Data Protection Insider, Issue 154

21. May 2026  |   by DPI Editorial Team
Data Protection Insider, Issue 154 - DPI Issue 153 2

Table of Contents:

  1. Introduction
  2. ECtHR: Poland’s Entry Ban Procedures Lack Safeguards
  3. EDPB Publishes New Materials
  4. EDPS Publishes New Materials

 

Introduction

Dear readers, this week, we bring you an ECtHR decision concerning Poland’s entry ban procedures for foreigners, as well as information on new materials released by the EDPB and EDPS.

ECtHR: Poland’s Entry Ban Procedures Lack Safeguards

[1] On 7th May, the ECtHR ruled that by not informing the applicant of the national security reasons for which he was expelled from Poland, Poland had breached the applicant’s right to private life under Article 8 ECHR in Şener v. Poland. As to the facts of the case, the applicant, a Turkish national, had been residing in Poland since 1989 on the basis of temporary residence permits. In the meantime, he married and had a daughter, and ran a small business. He was convicted twice, and two further criminal investigations were opened against him. In 2015, his application for a permanent residence permit was turned down. In 2016, his details were entered in the Polish Register of Undesirable Foreigners on the basis of national security reasons and an entry ban was issued against him in the Schengen Information System (SIS), valid until 2021. In 2016, the applicant tried to return to Poland from Turkey, but he was unable to enter the EU/Schengen area because of the entry ban. He complained that he was never informed of the reasons for which he was considered a national security threat, resulting in the entry ban, and that he could not challenge the entry ban. His complaint before the domestic courts was not successful. After the expiry of the entry ban in 2021, he was able to return to Poland on a valid visa, where he died in 2024, but he was unable to obtain a work and residence permit. He complained to the Court that as a result of his data being entered in the Polish Register of Undesirable Foreigners and in the SIS, he was not able to continue his business and family life in Poland (rights protected under Article 8 ECHR). The Court first established that “the entering of the applicant’s details into the Registers on national security grounds and the resulting expulsion constituted an interference with the applicant’s “private and family life” within the meaning of Article 8(1) of the Convention”. The Court then turned to examine whether the procedure which led to the applicant’s expulsion afforded adequate guarantees against abuse. It ruled that “the domestic proceedings concerning the entry of the applicant’s details into the Registers on national security grounds were not attended by appropriate and sufficient procedural guarantees”. The Court reached this conclusion by taking into account also its lengthy examination of the rights of the applicant under Article 1 of Protocol No. 7 to the Convention (on the conditions for expelling lawfully residing foreigners). On that point, the Court ruled that “the applicant was subjected to significant restrictions on his right to be informed of the facts underlying the decision to expel him and on his right of access to the information and the content of the documents relied on by the decision-maker” and that his lawyer was not able to access this information. The Court concluded that the interference was not “necessary in a democratic society” and breached the applicant’s Article 8 ECHR rights. It is noteworthy that, unlike other cases in which it examines the applicable EU and national data protection provisions, in the present case the Court did not engage such an analysis.

Editorial note: The case also concerned separate complaints under Article 1 of Protocol No. 7 to the Convention. These complaints were included in this summary.

EDPB Publishes New Materials

Over the past two weeks, the EDPB released the following significant materials:

  • [2] ‘Opinion 13/2026 on the draft decision of the Office of the Data Protection Ombudsman (FI SA) regarding the approval of the requirement for accreditation of a certification body pursuant to Article 43(3) GDPR’:

EDPS Publishes New Materials

Over the past two weeks, the EDPS released the following significant materials:

  • [3] ‘EDPS Annual Report 2025: protecting people in a changing digital world’

More Information:

[1]  https://hudoc.echr.coe.int/#{%22itemid%22:[%22001-249969%22]}

[2]  https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-132026-draft-decision-office-data_en.

[3]  https://www.edps.europa.eu/data-protection/our-work/publications/annual-reports/2026-05-07-annual-report-2025-protecting-people-changing-digital-world_en.

About

DPI Editorial Team


Dara Hallinan, Editor: Legal academic working at FIZ Karlsruhe. His specific focus is on the interaction between law, new technologies – particularly ICT and biotech – and society. He studied law in the UK and Germany, completed a Master’s in Human Rights and Democracy in Italy and Estonia and wrote his PhD at the Vrije Universiteit Brussel on the better regulation of genetic privacy in biobanks and genomic research through data protection law. He is also programme director for the annual Computers, Privacy and Data Protection conference.


Diana Dimitrova, Editor: Researcher at FIZ Karlsruhe. Focus on privacy and data protection, especially on rights of data subjects in the Area of Freedom, Security and Justice. Completed her PhD at the VUB on the topic of ‘Data Subject Rights: The rights of access and rectification in the AFSJ’. Previously, legal researcher at KU Leuven and trainee at EDPS. Holds LL.M. in European Law from Leiden University.

Leave a Reply

back to overview