The President of the PL SA took part in the conference “Children Online"
The President of the Personal Data Protection Office (UODO) took part in the conference “Children Online: How to Safeguard Our Future?”
On 14 January, Mirosław Wróblewski, President of the Personal Data Protection Office, took part in the 2nd Academic Conference “Children Online: How to Safeguard Our Future?”, organised by the Faculty of Law and Administration of the War Studies University in Warsaw. The aim of the initiative was to raise awareness of the threats faced by minors on the internet and to provide tools to address such challenges.
The President of the Personal Data Protection Office delivered the opening lecture entitled “Deepfake – a digital illusion: Why the use of Artificial Intelligence may threaten children’s safety.” During his speech, he noted that recent advances in modern technologies have led to an explosion of content generated by artificial intelligence, including deepfakes using voice and image in fraudulent advertisements. He also emphasised that there has been increased pressure on data protection authorities to respond more quickly to such incidents.
Mirosław Wróblewski pointed out that in most such cases of abuse, several provisions of the GDPR are violated, in particular those relating to the legal basis and transparency of data processing. In this context, the President of the Personal Data Protection Office referred to his decisions in which, due to the public interest, he ordered Meta Platforms to suspend the display on Facebook of advertisements using the image of Mr Rafał Brzoska and Ms Omena Mensah. He also presented the subsequent stages of the proceedings in this case, which concluded with Meta withdrawing its complaints against the supervisory authority’s decisions. The President of the Office emphasised that the Meta case is an important example and a precedent concerning disinformation and the protection of image rights. Currently, as he added, in cooperation with the Irish Data Protection Commission (DPC), he is engaging in dialogue with representatives of social media platforms in order to develop solutions that comply with the principles of personal data protection.
In the further part of his speech, Mirosław Wróblewski explained the differences between the GDPR and the Digital Services Act (DSA), which has not yet been implemented in the Polish legal system, and pointed out that deepfake advertisements constitute both illegal content and unlawful data processing. Therefore, this issue should be considered from the perspective of both the GDPR and the DSA.
The President of the Personal Data Protection Office also referred to the judgment of the Court of Justice of the European Union (CJEU) in the Russmedia case, which concerned the liability of an online platform operator for publishing an advertisement containing a natural person’s personal data in the form of their image and telephone number. The CJEU unequivocally ruled that the operator of an online marketplace platform that enables the publication of advertisements containing personal data acts as a data controller within the meaning of the GDPR. Information on this case is available on the Office’s website: https://uodo.gov.pl/pl/138/4021
As Mirosław Wróblewski noted, in his assessment the case reveals a mechanism in the functioning of online platforms that is systemic in nature and goes beyond an individual incident. The judgment introduces a clear standard of preventive obligations and serves as an impetus for further legislative changes and for clarifying the responsibility of online platforms.
In the final part of his speech, the President of the Personal Data Protection Office referred to a widely publicised case involving the generation, using artificial intelligence tools, of a nude image of a female student based on her real appearance, and the subsequent dissemination of this image online by her peers. The case was described on the following webpages: https://uodo.gov.pl/pl/138/3906; https://uodo.gov.pl/pl/138/3984.
As Mirosław Wróblewski emphasised, law enforcement authorities refused to initiate proceedings, finding that the case lacked the elements of a criminal offence, in particular in view of their assessment of the nature of the generated image. In the opinion of the President of the Personal Data Protection Office, this incident highlighted the problem of the lack of a clear and adequate state response to new forms of digital violence against children, including sexually explicit deepfakes, and exposed a gap in the current legal system, which does not provide swift and effective protection for deepfake victims (and the related secondary victimisation), especially when the victims are minors.
The other panels of the ASW conference addressed topics such as children’s rights in the digital environment, international cooperation in the protection of minors, cyber threats and their impact on identity formation, and cybersecurity education.
Recent actions of the President of the Personal Data Protection Office related to the protection of children and youth in the digital sphere:
There is a need for legislation that protects people from the negative impact of deepfakes.