Poland: Wojciech Wiewiórowski will remain DPC for the second term

The current Polish Data Protection Commissioner (DPC) will remain on his post for another, second term after the Polish Parliament confirmed his nomination on 25 July 2014. The decision did not come as a surprise: Wojciech Wiewiórowski was the only candidate for the post and hasan excellent background for the role. Just like during the previous nomination process four years ago, EDRi member Panoptykon monitored the process, to ensure its transparency to the public. However, as there was only one – undisputed – candidate for the role, the scope of the monitoring activities was reduced.

Next to the Ombudsman and Children’s Ombudsman, the DPC plays a major role in protecting citizens’ rights and freedoms. However, out of those three, it is the DPC that faces the biggest, challenge; defending privacy in the times of global data flows, addressing “service-for-privacy” business model and mass surveillance. Nevertheless, there are quite a few tools that the DPC can use to do his job: participate in legislative process, recommend legal changes, review individual complains, demand that companies change their practices, impose sanctions if they don’t listen, and run awareness raising campaigns.

Although for citizens living in digital environment this role is becoming more and more important, the political standing of the Data Protection Authority (DPA) in Poland seem to lag behind. DPA’s office has to cope with very modest budget (approximately 3,7 million euros) and far from sufficient number of staff (119 people). When presenting his candidacy, Wojciech Wiewiórowski emphasized that his office is facing the urgent need of increasing the budget and number of staff and investing in new office space.

Wojciech Wiewiórowski is a renowned expert in the area of law and new technologies. His record as previous DPC, especially visible engagement in the process of European data protection reform, gives hope that privacy of Polish citizens will be well taken care of for another four years. On the other hand, the DPC’s powers are certainly not sufficient to ensure strong protection of personal data in a globalized, online environment. It is particularly striking from Polish perspective as none of the leading Internet companies, such as Facebook or Google, is subjected to national data protection supervision. Wojciech Wiewiórowski seems to understand well that this situation has to change. He has already made a public statement that Polish law will have to be revised to implement new European legal framework on data protection, which is expected in 2016.

Parliament appointed the new DPC (only in Polish, 25.07.2014) http://panoptykon.org/wiadomosc/sejm-powolal-nowego-giodo

We monitor DPC elections (only in Polish, 07.07.2014) http://panoptykon.org/wiadomosc/monitorujemy-wybory-giodo

Candidate Questionnaire filled in by the re-elected DPC (only in Polish) http://panoptykon.org/sites/panoptykon.org/files/kwestionariusz_dla_kandydata_wybory_giodo_3_07_2014_w_wiewiorowski.pdf

(Contribution by Anna Obem and Katarzyna Szymielewicz, EDRi member Fundacja Panoptykon, Poland)