Poczta Polska SA (Polish Post) – Fine (Poland, 2025)

Fine
Urząd Ochrony Danych Osobowych17 March 2025Poland
overturned
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Poczta Polska SA was fined €6.3 million for improperly sharing personal data of over 30 million citizens during the Covid-19 pandemic. The postal service received sensitive information from the government before the law allowing this was in effect. This ruling stresses the importance of legal compliance when sharing personal data.

What happened

Poczta Polska SA unlawfully disclosed personal data from the PESEL database to the postal service.

Who was affected

Over 30 million Polish citizens whose personal data was shared without proper legal backing.

What the authority found

The Polish data protection authority determined that Poczta Polska violated data protection regulations by disclosing personal data prematurely.

Why this matters

This case serves as a warning to companies about the consequences of sharing personal data without legal authorization. It underscores the need for strict adherence to data protection laws.

GDPR Articles Cited

AI-verified

Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 April 2026
articles corrected
national law identified
amount discrepancy
entity split needed
Poland enforcementUrząd Ochrony Danych Osobowych actionsAll Poczta Polska SA (Polish Post) actions
Full Legal Summary
Detailed

The Polish DPA has imposed a fine of EUR 6.3 million on Poczta Polska SA (Polish Post) for the unlawful disclosure of personal data of over 30 million citizens from the PESEL database, in connection with the planned postal vote during the Covid-19 pandemic. Although the law amending the electoral regulations had not yet come into effect, the Ministry of Digital Affairs transferred sensitive data such as names, addresses, and PESEL numbers to the postal company. The data was only deleted weeks later—too late, according to the DPA, and in violation of data protection regulations. --Update-- The Provincial Administrative Court in Warsaw overturned the DPA's decision. The court argued that, even though the Prime Minister's decision on which the processing had been based was overturned at a later stage, the decision enjoyed the presumption of legality. Therefore, the controller could base its processing on this decision.

Related Enforcement Actions (1)

Other enforcement actions involving Poczta Polska SA (Polish Post) in PL

Fine
Mar 2025· Urząd Ochrony Danych Osobowych

The Polish DPA has imposed a fine of EUR 6.3 million on Poczta Polska SA (Polish Post) for the unlawful disclosure of personal data of over 30 million...

€6.3M
Current
Mar 2025

Fine

Details

Fine Date

17 March 2025

Authority

Urząd Ochrony Danych Osobowych

Enforcement Tracker ID

ETid-699

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Poczta Polska SA (Polish Post) - Poland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: