Mateusz Kupiec

Associate

Bio

At our law firm, Mateusz participates in the GDPR team’s work within the TMT practice and provides legal advice to private and public sector entities in the broad field of new technology law, focusing on data protection law, access to public information, and the re-use of public sector information.

Research assistant at the Department of Administrative Law of the Institute of Law Studies of the Polish Academy of Sciences. Author of publications in the field of data protection law and information law. Winner of a scholarship from the Minister of Education and Science for students for significant academic achievements. Winner of first place and a special prize in the 9th edition of the Personal Data Protection Office’s student essay competition. Winner of the 1st Prize of the Minister of Education and Science in the MA thesis category in the 19th edition of the Patent Office of the Republic of Poland competition for the best scientific thesis on intellectual property.

He holds the Fellow of Information Privacy (FIP) designation, as well as Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Manager (CIPM) certifications, all conferred by the International Association of Privacy Professionals (IAPP).

Graduate of the Faculty of Law and Administration of Jagiellonian University in Kraków. Graduate of the School of German Law organised by Ruprecht-Karls-Universität Heidelberg, Johannes Gutenberg-Universität Mainz and Jagiellonian University and graduate of the School of American Law organised by The Catholic University of America, Columbus Law School in Washington DC and Jagiellonian University. Graduated from the IT/TMT School organised by the H. Grocjusz Intellectual Property Rights Centre and participated in the 1st edition of the “Winter School on Algorithmic State, Market and Society” organised by the European University Institute in Florence. Scholarship holder of the German Academic Exchange Service (DAAD).

Fluent in English and German, including legal language.


Related news

Publications 1
27 Jun 2022

The Polish DPA rules about the right to access the personal data contained in trackers

In the article Xawery Konarski and Mateusz Kupiec describe the tasks of the President of the Personal Data Protection Office regarding the implementation of the right to access data in the context of online identifiers. The text was published on the website of the International Network of Privacy Law Specialists organization.

Events 1
10 Apr 2025

AI-Powered Employee Monitoring: Navigating Privacy and Compliance Challenges

Join the Bulgaria Chapter for an engaging discussion on AI-powered employee monitoring. We will explore the challenges of ensuring compliance with regulations such as GDPR, the AI Act, and the ePrivacy Directive, while analyzing employee behavior in a work context.

Blog 3
09 Oct 2024

Polish DPA bans Meta from processing personal data of two public figures for displaying deepfake ads

The text discusses two landmark decisions by the Polish Data Protection Authority (DPA) regarding Meta’s use of data from two public figures in deepfake advertisements on Facebook and Instagram. These cases highlight the strict enforcement of data protection laws in Poland, particularly in the context of unauthorized data use and the impact on individuals’ privacy and reputation.

23 Aug 2024

Asking Customers to Provide Courtesy Titles and GDPR - Conclusions from the CJEU Advocate General's Opinion concerning Case C-394/23

Asking customers to provide courtesy titles (such as ‘Mr’, ‘Miss’, ‘Mrs.’) is a common business practice, which is particularly popular in the e-commerce sector, where these details, usually collected at the time of purchasing goods or ordering a service, are used for personalisation of any follow-up communication with the customer. Collecting and retaining information concerning the way a particular person wants to be addressed is processing of their personal data. This results in the need to ensure the compliance of such data collection with the EU data privacy law. The recent opinion of the Advocate General of the CJEU in Case C-394/23 can provide crucial guidelines for controllers, who wish to address their customers using the provided titles.

07 Jul 2022

Is the use of cookie walls acceptable? A few words about the new CNIL position

The use of cookies and other trackers by website operators is of interest to supervisory authorities. The French supervisory authority, the Commission Nationale Informatique et Libertés, recently commented on this in detail. In this article I set out the authority’s position.

Meet our team