The President of the PL SA Defines the Deepfake Technology Problem

President of the Personal Data Protection Office Defines the Deepfake Technology Problem at the Parliamentary Committee on Children and Youth

On 17 December, the President of the Personal Data Protection Office, Mirosław Wróblewski, together with experts from the Office, took part in a meeting of the Parliamentary Committee on Children and Youth. The meeting, which brought together representatives of state institutions and child‑safety advocates, focused on the growing dangers faced by children and young people as a result of the increasing popularity of deepfake technology. The President of the Personal Data Protection Office delivered a presentation defining the threat posed by deepfakes, and the session concluded with significant conclusions from all participants.

In his address, the President of the Personal Data Protection Office emphasised that “in the opinion of the supervisory authority, the regulations currently in force in the Polish legal system are not adapted to the specific nature of deepfake technology and content generated by artificial intelligence. Nor do they provide the means to effectively counteract their negative impact on individuals. The technology itself may appear neutral, but the ease of access to it and its effectiveness when used for various purposes, often unlawful or unethical, may lead to violations of people’s rights and freedoms on an unprecedented scale.”

He further noted that “it is essential to introduce legal provisions that directly address the dissemination of harmful content in the form of deepfakes”, drawing attention to the fact that he had also presented this position in a communication to the Deputy Prime Minister and Minister of Digital Affairs, Krzysztof Gawkowski. In that communication, he cited the case of primary school pupils generating a fake nude image of a female classmate and encouraging others to order similar content via Instagram. President Wróblewski pointed out that in this widely discussed case, there is clearly processing of personal data within the meaning of Article 4(1) of Regulation 2016/679 (GDPR), yet the current legal framework does not provide adequate protection against deepfakes, partly because it does not directly address the specific nature of this technology. Neither copyright law, the Civil Code, the Criminal Code, nor even the GDPR directly regulate this issue. As the President explained, none of these regulations guarantees, for example, the swift removal of illegal materials.

“This is why I see the need to initiate work aimed at introducing into the Polish legal system provisions that fully regulate legal liability for the dissemination of false content in the form of deepfakes, ensure effective protection of personal data, and provide support for victims of cybercriminals,” stated the President of the Personal Data Protection Office.

As examples of potentially necessary solutions, President Wróblewski mentioned: obligations for online platforms to detect and label deepfakes; support for grassroots initiatives aimed at developing standards and good practices for verifying the authenticity of content; detailed rules on criminal liability and liability for damages for individuals creating and disseminating harmful deepfakes; and clarification of the duties of entities administering online platforms.

In the context of European regulations, the President referred to the judgment of the Court of Justice of the European Union in the Russmedia case, which, in the opinion of the supervisory authority, is of great significance for online services, including social media platforms. In the absence of EU‑level regulations specifically addressing deepfakes, the judgment provides a solid basis for requiring online service providers to implement technical and organisational measures enabling the identification of advertisements containing special‑categories of data and verifying whether the user intending to publish such an advertisement is indeed the data subject.

The President of the Personal Data Protection Office also stressed that an important step in Polish legislation would be the adoption of an amendment to the Act on Providing Services by Electronic Means, which introduces into Polish law the provisions of the Digital Services Act (DSA). With the implementation of the DSA, the widespread publication of false content, including deepfake materials, could be effectively reduced.

As a key conclusion from the committee meeting, MPs adopted a draft resolution calling for increased protection of the image of minors in the digital environment, as well as comprehensive regulation of issues related to sharenting, including rules for publishing content featuring minors, the protection of their personal data, and the work of minors online.

The meeting was also attended by experts from the Personal Data Protection Office: Anna Dudkowska – Director of the Educational Initiatives Department; Monika Krasińska – Director of the Law and New Technologies Department; and Maria Owczarek – Director of the International Cooperation Department. Also present were Joanna Napierała, Chair of the State Commission for Combating Sexual Abuse of Minors under 15, together with Konrad Ciesiołkiewicz, Deputy Chair for Strategy, Digital Affairs and Institutional Relations, as well as representatives of the Ministry of Justice, NASK – National Research Institute, the State Commission on Paedophilia, the Office of Electronic Communications, the Central Bureau for Combating Cybercrime, and NGOs working to combat threats to children and young people.

In the closing part of the meeting, MP Monika Rosa, Chair of the Committee on Children and Youth, noted that the topic of media education would be the subject of further discussions. She also assured that the Ministry of Justice and the Office of Electronic Communications would jointly agree on the composition of a team dedicated to counteracting deepfake‑related abuses.

MP Rosa also set as a task the need for a genuine debate on the age thresholds for accessing online platforms, referring to the frequently discussed example of the solution adopted by the Australian government, which decided that the use of social media services would be permitted only from the age of 16.