The National Public Prosecutor's Office (Prokuratura Krajowa) – €19,550 Fine (Poland, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The National Public Prosecutor's Office in Poland disclosed personal information about a crime victim during a press conference. This breach of privacy matters because it shows the importance of protecting individuals' sensitive data, especially in legal matters. The office was fined for not following proper data protection rules.
What happened
The National Public Prosecutor's Office revealed personal data of a crime victim during a press conference.
Who was affected
The individual whose personal data was disclosed, a victim involved in criminal proceedings.
What the authority found
The Polish data protection authority found that the office had no valid legal basis for disclosing the personal data, violating GDPR requirements.
Why this matters
This case highlights the need for public institutions to handle personal data carefully, especially in sensitive situations. It serves as a reminder for all organizations to ensure they have proper consent before sharing personal information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
A press conference was organized by the National Public Prosecutor's Office (Prokuratura Krajowa), the controller. During the conference, the controller’s employee disclosed the facts of the case and personal data of injured person (a data subject) involved in criminal proceedings before one of regional courts in Poland. The employee read fragments of the final ruling. The disclosed data amounted to name, surname, the status of injured party, the criminal offence suffered by the data subject, data concerning health. A third-party informed the Polish DPA (UODO) about the incident. The DPA started ex officio proceedings. Neither the DPA nor the data subject were informed about the incident by the controller. The controller explained the personal data disclosed during the press conference were heard in proceedings in court. Hence, the data were already known to the public. The controller processed the data referring to the criminal proceedings at hand in order to verify basis for potential extraordinary appeal (skarga nadzwyczajna) by the Attorney General (Prokurator Generalny). The controller quoted Article 12 para 2 of [https://isap.sejm.gov.pl/isap.nsf/DocDetails.xsp?id=WDU20160000177 the Law on Public Prosecutors] (Prawo o prokuraturze) ) to be a legal basis for disclosure of information referring to activities of public prosecutors, to media and public opinion. According to the controller the aforementioned provision excluded from disclosure only classified information, and the data at hand were not of that kind. Moreover, the controller claimed the GDPR was not applicable, since the main activity of the public prosecutors was covered by provisions of [https://isap.sejm.gov.pl/isap.Nsf/download.xsp/WDU20190000125/U/D20190125Lj.pdf the Law on data protection for the purposes of the prevention and prosecution of criminal] offence (Ustawa o ochronie danych osobowych przetwarzanych w związku z zapobieganiem i zwalczaniem przestępczości). The DPA found the controll
Related Enforcement Actions (0)
No other enforcement actions found for The National Public Prosecutor's Office (Prokuratura Krajowa) in PL
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 September 2024
Authority
Urząd Ochrony Danych Osobowych
Fine Amount
€19,550
85,000 PLN
GDPRhub ID
gdprhub-8248About this data
Cite as: Cookie Fines. The National Public Prosecutor's Office (Prokuratura Krajowa) - Poland (2024). Retrieved from cookiefines.eu
Last updated: