No, doxxing is illegal in Poland under multiple statutes, including Article 190a of the Penal Code, which criminalizes harassment via personal data disclosure. The Personal Data Protection Office (UODO) enforces GDPR and domestic laws, imposing fines up to €20 million or 4% of global turnover for violations. Recent 2026 amendments to the Cybersecurity Act further penalize doxxing linked to critical infrastructure disruptions.
Key Regulations for Doxxing in Poland
- Article 190a of the Penal Code: Prohibits publishing or disseminating private data with intent to harass, punishable by up to 2 years’ imprisonment. Applies even if the data is publicly available but repurposed maliciously.
- GDPR & UODO Enforcement: Unauthorized processing of personal data for doxxing triggers administrative fines under Article 83 GDPR, with UODO issuing orders to cease data processing and rectify breaches.
- Cybersecurity Act (2026 Amendments): Introduces stricter penalties for doxxing targeting public officials or critical infrastructure, with potential criminal liability under Article 190b for “digital violence” offenses.
Civil remedies under tort law (Article 24 of the Civil Code) allow victims to seek injunctions and damages for reputational harm. Law enforcement agencies, including the Police’s Cybercrime Unit, prioritize doxxing cases under joint EU-Poland cybercrime task forces. Foreign actors may face extradition under bilateral treaties if their actions impact Polish residents.