Data protection concerns are gaining traction in Poland, with significant discussions revolving around the usage and restrictions of the PESEL number. Recently, Mirosław Wróblewski, the head of the Office for Personal Data Protection (UODO), urged the Ministry of Digitalization to implement changes related to qualified electronic signatures. His call is underscored by growing apprehensions about data security, particularly following the recent data leak from EuroCert.
Under existing regulations, Wróblewski pointed out, the identification code of certificates should rely on numbers from public registries, which effectively enables the distinct identification of individuals using qualified electronic signatures. Nevertheless, as he emphasized, there is no requirement stipulated by these regulations for the use of the PESEL number, Poland's national identification number.
This raises concerns about the necessity of PESEL number usage amid the growing need for stronger data protection laws. Wróblewski extended his offer for expert assistance to develop regulations aimed at strengthening data protection levels, indicating the urgency of revising current systems. The focus now shifts to ensuring individuals’ personal data is adequately safeguarded against potential misuse.
The significance of Wróblewski's address is magnified by discussions about article 6o of the Act on Maintaining Cleanliness and Order within Municipalities. This provision pertains to verifying declarations made by property owners, especially concerning their obligations to pay waste management fees. This provision was intended to assist municipalities in validating the reliability of waste declarations submitted by residents. Yet, it has unintentionally complicated verifying the resident count within households, leading to discrepancies reaching as high as 16% between reported and actual residents as per data from GUS, the Central Statistical Office of Poland.
To address this, the Ministry of Climate and Environment (MKiŚ) proposed amendments to this regulation, aiming to broaden access to data from registries for verifying waste declarations. The proposal would allow local authorities to process the necessary information contained within their agency databases, municipal organizational units, and utility companies, including information from the PESEL registry.
While the UODO president supports the revisions, he has expressed concerns over the legal basis regulating personal data processing. He stated, “While I welcome the proposal to amend this provision, the drafted Article 6o still does not satisfy the requirements of properly established legal reasons for processing personal data.” He emphasized the lack of clarity and precision surrounding the entities permitted to access such details needed to verify waste declarations.
This legislative concern brings to light another pressing issue surrounding PESEL numbers. Starting June 1, 2024, Polish financial institutions will be required to verify client PESEL numbers before granting loans or signing credit agreements. This change was announced amid growing concerns over identity theft and the need for heightened security measures within the financial sector. Notaries and telecommunications operators will also check whether the PESEL number is flagged.
The Ministry of Digitalization has highlighted the usability of the mObywatel app, which enables individuals to flag their PESEL numbers to avert identity theft. Individuals who have flagged their PESEL numbers will now need to unflag it for larger cash withdrawals exceeding three times the minimum wage, currently set at 12,900 PLN. The regulatory aim is to help people avoid catastrophic consequences stemming from identity theft, including unauthorized loans acquired under stolen identities.
Importantly, this flagging of the PESEL number doesn't obstruct current usage for activities such as entering legal contracts, receiving medical services, or participating in elections. Users retain access to their personal data, ensuring regular activities are unaffected.
For those wishing to conduct significant financial activities like opening new bank accounts or applying for loans, unflagging the PESEL number becomes mandatory. This measure addresses the growing multifaceted identity risks amid advancing technology. Ministerial authorities firmly believe these alterations, though requiring careful implementation, will align with broader efforts to strengthen data protection laws and secure personal data against misuse.
The importance of these discussions cannot be overstated. With Poland's increasing digital footprint, the balance between convenience and security remains delicate, necessitating consistent dialogue among policymakers and data protection authorities. The iterative processes of cutting-edge data protection regulations will shape how personal identity and sensitive data are handled.
Overall, as these systems evolve, the need for clarity, legal accuracy, and practical usability signifies the changing times surrounding data management and security protocols. How the Polish government and relevant authorities navigate these changes remains to be seen, but the stakes have never been higher. The effective implementation of modified regulations could set precedents for national and international approaches to data protection and identity security.