as read with the principle that fundamental rights can only be limited to the extent necessary in a democratic state subject to the rule of law, and where it is essential for reasons such as public security and public order. In other words, the applicants consider the norms allowing for an uncontrolled and basically unlimited access to telecommunications data by law enforcement agencies non-proportionate to the aims pursued. In the view of the Members of Parliament situations where data can be requested are defined too broadly, which could result in abuse of power and infringement of personal rights and freedoms of the citizens.
Concerns about Polish regulations pertaining to an all-too-easy access to telecommunications data by law enforcement agencies was also voiced by the Polish Ombudsman and the Personal Data Protection Supervisor.
According to statistical data gathered by the Polish Office for Electronic Communications (and made public by an NGO), Poland is the European leader in terms of requests for telecommunications data by law enforcement agencies – in 2009 they requested such data over a million times, which translates into an average of 27.5 requests per 1000 inhabitants. The next most ‘active’ law enforcement agencies in the EU are those of the Czech Republic with 10 requests per 1000 inhabitants, while in Germany this rate is 0.2 per 1000 inhabitants.
It is not yet sure whether the Constitutional Tribunal will in fact examine the issue of data retention and population surveillance as the term in office of the Members of Parliament who submitted the motion will come to an end in November this year. By law, if the Tribunal does not rule on the issue by then, the case will be discontinued.