Access to documents of victims of domestic violence must be precisely regulated
It remains unclear to which documents and personal data collected under the “Blue Card” procedure victims of domestic violence and its perpetrators have access.
The President of the Personal Data Protection Office (UODO) turned to the Minister of Family, Labour and Social Policy with a request to consider introducing changes to the Act on Preventing Domestic Violence. This concerns precise specification of the catalogue of documents and data collected during the “Blue Card” procedure, which can be accessed by victims of domestic violence, persons suspected of using it or those using it.
In his letter the President of UODO points out that the access to documents collected under the Blue Card procedure is restricted on the basis of exclusions that are imprecise for entities applying these regulations. For example, the perpetrator of domestic violence has access to documents but excluding "data of persons affected by domestic violence and persons reporting suspected use of domestic violence, disclosure of which could cause a threat to life, health or safety ...". In the opinion of the President of UODO, this structure of regulations means that it is unclear to which documents individual persons have finally access.
The President of the Office also indicates that the term "other documents" appears in one of the exclusions, which makes it difficult for city and municipal offices to provide access to documentation. It leads to the fact that the restriction of the right of access to personal data does not occur at the level of generally applicable law, as provided for in the GDPR, but depends on the discretion of a particular official.
Not only the act requires changes, but also the regulation of the Council of Ministers regarding the "Blue Cards" procedure and the "Blue Card" forms, which limits access to personal data collected in this procedure, should be adapted to the GDPR. In this case, these provisions should be in line with Art. 23 of the GDPR, which specifies the elements which national regulations limiting the rights granted under the GDPR must contain.