Abstract

The legal regulation for personal data protection has been established to protect the values colliding with freedom of information, and therefore it restricts publicity. References to the duty of confidentiality with respect to personal data may be found in various regulations concerning legally protected secrecies, though the Personal Data Protection Act of 29 August 1997 itself does not directly provide for an independent “personal data secrecy”, at the same time in Art. 39.2 obliging the parties authorized to process personal data to keep the secrecy and protect personal data, which allows for reconstructing the duty of confidentiality of a party authorized to process personal data. However, in their current wording, Art. 39.2 and Art. 51 of the Personal Data Protection Act arouse interpretational doubts and are negatively evaluated by the doctrine. Concurring with the views ofP. Fajgielski it would be appropriate to replace the term “parties authorized to” with “parties empowered to” in Art. 39.2 of the Personal Data Protection Act. Also penal provisions of the Act require amendments, in particular in Art. 51 of the Personal Data Protection Act the term in plural “parties unauthorized to” should be replaced with the term in singular “a party not empowered to”.