Ikonka home dla okruszków News and events
photo
28.07.2025

AI policy should give greater consideration to privacy protection

Mirosław Wróblewski, the President of the Personal Data Protection Office, presented his comments on the draft “Policy for the Development of Artificial Intelligence in Poland until 2030” submitted for public consultation, which were developed following an internal debate between the Personal Data Protection Office’s experts and members of the working group on artificial intelligence of the Social Team of Experts to the President of the Personal Data Protection Office together with the Social Team of Experts to the President of the Personal Data Protection Office. The conclusions were forwarded to the Ministry of Digital Affairs.

The proposed objectives and measures for the development of artificial intelligence in Poland should respond to challenges in the area of security in all its aspects, including from the perspective of guarantees for the right to personal data protection and the right to privacy.

According to the President of the Personal Data Protection Office, the general, horizontal approach to personal data security assessment presented in the “Artificial Intelligence Development Policy” is insufficient, and the correct setting of personal data protection standards requires consideration of the sectoral context for specific areas of state functioning. The “Artificial Intelligence Development Policy” should contain specific solutions regarding the plan to create a legal framework for the development of artificial intelligence in Poland, taking into account the EU regulatory system, both at the horizontal and sectoral levels.

The implementation of artificial intelligence in specific areas of functioning of the State and public administration requires, first and foremost, a review of existing regulations and the creation of a legal basis for actions taken by public authorities or entities performing public tasks using artificial intelligence tools, in accordance with the constitutional principle of the rule of law and with respect for individual rights in the law-making process.

A thorough review of the applicable regulations is particularly necessary with regard to the use of artificial intelligence solutions in public services in the areas of healthcare and justice, also in the context of the categories of data processed, especially biometric data, health data, genetic data, and criminal record data.

The enactment of provisions regulating the principles, methods, and objectives of artificial intelligence systems and the protective measures adopted should be preceded by an assessment of the impact on fundamental rights.

The initiative outlined in the document to create a uniform, publicly accessible list of artificial intelligence systems used in public administration, together with a description of their functions and basic technical parameters, should be considered important from the point of view of the State's commitment to transparency and responsible management of artificial intelligence. However, in order for such a register/list to be implemented, not only the main features of the artificial intelligence system should be made public, but also the purpose of its operation, the actions taken with its use, and the effects of those actions.

The President of the Personal Data Protection Office therefore proposes, among other things, that:

  • personal data protection be recognised as a horizontal principle and that the right to personal data protection be taken into account in every sector of AI policy: infrastructure, health, education, public administration, innovation, and open data;
  • adopt a balanced regulatory framework legalizing the activities of public authorities using artificial intelligence solutions;
  • clarify the role of the President of the Personal Data Protection Office as an independent body protecting the right to privacy in processes involving artificial intelligence;
  • supplement the AI Development Policy with the obligation to comply with the GDPR, the AI Act, and Convention 108+;
  • take into account the risks associated with open data and pseudonymization;
  • indicate the rules for data processing in Poland, including the classification of data according to their sensitivity level, and define the rules for processing critical data in the national infrastructure;
  • expand educational and competence-building activities, including strengthening the education and training of citizens regardless of BigTech technology platforms.

DPNT.071.26.2025

Attachments: Opinion of the President of the Personal Data Protection Office on the AI development policy in Poland until 2030 [PDF file; 194] (in Polish).

 

phone
Infoline (in Polish) UODO 606-950-000 Operates on weekdays from: 10:00-14:00
© UODO 2018 - 2025
Copyright.
Urząd Ochrony Danych Osobowych
map pin ul. Stanisława Moniuszki 1A, 00-014 Warszawa
envelope kancelaria@uodo.gov.pl
clock Working hours of the office: 8 a.m. – 4 p.m.
© UODO 2018 - 2025
Copyright.