The National Public Prosecutor's Office (Prokuratura Krajowa) – €19,550 Fine (Poland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A press conference was organized by the National Public Prosecutor's Office (Prokuratura Krajowa), the controller. During the conference, the controller’s employee disclosed the facts of the case and personal data of injured person (a data subject) involved in criminal proceedings before one of regional courts in Poland. The employee read fragments of the final ruling. The disclosed data amounted to name, surname, the status of injured party, the criminal offence suffered by the data subject, data concerning health. A third-party informed the Polish DPA (UODO) about the incident. The DPA started ex officio proceedings. Neither the DPA nor the data subject were informed about the incident by the controller. The controller explained the personal data disclosed during the press conference were heard in proceedings in court. Hence, the data were already known to the public. The controller processed the data referring to the criminal proceedings at hand in order to verify basis for potential extraordinary appeal (skarga nadzwyczajna) by the Attorney General (Prokurator Generalny). The controller quoted Article 12 para 2 of [https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160000177 the Law on Public Prosecutors] (Prawo o prokuraturze) ) to be a legal basis for disclosure of information referring to activities of public prosecutors, to media and public opinion. According to the controller the aforementioned provision excluded from disclosure only classified information, and the data at hand were not of that kind. Moreover, the controller claimed the GDPR was not applicable, since the main activity of the public prosecutors was covered by provisions of [https://isap.sejm.gov.pl/isap.Nsf/download.xsp/WDU20190000125/U/D20190125Lj.pdf the Law on data protection for the purposes of the prevention and prosecution of criminal] offence (Ustawa o ochronie danych osobowych przetwarzanych w związku z zapobieganiem i zwalczaniem przestępczości). The DPA found the controll
GDPR Articles Cited
National Law Articles
A press conference was organized by the National Public Prosecutor's Office (Prokuratura Krajowa), the controller. During the conference, the controller’s employee disclosed the facts of the case and personal data of injured person (a data subject) involved in criminal proceedings before one of regional courts in Poland. The employee read fragments of the final ruling. The disclosed data amounted to name, surname, the status of injured party, the criminal offence suffered by the data subject, data concerning health. A third-party informed the Polish DPA (UODO) about the incident. The DPA started ex officio proceedings. Neither the DPA nor the data subject were informed about the incident by the controller. The controller explained the personal data disclosed during the press conference were heard in proceedings in court. Hence, the data were already known to the public. The controller processed the data referring to the criminal proceedings at hand in order to verify basis for potential extraordinary appeal (skarga nadzwyczajna) by the Attorney General (Prokurator Generalny). The controller quoted Article 12 para 2 of [https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160000177 the Law on Public Prosecutors] (Prawo o prokuraturze) ) to be a legal basis for disclosure of information referring to activities of public prosecutors, to media and public opinion. According to the controller the aforementioned provision excluded from disclosure only classified information, and the data at hand were not of that kind. Moreover, the controller claimed the GDPR was not applicable, since the main activity of the public prosecutors was covered by provisions of [https://isap.sejm.gov.pl/isap.Nsf/download.xsp/WDU20190000125/U/D20190125Lj.pdf the Law on data protection for the purposes of the prevention and prosecution of criminal] offence (Ustawa o ochronie danych osobowych przetwarzanych w związku z zapobieganiem i zwalczaniem przestępczości). The DPA found the controll
Related Enforcement Actions (0)
No other enforcement actions found for The National Public Prosecutor's Office (Prokuratura Krajowa) in PL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 September 2024
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€19,550
85,000 PLN
GDPRhub ID
gdprhub-8248About this data
Cite as: Cookie Fines. The National Public Prosecutor's Office (Prokuratura Krajowa) - Poland (2024). Retrieved from cookiefines.eu
Last updated: