Abstract
The author of the article set himself a goal to interpret and assess practical consequences of the application of Art. 97 of the Personal Data Protection Act of 10 May 2018 pursuant to which: “the findings of the final decision of the President of the Office stating a violation of personal data protection provisions or a final judgment issued as a result of filing a complaint, referred to in Art. 145a § 3 of the Act on Administrative Court Procedure of 30 August 2002, shall bind the court in the proceedings for redressing a damage inflicted by a violation of personal data protection regulations as to the statement that those regulations have been violated.” Interpreting this provision linguistically and pro-constitutionally as well as drawing conclusions by analogy to other normative acts the author assessed that under the civil procedure a common court will be bound solely by such findings contained in a final decision of the President of the Personal Data Protection Office which state a violation of personal data protection regulations (it will not be able to examine this issue on its own). On the other hand, when it has been found in a decision or a judgment of an administrative court that personal data protection regulations have not been violated, such findings shall not be binding on a common court. A practical consequence of Art. 97 for a controller or processor in case the President of the Personal Data Protection Office has issued a final decision stating a violation of personal data protection regulations is in fact a statement that their actions were illegal, which in the majority of cases will lead to allowing the complaint of the person injured by the violation of those regulations brought before a common court. Thus, the defendant will not be able to contest the claim effectively and prove that they have not violated personal data protection regulations, while the court will not be able to establish the occurrence being the source of liability for damages. The court will only examine whether the injury or wrong in fact did occur as a result of the violation of personal data protection regulations, whether there is a causal link between the violation of regulations and the injury or wrong, and whether the claims put forward by the plaintiff are adequate to the size of the injury. However, in the author’s opinion even such a scope of application of the above provision disproportionately infringes the right to a fair trial – the sued data controller or processor cannot defend themselves before a common court indicating that they are not responsible for the occurrence which arouses their civil liability. What is more it interferes with the right to an independent tribunal since a common court judge cannot independently examine whether the occurrence arousing the defendant’s civil liability and if so whether the defendant’s action or omission was illegal.
Key words: personal data protection, prejudiciality, right to trial
Słowa kluczowe: ochrona danych osobowych, prejudycjalność, prawo do sądu