The Act of 16 November 2012 amending the Telecommunications Law and Certain Other Laws (Journal of Laws Dz.U. 2012 item 1445), implementing the Telecoms Package (directives 2009/136/EC and 2009/140/EC) into the Polish legal system and amending the regulations concerning “cookies” and “spam,” went into force on 21 January 2013.

The key changes involve:

1) Art. 173 of the Telecommunications Law governing the use of cookies (i.e. data files stored on the devices of subscribers or end users):

Before the amendment, Art. 173 required only that the Internet user be informed that the operator of an online service was using cookies and for what purpose. The user could then object to the use of cookies on an “opt-out” basis.

The amendment changes this rule and requires the service provider to inform the user not only of the purpose and manner in which the user’s data will be processed, but also to inform the user that he or she may use the programming settings to consent — or not — to the use of cookies. The previous “opt-out” approach is thus being replaced by the need to express consent — the “opt-in” rule.

Using the programming settings of the specific equipment, the subscriber or end user may consent or object to storage of information or obtaining access to information already stored on the end user’s device. The user must be informed in advance, in a clear and understandable way, of the purpose and the options for the user to specify the conditions for storage or access to such information using the programming settings. This means that either a modification in the programming configuration or retaining the default settings will be regarded as a conscious decision by a properly informed user.

Note: The change with respect to Art. 173 goes into effect on 22 March 2013.

2) Art. 10(1) of the Electronic Services Act, concerning electronic transmission of unsolicited commercial information, or “spam.”

The previous wording of Art. 10(1) of the Electronic Services Act prohibited electronic transmission of commercial information not requested by the recipient. Following the amendment, this provision prohibits transmission of unsolicited commercial information to a recipient who is a natural person. The definition of a recipient has thus been narrowed to individuals. In practice, this means that spam may be distributed to the email addresses of legal persons (i.e. company accounts) without obtaining prior consent.

This change is intended to facilitate bilateral business-to-business contacts, which had been problematic before because of difficulty in interpreting prior (presumed) consent by a professional entity to transmission of commercial information by inclusion of an email address on its website.