EPIC --- Privacy and Human Rights Report
|Title Page Previous Next Contents | Country Reports >Republic of Poland|
The Polish Constitution recognizes the rights of privacy and data protection. Article 47 states, "Everyone shall have the right to legal protection of his private and family life, of his honor and good reputation and to make decisions about his personal life." Article 49 states, "The freedom and privacy of communication shall be ensured. Any limitations thereon may be imposed only in cases and in a manner specified by statute." Article 51 states, "(1) No one may be obliged, except on the basis of statute, to disclose information concerning his person. (2) Public authorities shall not acquire, collect nor make accessible information on citizens other than that which is necessary in a democratic state ruled by law. (3) Everyone shall have a right of access to official documents and data collections concerning himself. Limitations upon such rights may be established by statute. (4) Everyone shall have the right to demand the correction or deletion of untrue or incomplete information, or information acquired by means contrary to statute. (5) Principles and procedures for collection of and access to information shall be specified by statute."
The Law on the Protection of Personal Data (LPPD) was approved in October 1997 and took effect in April 1998. The law is based on the European Union (EU) Data Protection Directive (1995/46/EC). Under the Law, personal information relating to identity may only be processed upon the fulfillment of at least one of the conditions the LPPD requires to be met for lawful personal data processing. Special rules are provided for the processing of sensitive data, which is defined as data relating to race, ethnic origin, religion or philosophical beliefs, political opinions, party or trade-union membership, as well as the processing of data concerning health, genetic code, addictions or sexual preferences, convictions, and other decisions issued in court or administrative proceedings. Everyone has the right to control the processing of his or her personal data contained in the filing systems, and has the right to be informed whether such databases exist and who administers them; queries should be answered within thirty days. Upon finding out that data is incorrect, inaccurate, outdated or collected in a way that constitutes a violation of the Act, citizens have the right to request that the data be corrected, filled in or withheld from processing. Personal information cannot generally be transferred outside of the European Economic Area unless the third country has "comparable" protections. The law sets out administrative and criminal sanctions for violations. A 1998 regulation from the Minister of Internal Affairs and Administration set out standards for the security of information systems that contain personal information, but was replaced by the regulation of 2004.
In August 2001, the Act was amended in order to bring it into full compliance with the EU Data Protection Directive. Among other changes, the amendment redefined the term "personal data;" introduced a new provision relating to final decisions issued solely on the basis of automated processing of personal data; introduced a new provision on data processing in relation to performance of a contract; adjusted the lawful processing provision; and inserted a scientific research clause. On May 1, 2004, the day of Poland's accession to the European Union, the Amendments to the Act on the Protection of Personal Data entered into force. These amendments brought into effect the regulation regarding the prior checking of sensitive data, the transfer of personal data to a third country, and specified some of the controller's duties.
The Inspector General enforces the LPPD. Ewa Kulesza was appointed as the first Inspector General for the Protection of Personal Data by the Polish Parliament in April 1998 and continues to hold the post. Her second 4-year term ended in May 2006. The current Inspector General is Michał Serzycki.
The Inspector General has six central duties: to supervise compliance of data processing with the provisions on the protection of personal data; to consider complaints and issue administrative decisions; to comment on proposed new laws and regulations that impact upon data protection; to maintain a central registry of databases; to initiate and undertake activities to improve the protection of personal data; and to participate in the work of international organizations and institutions involved in personal data protection. The Inspector General for Personal Data Protection is an independent authority and performs her duties assisted by the Bureau of the Inspector General (Bureau). The functioning of the Bureau is determined by regulation of the President of the Republic of Poland. The Bureau secures performing the tasks due to the Inspector General's power conferred upon by the Act and other provisions in force.
