Status regarding Budapest Convention
Status : Party Declarations and reservations : Reservation regarding article 29. See legal profileCybercrime policies/strategies
The Ministry of Public Administration and Digitisation (MAC) and Internal Security Agency (ABW) launched in 2013, the first cyber security strategy- Cyberspace protection policy of the Republic of Poland.
The Cyber Security Strategy 2017-2022 was drafted in response to the European NIS directive on protecting national networks and systems.
Cybercrime legislation
State of cybercrime legislation
- Penal Code from 06 June 1997, amended in 2003
- Code of Criminal Procedure from 06 June 1997, amended in 2003
- Law on Data Protection from 1997, as amended in 2015
Substantive law
- Penal Code from 06 June 1997 , Chapter XXXIII – Offences against the Protection of Information, articles 266 -299 corresponding to articles 2 – 6 from the Budapest Convention.
- The list of illicit acts related to child pornography is quite extensive. The Chapter XXV - Offences against Sexual Liberty and Decency, article 202 § 3-5 includes its production, dissemination, public presentation, procuring, recording as well as storing and possession.
- Poland signed the Additional Protocol to the Convention on Cybercrime, concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed Through Computer systems on 21 July 200 and ratified it on 20/02/2015.
- The infringements of copyright and related rights are criminalized in two acts: Act of 4 February 1994 on copyright and related rights, and the Penal Code (Art 278§ 2 and Art 293).
Procedural law
The majority of procedural powers contained in the Budapest Convention are implemented in the Code of Criminal Procedure, from 06 June 1997 and amended in 2003. The Polish legislation does not provide a measure consistent with the Article 20 of the Budapest Convention - Real-time collection of traffic data.
Safeguards
The Polish Constitution of 1997 recognises the right to privacy and the right to personal data protection. The Law on the Protection of Personal Data was adopted in 1997 and came into force in 1998.
Related laws and regulations
- Act of 4 February 1994 on copyright and related rights-https://www.wipo.int/edocs/lexdocs/laws/en/pl/pl010en.pdf
- Law of 18 July 2002 on Providing Services by Electronic Means (LPSEM)
- The Act of 7 May 2010 on supporting the development of telecommunications services and networks
- The Police Act from 1990
Specialised institutions
Preliminary investigations are conducted by police entities based in the 'Voivodeship' (regional) police headquarters. At the central level, the Department for Fighting against Cybercrime has been established within the Criminal Service Bureau of the National Police Headquarters. The Division of Fighting against Cybercrime has also been established within the Central Criminal Investigation Bureau of the Police. Their main task is to combat cybercrimes committed by organised criminal groups.
At the level of the Prosecutor General's Office several prosecutors have been designated to provide coordination and support to lower tiers of the public prosecution service in cases involving cyber attacks (attacks against computer systems), hate crimes, and the sexual exploitation of children. Moreover, at regional level coordinating prosecutors have been appointed to deal with cases of sexual exploitation of children. Those prosecutors closely cooperate with police officers, providing advice in the most complex cases.
Poland has several established several Computer Security Incident Response (CSIRT)/Computer Emergency Response (CERT) teams:
- CERT.PL (CERT POLSKA) operates as part of the Research and Academic Computer Network (NASK)
- CERT Orange (Polish; formerly CSIRT Telekomikacja Polska) was established in 1997 for users of telecom services.
- CERT.GOV.PL (Polish and English) has the government and its agencies as its constituents.
- Government Center for Security (RCB)
International cooperation
Practical guides, templates and best practices
Mutual legal assistance in general (MLA, transfer of proceedings, transfer of the execution of sentence as well as extradition) is regulated by the Code of Criminal Procedure and its provisions are applicable according to the principle of subsidiarity - only if there is no international legal instrument or if the provisions of such instrument do not regulate specific issues. It results from the basic constitutional principle of the precedence of ratified conventions over national law, which is valid also for MLA in criminal matters. There are no specific provisions in Polish legislation on MLA for cybercrime, as general provisions on MLA are applicable.
Jurisprudence/case law
Sources and links
- https://supertrans2014.files.wordpress.com/2014/06/the-criminal-code.pdf
- GENVAL - Evaluation report on the seventh round of mutual evaluations "The practical implementation and operation of European policies on prevention and combating Cybercrime" - Report on Poland
- Other GENVAL 7th round evaluation reports
- https://www.uke.gov.pl/gfx/uke/userfiles/m-pietrzykowski/telecommunications_act_en.pdf
- http://www.policja.pl/ftp/pliki/police_act.pdf
- https://csirt.gov.pl/
- http://prawo.sejm.gov.pl/isap.nsf/download.xsp/WDU19970890555/U/D19970555Lj.pdf
- http://europam.eu/data/mechanisms/FOI/FOI%20Laws/Poland/Poland_Data%20Protection_1997_amended%202015.pdf
- https://www.giodo.gov.pl/data/filemanager_en/51.pdf
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.