President of the PL SA submits comments on the draft Act on fair access to data
Under the proposed Act, national institutional supervision over the application of Regulation (EU) 2023/2854 of the European Parliament and of the Council, i.e. the Data Act, will be established. The President of the Personal Data Protection Office emphasised that national law must take into account the supervisory competences granted to data protection authorities under the Data Act.
The President of the Personal Data Protection Office Mirosław Wróblewski noted that the Data Act clearly assigns to the data protection authority certain obligations and competences enabling it to monitor and enforce its application.
The Data Act explicitly entrusts the function of supervision in matters of personal data protection to the competent supervisory authority for personal data, whose competences are autonomous and independent. Therefore, national law must genuinely guarantee these competences, including through the unambiguous allocation of the scope of jurisdiction and the means of exercising it, rather than merely declaring their inviolability. In particular, there is a need for statutory regulation of the model of cooperation between the Office of Electronic Communications and the Personal Data Protection Office. Cooperation between authorities cannot rely solely on the possibility of seeking each other’s opinions. The Data Act requires effective and binding cooperation, including the exchange of information and coordination of actions. The absence of such procedural arrangements will weaken the effectiveness of supervision.
An unclear supervisory model may also hinder the effective exercise of rights by individuals. According to the President of the Personal Data Protection Office, it is extremely important and necessary to ensure real, not illusory, protection of personal data.
It is worth noting that in October 2025 the government of the Federal Republic of Germany adopted a draft Act on the implementation of the Data Act, which designates the Federal Network Agency as the central authority responsible for applying the new law. A special role was also assigned to the Federal Commissioner for Data Protection and Freedom of Information in the application of the new law within the scope of supervision over the processing of personal data. The proposed framework provides for an obligation of close cooperation between federal entities, indicating the leading role of the Federal Network Agency and granting the Federal Commissioner for Data Protection and Freedom of Information exclusive supervisory authority in the area of applying and enforcing the GDPR.
Since November 2025, interministerial consultations have been underway in Slovakia on a national Act concerning the implementation, application, and enforcement of the Data Act. In the proposed cooperation model, the leading role has been assigned to the Ministry of Investment, Regional Development and Informatization (MIRRI), which has been designated as the coordinator responsible for supporting and facilitating cooperation between competent entities within their respective areas. Under the proposed statutory framework, MIRRI will assess whether a complaint or issue concerns the processing of personal data and, if it determines that this is the case, the legality and GDPR compliance assessment will be carried out by the Slovak supervisory authority designated for this purpose. The Slovak equivalent of the Personal Data Protection Office will also be exclusively competent for enforcing GDPR provisions and imposing administrative fines, if necessary.
According to the President of the Personal Data Protection Office, the proposed national solutions intended to ensure the effective implementation of the Data Act also require statutory clarification in Poland regarding the division of competences between the President of the Office of Electronic Communications and the President of the Personal Data Protection Office, as well as the precise and clear definition in binding provisions of cooperation mechanisms between the competent supervisory authorities, which will guarantee real and effective protection of personal data.