Registration details must include the name and address of the data controller, the scope and purpose of the data processing, methods of collection and disclosure, and the security measures. The specimen of a notification of the data filing system to registration by the Inspector General is constituted in the Appendix to the Regulation of April 29, 2004. An Inspector has the right to access data, check data transfer and security systems, and determine whether the information gathered is appropriate for the purpose that it is supposed to serve. The office monitors the activities of all central government, local government and private institutions, individuals and corporations.
From January to August 2007, the Bureau of the Inspector General received 387 complaints that were investigated by the employees of the Bureau. Administrative proceedings initiated by the individual complaint are subject to the duty of fulfilling the requirements stipulated by the Code of Administrative Procedure or by the Act of September 9, 2004 on Stamp Duty. The Code of Administrative Procedure, which by the power of Article 22 of the LPPD is applicable to all proceedings conducted by the Inspector General unless the LPPD states otherwise, provides that any case should be investigated within a one month period. However, in complicated cases this period can be prolonged up to two months.
The entire proceeding is conducted solely in writing. The authority addresses the entities, which according to the complainant have breached provisions of the LPPD, with a request for explanations and for any documents confirming the right to process personal data of the complainant. Once the documentation has been collected, the evidence is analyzed. If there is a recognized breach of provisions on personal data protection, the Inspector General orders, by means of administrative decision, restoration of the proper legal state.
The Inspector General for Personal Data Protection, pursuant to the provisions of the LPPD, may also react on the breach of the Act by initiating disciplinary proceedings or notification of crime commitment. From January to August 2007, the Inspector General issued 221 administrative decisions and 14 notifications of crime commitment. In addition, the Complaints Department may, in case of individual complaints and in cases conducted ex officio, request that the Inspection Department inspect the premises of the data controller against whom the proceedings are being conducted. The inspectors of the Bureau carried out 89 inspections so far in 2007.
In the Polish personal data protection legal system it is the Inspector General that registers personal data files (also referred to as personal data filling systems) and not the controllers themselves. In the surveyed period the Inspector General registered in the preliminary registry 1.348 personal data filing systems.
The separate category of administrative decisions pertains to the registration of personal data filling systems. In this regard the Inspector General issued 360 decisions: 70 decisions on denial of registration of the data filing system, 18 decisions on discontinuing the proceedings, and 103 decisions on striking of the filing system from the registry.
The Bureau also maintains close relationships with the data protection authorities in other central and eastern European countries. In December 2001, the Data Protection Commissioners from the Czech Republic, Hungary, Lithuania, Slovakia, Estonia, Latvia, and Poland signed a joint declaration agreeing to closer cooperation and assistance. The Commissioners meet twice a year.
On May 1, 2004, the Inspector General became a member of the Article 29 Working Party. Since November 1, 2004, Poland has also been a party to the Europol Convention and the Europol Joint Supervisory Body. Currently Poland is in the course of becoming a party to the Convention on the Use of Information Technology for Customs Purposes; the Convention will come into force in Poland on October 10, 2007.
There are sectoral laws in place to deal with the processing of medical and financial data. The 1996 Act on the Profession of a Doctor imposes a duty of confidentiality in relation to patient information on medical professionals, subject to certain exceptions. The Constitutional Tribunal ruled in March 1998 that requiring doctors to identify, on sick leave certificates, the disease of the patient violated patients' right to privacy. The Banking Act of 1997 imposes a requirement of secrecy on banks in relation to an individual's banking activities and identity, and limits the exchange and disclosure of personal data among banks and third parties except for the purpose of assessing credit risks or investigating fraud. However, broad exemptions are granted to state entities. In April 2000, the Constitutional Tribunal dismissed a challenge to the rights of Polish tax authorities to request confidential information about any individual's bank accounts, bonds and securities. The court held that these powers were important in the fight against bribery and money laundering.
Chapter 33 of the 1997 Penal Code, "Offences against the Protection of Information," deals, among other things, with computer related offences. Unauthorized access to computer systems, computer eavesdropping, interference with data, and computer sabotage are crimes punishable by up to eight years' imprisonment. The code also prohibits telecommunications fraud, the handling of stolen software, computer espionage, and causing harm from interference with automatic data processing.
