The law and databases

The legality of a database is tied to satisfaction of a number of regulations governing the protection of personal databases. In the internet and elsewhere you can find a wide range of databases not all of which were acquired in a legal manner and may be used in compliance with the laws in effect.

Accordingly, it is extremely important that any company you cooperate with in the area of database provision and storage be a reliable and solid partner that operates in accordance with the legal regulations in effect in Poland and takes due care to comply with all legal requirements concerning the security and acquisition of such databases.

Criteria that could indicate the illegality of a database:

  • failure to comply with formal requirements and non-possession of the proper documentation by the company providing the database certifying that it comes from a legal source
  • lack of certainty as to whether the persons whose data are included in the database expressed their consent to use their data for marketing purposes and receiving commercial offers
  • lack of documentation concerning the protection of personal databases as required by personal data protection regulations
  • non-registration of personal datasets with GIODO (General Inspector of Personal Data Protection)
  • lack of appropriate security measures for database storage (technical safeguards for computers, servers and systems)

 

Legal regulations concerning the compiling and use of personal data:

 

 

Polish law

  • Personal Data Protection Act of 29 August 1997 (consolidated text: Dz. U. of 2002 r. No. 101, item 926, as amended).
  • Regulation of the Minister of Internal Affairs and Administration of 29 August 2004 concerning documentation of personal data processing and the technical and organizational conditions that should be met by IT devices and systems serving to process personal data.
  • Provision of Services by Electronic Channels Act of 18 July 2002.

 

International law

  • United Nations General Assembly Resolution 34/169: Code of Conduct for Law Enforcement Officials
  • United Nations General Assembly Resolution 45 (95): Guidelines for the regulation of computerized personal data files
  • Council of Europe Convention 108 of 1981: protection of persons in connection with the automatic processing of personal data.
  • General Declaration (UNESCO) on the human genome and human rights of 11 November 1997.
  • Recommendation of the Organization for Economic Co-operation and Development (OECD) of 23 September 1980 concerning guidelines governing the protection of privacy and transborder flows of personal data.

 

European Community law

  • Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (“Directive on electronic commerce”) (OJ L 178, 17.7.2000)
  • Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
  • Directive 97/66/EC of 15 December 1997 of the European Parliament and of the Council Concerning the Processing of Personal Data and the Protection of Privacy in the Telecommunications Sector.
  • Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market.
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
  • Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.