Abstract
The subject of the article is the issue concerning the material scope of personal data processed in petty offence cases and the problem of their protection. The author points out that such data are processed by the authorities conducting these proceedings without any form of external audit. The provisions of the 2018 Personal Data Protection Act, as well as the provisions of the 2016 Regulation (EU) of the European Parliament and of the EU Council on the processing and protection of such data (GDPR), do not apply to them. It is noted that such data are processed on the basis of the provisions of Directive (EU) 2016/680 of the European Parliament and of the Council of 2016, as well as national procedural regulations (i.e. the Code of Procedure in Petty Offence Cases and the Code of Criminal Procedure), which provide a certain level of protection – however, this protection is insufficient. Courts are free to decide which data they obtain, record, and disclose. The author argues that an excessive amount of such data is processed in these proceedings and postulates, de lege ferenda, that the scope should be limited to data that serve to identify the participant in the proceedings. He further contends that the current legal framework for the protection of personal data in petty offence cases is inadequate and fails to ensure legal certainty.