In 2006, the European Court of Human Rights found that the monitoring and censorship of an inmate’s correspondence violates Article 8 of the European Convention on Human Rights. According to the Court’s case law, while the opening of a letter from a lawyer, if the prison authorities have reasonable cause to believe that it contains an illicit enclosure and when suitable guarantees are provided, may be permitted, no compelling reasons were found to exist for the opening of letters as a matter of course. The Court reiterated, “it is important to respect the confidentiality of its correspondence since it may concern allegations against prison authorities or prison officials. The opening of letters [...] undoubtedly gives rise to the possibility that they will be read and may conceivably, on occasion, also create the risk of reprisals by prison staff against the prisoner concerned.”
On October 12, 2004, the Supreme Administrative Court delivered a significant judgment concerning the transfer of personal data. This judgment followed the cassation claim against the decision of the Regional Administrative Court examining the legality of the decision of the Inspector General for Personal Data Protection. The Court in its decision has affirmed the illegality of the transfer of debtor’s personal data (as a result of the transfer of receivables) to a debt collection company without a prior approval of the debtor. Inspector General has decided that any transfer of personal data must be preceded by an individual consent of the debtor. The fact that Polish law allows for the transfer of receivables does not constitute a sufficient justification for making personal data available to third parties without the approval of the debtor. It is also insufficient to reserve such a right in the model contract. Both the Regional and Supreme Administrative Courts have shared this view.
However, in the judgment of December 16, 2004, the Supreme Administrative Court adopted a different standpoint. The Court decided that transfer of receivables can be considered as a legitimate interest of the data controller and the transfer of data of the data subject is allowed without his or her consent. After a long deliberation, the Supreme Administrative Court (composed of seven judges) in the judgment of June 6, 2005, revoked the view expressed in the judgment of December 16, 2004. Therefore, it has been established that the processing or the transfer of personal data within the transfer of receivables does require the consent of the data subject. The lack of consent cannot be justified by a legitimate interest of the data controller.
The Government of Poland carries out a large number of wiretaps with limited oversight. Under the Criminal Code, the use of wiretaps shall be authorized by the court, after an appropriate motion by the Prosecutor. The Minister of Justice, in consultation with the Minister appropriate for the communication issues, the Minister of Defense and the Minister appropriate for the internal affairs, specified, in the way of the regulation the manner of the control and technical requirements of wiretaps and how to carry out the wiretap. The law specifies for which cases the interception of communications may be authorized. In exceptional cases, the police may initiate a wiretap at the same time as they apply for authorization. Furthermore, under the Police Code, electronic surveillance may be used for the prevention of crime as well as for investigative purposes. The government does not usually release statistics on the number of wiretaps applied for and authorized, tending to view this as a state secret. In 1997, the reports of numbers of wiretaps varied from 2,000 to 4,000. There are unsubstantiated reports that these numbers increased further in 1999 and 2000. The United States Department of State, in its annual Country Reports on Human Rights Practices, has been consistently critical of high number of wiretaps authorized in Poland. In its most recent report, the US government agency wrote, “the law allows electronic surveillance for crime prevention and investigations. There was no independent judicial review of surveillance activities, nor was there any control over the use of information obtained by monitoring private communications. A number of government agencies had access to wiretap information.”
Various proposals to expand law enforcement surveillance capabilities over the last few years have been put forward. In July 2001, amendments to the Police Act gave the police increased powers to monitor individuals in public places including through the use of video surveillance. The International Helsinki Committee noted in its 2002 report that the amendments "were dubious in terms of the right to privacy." The Ministry of Internal Affairs and Administration announced in January 2000 that it was setting up a new unit of 1,500 officers to combat organized crime, based on the United States Federal Bureau of Investigation. The new unit will have the power to conduct electronic surveillance and create extensive databases. Efforts to require all service operators (including mobile phone and Internet Service Providers) to install equipment, to facilitate this increased monitoring, are also going forward. There are serious concerns within the Bureau about the Polish Executive Regulation of February 22, 2003, adopted pursuant to the Telecommunications Law. The provisions of this regulation impose upon telecommunications network operators the obligation to ensure the public security bodies have access to information sent through telecommunications networks for the purpose of national defense, state security and public order.
