Poland: analysis of the surveillance system in the context of the last hearing of the European Court of Human Rights


Below is a brief analysis of the surveillance system in Poland in the context of the latest hearing before the European Court of Human Rights.

I. Background to the case

27e of September 2022, a hearing was held in the combined cases Pietrzak v. Poland and Bychawska-Siniarska and others v. Poland (nos 72038/17 and 25237/18). These cases are part of the continuity of the fight for transparency and surveillance of the secret services, which has been going on in Poland for several years. The need to inform data subjects of the actions taken in the context of operational control, as well as the need for an independent control body and appropriate remedies, has been indicated by both the Polish Constitutional Court and the European Court of human rights (eg case No. K 23/11 or cases Zakharov v. Russia, Szabo and Vissy v. Hungary). Despite these rulings, Polish legislators did not implement the relevant changes.

Two complaints were lodged with the ECHR by Polish human rights defenders, namely representatives of the Helsinki Foundation for Human Rights (Dominika Bychawska-Siniarska, Barbara Grabowska-Moroz) in Warsaw and the Panoptykon Foundation (Katarzyna Szymielewicz, Wojciech Klicki), as well as Mikołaj Pietrzak, lawyer and dean of the Warsaw Bar. Although the applicants suspected that they might have been subjected to surveillance, Polish law does not provide any legal guarantee enabling them to obtain information on the use of interception or any other method of surveillance against them.

Irrespective of the fact that complaints to the ECHR relate to individual cases, they are an expression of objection to the lack of adequate procedural safeguards against surveillance in the Polish system, which every citizen needs. According to the applicants, the lack of control and information on the activities of the secret services threatens not only their privacy, but also the legal security of the persons they defend and their relationship with clients, protected by professional secrecy.

Given the ongoing dispute between Poland and the EU over the rule of law in Poland, including the crisis of the Constitutional Court, it was necessary to bring the issue to the international level. It is important to note that the fact that a hearing has been scheduled in this case – which is rare and reserved for cases of great importance – demonstrates the priority of the case for the Court. The ECHR has ruled on similar cases in the past, however, this is the first to come before the Court in oversight against Poland.

II. Legal issue

Currently, surveillance is steadily increasing due to the statutory expansion of secret service capabilities, the almost unlimited range of offenses warranting operational control, and the use of more sophisticated surveillance methods, such as the Pegasus spyware.

The provisions allowing the use of surveillance methods are numerous and scattered in various legal acts. Polish legislation grants more than ten secret services the power to undertake operational control and the use of surveillance, justifying it – among other things – by the need to detect potential threats to national security and to combat terrorism. . However, this last argument seems a bit exaggerated, because – according to the Global Terrorism Index for 2022, Poland remains unaffected by terrorism and is ranked 93rd – the last listed – among the countries affected by terrorism.

The main aspects of the Polish supervisory regime are:

  1. confidential actions undertaken by the secret services may consist of: 1) obtaining and recording the content of conversations conducted by technical means, including by means of telecommunications networks; 2) obtaining and recording images or sounds of people from premises, means of transport or places other than public places; 3) obtain and record the content of correspondence, including correspondence carried out by means of electronic communications; 4) obtaining and storing data contained in computer data carriers, telecommunications terminal equipment, information and data communication systems;
  2. the use of the interception method must be judicially justified – however, in urgent cases, it is initially justified by the prosecutor, and court approval is given within 5 days of the start of operational control;
  3. evidence justifying the need for operational control is presented to the court – but it is the prosecutor who decides which documents must be examined by the court. The judge has no practical means of thoroughly considering the prosecutor’s request. In addition, a court order authorizing the control does not require reasons – unlike a decision of refusal, which requires written reasons and can be appealed. As a result, the system’s solution does not encourage judges (overwhelmed by the number of cases) to carry out a thorough assessment of requests for the use of operational control;
  4. foreigners (suspected of terrorist activities) can however be wiretapped without a judicial warrant;
  5. with regard to telecommunications data, the courts only receive information on the frequency of data collection, in which cases and on what basis – without access to the file, the courts can hardly analyze the statistics (ex post) and assess whether the monitoring method was justified in each particular case. In addition, due to the services’ jurisdiction to contract with telecommunications service providers, they are able to collect such data without the active involvement of the telecommunications service providers, where they deem it reasonable;
  6. unless the evidence gathered during operational monitoring is not used in criminal proceedings, there is no ex-post notification to the subjects of monitoring that they were under surveillance.

The ECHR will assess the compliance of the above aspects of the surveillance regime with the requirements of Articles 8 (right to respect for private and family life) and 13 (right to an effective remedy) of the European Convention on Human Rights.

III. Conclusions after the hearing

The hearing before the ECHR revealed the weaknesses of Polish surveillance laws in terms of respecting the privacy of those under surveillance.

What seems obvious to European privacy lawyers, and what has been pointed out by the applicants’ representative Małgorzata Mączka-Pacholak, as well as by third parties (amici curiae), the notification of the persons who made the urveillance is a necessity in a democratic state. Surprisingly, the government representative suggested that requesters (and anyone else) could obtain information about whether they are under surveillance through an open access to public information request. Since citizens demand access to information about their personal data – which is not public information – this solution simply does not apply. However, in my opinion, the above “offer” can be interpreted as an admission of a lack of transparency in this regard, since the government representative did not refer to other possibilities.

This was even more evident in the questions posed by the judges, aimed at clarifying whether subsequent judicial review of the surveillance procedure would compromise the objectives of operational control, or how the retention periods of acquired data are determined. This last question from the Court seems to be part of a “tendency” of courts to question the retention periods of data processed in the context of surveillance activities, which also poses a problem in the Polish legal system. The questions asked by the judges also aimed to find out about Polish case law and practice. In this regard, the Court asked for statistics on requests for so-called Internet data, as well as whether the decisions of national courts clarified the vague terms justifying the use of interception. Symptomatically, the government representative did not sufficiently address these issues.

The judgment should be rendered within a few months. However, a victory for the applicants could potentially trigger a flood of similar complaints from people exposed to surveillance, who – unlike the applicants here – could seek financial compensation.

However, it is possible that Polish surveillance regulations will also be reviewed by the CJEU. Polish journalist Ewa Siedlecka sued Poland for the protection of her personal rights for not informing her if she had been subjected to surveillance. In the case, she asks the CJEU for a preliminary ruling on whether Polish legislation, which does not provide for an obligation to inform about surveillance, nor the right to know if someone has been subjected to surveillance , is compatible with EU law.

As a lawyer specializing in data privacy, as a lawyer bound by professional secrecy and professional secrecy, and finally as a citizen, I await the judgment of the ECHR (and perhaps the judgment of the CJEU), in the hope of changes in the Polish surveillance legislation.


About Author

Comments are closed.