Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Poland: Minister of Digitization presents draft act on combating abuses in electronic communication

The Minister of Digitization presented, on 15 June 2022, for consultation, the draft act on combating abuses in electronic communication, alongside its justification, regulatory impact assessment, and consultation letter. In particular, the draft act obliges telecommunications undertakings to, among other things, take proportionate technical and organisational measures to counteract abuses in electronic communications, block SMS containing 'smishing' content, in accordance with the message pattern provided by the Computer Security Incident Response Team ('CSIRT NASK'), and block voice calls that are intended to impersonate another person or institution.

Furthermore, the draft act outlines in Article 14 that telecommunications undertakings may process and share information, including information covered by telecommunications confidentiality, with the exception of electronic messages, for the purpose of identifying, preventing, and combating abuses in electronic communication, as well as process and share electronic messages for the purpose of identifying, preventing, and combating 'smishing'. Notably, Article 14(4) of the draft act specifies that, for the processing of personal data by telecommunications undertakings, Articles 14 and 15 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') shall not apply to the extent necessary for the identification, prevention, and combating of crimes to the detriment of a telecommunications undertaking.

Additionally, the justification document and regulatory impact assessment both explain the reasons behind the presentation of the draft act, highlighting that, in recent months, attacks against natural persons using telecommunications services have intensified, outlining threats including the phenomenon of 'smishing' whereby scammers pretend to be trusted institutions and try to trick people into revealing their personal data, credit card information, or infect the device by clicking on a link included in the message.

Comments can be submitted via email to [email protected] by 27 June 2022.

You can track the progress of the draft act here and download the draft act here, the justification here, the regulatory impact assessment here, and the consultation letter here, all on only available in Polish. You can also read the press release by the Polish Chamber of Information Telecommunications and Technology, only available in Polish, here.