Amendments to the Police Act have been made by the Telecommunication Act. They focus on disclosing and processing a caller ID by the Police. The amendments also concern network terminals and/or telecom devices used in the connection, data generated during the connection or attempts to connect to particular telecom devices or network terminals, and the circumstances and a type of connection. Currently they may be disclosed to and processed by the Police only in order to prevent or detect a crime. The above-mentioned data may be disclosed at a written request by the Police Commander in Chief and/or a Regional Commander, or at an oral request of a policeman having a written authorization of the above-mentioned authorities. Telecom operators shall disclose to the policemen the data mentioned in the request of an appropriate Police unit. Materials obtained by the Police, which contain information relevant to the criminal proceedings, are transferred to the office of the prosecutor of relevant competence. Materials obtained by the Police, which do not contain information significant to criminal proceedings, shall be immediately destroyed by a specially formed committee, which shall also provide officially recorded evidence of the destruction. Data shall be disclosed to the Police at the cost of a telecommunications operator. Despite the opinions of the Police and state security services, operators are not obliged to register (identify) the pre-paid users. However, after bomb attacks in Madrid and London, a new legislation in this regard is at the preparatory stage.
In December 2005, an amendment to the Telecommunications Act introduced mandatory telephony data retention for 2 years, after which time the service provider has the choice of either destroying or anonymizing the data. The original draft called for a 15-year retention period, and local investigators had stated that they were unable to effectively prosecute corruption without telephony billing data from the last 4 years. This prompted criticism from NGO ISOC Poland as well as the Inspector General for the Protection of Personal Data. A retention period of 15 years is clearly out of step with the EU Data Protection Directive. The EU Data Retention Directive adopted in 2006 calls for retention periods of between 6 months and 2 years.
In February 2003, legislation was enacted exempting officials from the law of "lustration" if they cooperated with intelligence and counterintelligence agencies. The law of lustration is designed to expose collaborators with the Communist-era secret police by requiring sworn affidavits that may be reviewed by a court. The Constitutional Tribunal in June 2003 found the legislation to be procedurally unconstitutional, but a new, similar law was enacted in October.
The information about cooperation with above mentioned intelligence and counterintelligence agencies are gathered by the Institute of National Remembrance (Instytut Pamieci Narodowej -IPN). IPN is authorized to reveal such information in the cases specified by the Act of 18th December 1998 on IPN. The Inspector General for Personal Data Protection has pointed out that the legal conditions of disclosure of the data are unclear. An inspection by the Inspector in 2005 revealed that the IPN had not notified their data filing systems for registration with the Inspector. The Inspector issued a decision which orders the remedying of several areas of noncompliance. The order was appealed and awaits settlement in the Supreme Administrative Court.
The Constitutional Tribunal (Trybunal Konstytucyjny - TK) also found unconstitutional, in April 2004, an act regarding the Internal Security and Intelligence Agencies that allowed officers to observe and record events in public places. Public groups had opposed the act on numerous grounds, including that it violated the right to privacy. According to a recent decision of the TK, the powers of Polish fiscal inspectors are too extensive. They were broadened by the 2003 Act on Provincial Fiscal Courts and will expire in 2006. At present, fiscal inspectors have nearly unlimited rights to collect, store and use personal information, register events in public places, install tapping devices, and register call attempts. The information obtained in this way can be archived and stored even after it becomes useless for the inspectors. The Act has been appealed against by MPs from Law and Justice (Prawo i Sprawiedliwosc - PiS) and the League of Polish Families (Liga Polskich Rodzin - LPR). In their opinion, fiscal inspectors are currently capable of collecting personal information in a secret and uncontrolled manner, which infringes the constitutional right of privacy. The TK agreed that such powers should only be available to the inspectors in special circumstances.
