Poland: Issued Provincial Administrative Court ruling dismissing Morele.net complaint against UODO regarding its decision that Morele violated several GDPR provisions

On 16 September 2024, the Provincial Administrative Court (WSA) dismissed Morele.net's complaint against the Personal Data Protection Office (UODO) regarding its decision finding that Morele.net had violated several GDPR provisions and imposing a fine of over PLN 3.8 million. The case was reconsidered after the Supreme Administrative Court (NSA) annulled a previous ruling from 2023, which had initially dismissed Morele.net's appeal against a smaller fine of 2.8 million PLN imposed in 2019. The WSA confirmed that UODO had properly followed the NSA’s instructions by re-evaluating Morele.net’s request for expert evidence, adequately justifying the rejection, and producing an internal analysis of the company's security standards. The court concluded that UODO staff possess the necessary expertise to assess the technical and organisational measures implemented by the company and upheld the decision, considering the fine proportionate and justified.