Poland has given priority to the fight against organized crime. The Police Act was amended in August 2001 to give the police more operational powers (authorization to check bank and insurance accounts of suspects). Considerable efforts were made to equip the police with the latest technological tools (the central automated system for identifying fingerprints was extended to regional and local levels).
Controversy still surrounds the expanded national identification (ID) system. The Electronic Census System (PESEL) number, which has been issued since the mid-1970s, is the biggest collection of personal data in Poland. Every identity card contains a PESEL number, which is a confirmation of the owner's date of birth and sex. The system is fully computerized. The Government began issuing the new ID cards in January 2001. In August 2006, the PESEL II Steering Committee was formed to develop a two-stage identification card implementation that includes biometric storage. Stage II, the “pl.ID” project envisions a Polish ID biometric card that will be implemented during 2008-2013.
Physicians in Poland instituted a protest against the latest use of the PESEL number. A new law requires that all prescriptions must be equipped with the PESEL number of the patient in order to qualify for reimbursement. A new prescription will not be honored by pharmacies unless the physician physically writes a PESEL number on it.
In June 2007, the municipality of Auschwitz installed the largest CCTV surveillance system for centralized monitoring of schools and municipality in Poland. The system covers four schools and the city center. The first stage of the project involves 19 cameras, including four cameras in each school. Live video streams from schools and city center are transmitted over radio networks to the monitoring center based in the city’s police department.
The Polish Constitution sets out the necessary foundations for the NGOs existence in the articles 12 and 58. The two basic types of non-governmental organizations in Poland are associations and foundations, regulated respectively by the Law on Associations and the Law on Foundations.
The Polish history of relations between the government and the civil society groups is quite brief. It was only after 1989 when a development of civil society began. Thus, even though Poland is now the EU Member State, there have not been any significant developments in this area. Civil society is still weak and its influence on policy making is relatively small.
Legal grounds for the cooperation between the public authorities and the NGOs are established in the Act on Public Benefit and Volunteer Work. This act provides a framework for such cooperation. It also imposes an obligation on public administration to cooperate with the NGOs in the field of public tasks. This obligation concerns cooperation not only with “public benefit organizations” but also all with other NGOs involved in the area of public tasks.
However, recent efforts to train and organize NGOs has resulted in better cooperation and communication. The NGO web portal, NGO.pl, consists of an NGO database, forum and links to funding and partnership opportunities.
The Parliament approved the Act on Access to Public Information in September 2001. It went into effect in January 2002. The Act creates a presumption of access to information held by all public bodies, private bodies that exercise public tasks, trade unions, and political parties. The bodies are also required to publish material online. There are exemptions for official or state secrets, confidential information, personal privacy, and business secrets. Appeals are made to a court. In July 2003, the Polish Access to Public Data Bill came into force, requiring thousands of public institutions, such as local government, political parties and schools, to put public information on Web sites. The Public Data Bulletin, a system of Internet sites, serves to collect these informational sites in one place.
Poland enacted the Classified Information Protection Act in January 1999 as a condition to entering North Atlantic Treaty Organization (NATO). The act covers classified information or information collected by government agencies whose disclosure "might damage interests of the state, public interests, or lawfully protected interests of citizens or of an organization." There have also been efforts to deal with the files of former employees of the communist era secret police. A law creating a National Remembrance Institute (IPN) to allow victims of this secret police agency access to records was approved by the Parliament in October 1998. The files were opened to the public in February 2001. The Screening Act of 1997 created a special commission to examine the records of government officials who might have collaborated with the secret police. The Commission began work in November 1998. Under the Data Protection Act, individuals have the right to access and correct records that contain personal information about them from both public and private bodies. However, in November 2003 the government asked Parliament to amend the law on the protection of secret information; that amendment introduces 64 forms of information to be declared top secret and classified. The amendment also allows officers to mark any information as classified that might be "inconvenient" for them.
Poland is a member of the Council of Europe (CoE) and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms. In May 2002, it ratified the CoE Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108). In November 2001, it signed, but has not ratified, the CoE Cybercrime Convention (ETS No. 185). Poland is a member of the Organization for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. In November 2001, Poland ratified the United Nations Convention of 2000 against Transnational Organised Crime (the Palermo convention). Poland has also yet to sign the Council of Europe Convention on Computer-related Crime. On May 1, 2004, Poland joined the European Union.
 The Constitutional Act of 1997, English version available at <http://www.kprm.gov.pl/english/97.htm>.
 Law on the
Protection of Personal Data, Dz.U. nr 133, poz. 833, October 29, 1997. Unified
text available in the Journal of Laws of 2002 No. 101, item 926 with later
 "The Info Boom's Murky Side," Warsaw Voice, November 9, 1997.
 The Regulation of June 3, 1998, by the Minister of Internal Affairs and Administration as regards Establishing Basic, Technical and Organizational Conditions Which Should Be Fulfilled by Devices and Information Systems Used for the Personal Data Processing, Journal of Laws, June 30, 1998, No. 80, item 521.
 Regulation of April 29, 2004, by the Minister of Internal Affairs and Administration as regards personal data processing documentation and technical and organisational conditions which should be fulfilled by devices and computer systems used for the personal data processing, Journal of Laws 2004, No. 100, item 1024.
 Act of
August 25, 2001, amending the Act on Personal Data Protection, Journal of Laws,
No. 100, item 1087.
 See <http://www.giodo.gov.pl/259/id_art/195/j/en/>. The text of the Amendment to the Act is available on the Web site <http://www.giodo.gov.pl/272/j/en/>.
 The Regulation of May 29, 1998 by the President of the Republic of Poland. As regards granting the statutes to the Bureau of the Inspector General for the Protection of Personal Data, Journal of Laws 1998, No. 73, item 464 with later amendments, available at <http://www.giodo.gov.pl/272/j/en/>.
 "A One-Woman Orchestra," Warsaw Voice, June 21, 1998.
 Bureau of the Inspector General Statistics page <http://www.giodo.gov.pl/241/j/en/>.
 Convention on the Use of Information Technology for Customs Purposes, Ratification Details <http://www.consilium.europa.eu/cms3_Applications/applications/Accords/details.asp?cmsid=297&id=2003026&lang=EN&doclang=EN>.
 "Constitutional Tribunal Allows Treasury to Screen Bank Accounts," Polish News Bulletin, April 12, 2000.
 Andrzej Adamski, "Computer Crime in Poland: Three Years' Experience in Enforcing the Law," presented to the Council of Europe Conference on Cybercrime, Budapest, November 2001, available at <http://www.coe.int/T/E/Legal%5FAffairs/Legal%5Fco%2Doperation/Combating%5Feconomic%5Fcrime/Cybercrime/International_conference/3National_reports.asp#TopOfPage>.
 Drozdowski v. Poland, (Application no. 20841/02) Eur. Ct. H. R. (2005), available at <http://cmiskp.echr.coe.int/tkp197/viewhbkm.asp?action=open&table=F69A27FD8FB86142BF01C1166DEA398649&key=11694&sessionId=1710587&skin=hudoc-en&attachment=true>.
 Number of the judgment: OSK 769/04.
 Number of the judgment: sygn. I OPS 2/05.
Regulation of June 24, 2003 by the Ministry of
 Some Remarks on Human Rights Protection in Poland (in connection with the fourth periodic report of Republic of Poland on implementation of the International Covenant on Civil and Political Rights), Helsinki Foundation for Human Rights, available at <http://www.hfhrpol.waw.pl/en/index.html>.
 US State Department Human Rights Report 2006 - Poland, available at <http://www.state.gov/g/drl/rls/hrrpt/2006/78832.htm>.
 US State Department Human Rights Report 2003 - Poland, available at <http://www.state.gov/g/drl/rls/hrrpt/2003/27858.htm>.
International Helsinki Federation for Human Rights, "Human Rights in the OSCE
Region: The Balkans, the Caucasus, Europe, Central Asia and North America,"
Report 2002 (events 2001) available at
 "New Police Unit to Combat Organised Crime," Polish News Bulletin, January 4, 2000.
 The Regulation of January 24, 2003 by the Minister of Infrastructure – Journal of Laws of 2003, No. 19, item 166. (The concern is mentioned in the Mr. Trelka's letter, supra.)
 The Police
Act of 6 April 1990, Journal of Laws of 2002, No 7, item 166, with
 The Telecommunication Act of 16 July 2004, Journal of Laws of 2004, No 171, item 1800.
 Ninth Annual Report of the Article 29 Working Party on Data Protection, June 2006, available at <http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2006/9th_annual_report_en.pdf>.
 United States Department of State, Country Reports on Human Rights Practices 2003, supra.
 Ustawa o Instytucie Pamieci Narodowej -Komisji Ścigania Zbrodni przeciwko Narodowi Polskiemu, Journal of Laws December 19, 1998, available at <http://www.ipn.gov.pl/index.html> (in Polish).
 Ninth Annual Report of the Article 29 Working Party on Data Protection, supra.
 "Court Says
Parts of Secret Services Law Unconstitutional," BBC Worldwide Monitoring, April
20, 2004 (source Polish Radio 1, Warsaw, in Polish, April 20,
 See <http://www.trybunal.gov.pl/eng/>.
 “TK States Fiscal Inspectors' Powers Are Too Extensive,” Polish New Bulletin, June 21, 2005, issue of Puls Biznesu p. 5 (on file with EPIC).
 “Poland Adoption of the Community Acquis,” Summary of the Legislation available at <http://europa.eu.int/scadplus/leg/en/lvb/e22106.htm> (last updated April 13, 2004).
 Ministry of Interior and Administration, News, April 20, 2007, available at <http://www.mswia.gov.pl/portal/en/1/246/>.
 Centrum Medyczne, Current Issues, June 20, 2007, available at <http://www.enel.pl/en/onas/aktualnosc.asp?id=65>.
 “Wireless School and City Surveillance in Auschwitz, Poland,” ACTi News, June 5, 2007, available at <http://www.acti.com/Press_RoomV3/News_Content_View.Asp?strType=News&strRECORD_ID=%7B0CFEEF5F-74C5-44EC-BF5A-F2B75A93D87>.
 Act of
April 4th 1989 The Law of Associations (Journal of Laws No 79, item 855, 2001,
 Act of April 6th 1984 The Law of Foundations (Journal of Laws No 46, item 203, 1991, with changes).
 UN Country Program document for Poland (2004-2005), DP/DCP/POL/1, 5 August 2003.
 Act of April 24th 2003 on Public Benefit and Volunteer Work.
 Journal of
Laws No 112, item 1198, available at <http://home.online.no/~wkeim/files/poland-foia.htm>.
 See <http://www.bip.gov.pl/> (in Polish).
Classified Information Protection Act of 22 January
 See "Freedom of Information and Access to Government Records Around the World," supra.
 International Helsinki Federation for Human Rights, Human Rights in the OSCE Region: The Balkans, the Caucasus, Europe, Central Asia and North America, Report 2004 (events 2003), available at
April 21, 1999; ratified May 23, 2002; entered into force September 1,
 Signed November 23, 2001.
 See <http://europa.eu.int/scadplus/leg/en/lvb/l33088.htm>.