Can eMonitor be used in compliance with Polish law?

eMonitor supports Polish compliance requirements through configurable monitoring scopes, work-hours-only tracking, and employee-visible dashboards that demonstrate transparency. Employers using eMonitor in Poland should document monitoring purposes in their work regulations, complete the two-week notification period, consult the works council or trade unions, and configure data retention to align with the three-month CCTV limit and GDPR storage limitation principles.

Compliance Guide — Poland

Employee Monitoring Laws in Poland: Labor Code Provisions and GDPR Compliance Guide

Employee monitoring laws in Poland operate under a dual legal framework: the EU General Data Protection Regulation (GDPR, implemented in Poland as RODO) and specific provisions of the Polish Labor Code (Kodeks Pracy), most notably Articles 22(2) and 22(3), which were introduced in 2019 to regulate CCTV, email monitoring, and electronic workplace oversight beyond the GDPR baseline. This guide explains what Polish law requires, what it prohibits, how the works council consultation obligation works, how the UODO (Polish Data Protection Authority) enforces violations, and the practical steps employers need to take before deploying any monitoring system in Poland.

Start Free Trial Book a Demo

7-day free trial. No credit card required.

Poland employee monitoring compliance guide showing Labor Code and GDPR requirements

What Is Poland's Legal Framework for Employee Monitoring?

Employee monitoring laws in Poland combine two distinct legal instruments. The first is GDPR (RODO in Polish), which applies across the EU and sets baseline rules for processing personal data in the employment context. The second is the Polish Labor Code (Kodeks Pracy), which adds country-specific requirements that go further than GDPR alone. This dual framework means Polish employers face obligations that no GDPR-only analysis fully captures.

The Labor Code provisions governing monitoring were introduced through an amendment effective September 4, 2019. Articles 22(2) and 22(3) created explicit statutory rules for two monitoring categories: visual monitoring (cameras, CCTV) under Article 22(2), and electronic communication monitoring (company email) under Article 22(3). Before this amendment, monitoring was governed only by general Labor Code principles and GDPR. The 2019 provisions gave employers clearer authority to monitor while simultaneously imposing procedural requirements that did not previously exist in codified form.

The practical result: Polish employers who rely on GDPR analysis alone and ignore the Labor Code provisions are operating with an incomplete compliance picture. The Labor Code imposes notice periods, restricted zones for cameras, mandatory documentation in work regulations, and union consultation requirements that sit entirely outside the GDPR framework.

Diagram showing Poland's dual employee monitoring legal framework: GDPR (RODO) plus Labor Code Articles 22(2) and 22(3)

Labor Code Article 22(2): What Does Polish Law Require for CCTV Monitoring?

Labor Code Article 22(2) governs visual monitoring of the workplace, including fixed CCTV cameras, door entry cameras, production floor cameras, and any system that continuously or periodically captures images of employees. Polish law permits this monitoring under three circumstances: ensuring safety and order in the workplace, protecting property, controlling production, or keeping trade secrets.

Permitted Purposes for CCTV in Poland

Article 22(2) specifies the following permitted purposes for visual monitoring: (1) ensuring the safety of employees and other persons present on the employer's premises; (2) protecting property; (3) controlling production; and (4) maintaining the confidentiality of information whose disclosure could harm the employer. Employers must use CCTV only for one of these stated purposes and cannot later use footage for a different purpose without a fresh legal basis (the purpose limitation principle, reinforced by GDPR Article 5(1)(b)).

CCTV Retention: The Three-Month Maximum Rule

Polish law sets a hard statutory limit on CCTV footage retention under Article 22(2): footage must be deleted or overwritten after a maximum of three months from the date of recording. This three-month ceiling is not a recommendation; it is a binding legal requirement. The sole exception applies when footage constitutes or may constitute evidence in civil or criminal proceedings, in which case retention continues until those proceedings conclude with a final decision. Where proceedings are ongoing, the employer must document why the footage is being retained beyond the three-month baseline.

In practice, the three-month rule requires employers to configure camera storage systems with automatic overwrite cycles. Indefinite retention of CCTV footage, which is common in organizations that never configure deletion policies, constitutes a violation of both Article 22(2) and GDPR Article 5(1)(e) (storage limitation). The UODO has cited this as one of the most common monitoring compliance failures it encounters during audits.

Prohibited Locations for CCTV

Article 22(2) explicitly prohibits installing cameras in the following locations: sanitary rooms (restrooms, bathrooms, shower rooms), changing rooms, break rooms used solely for eating and resting, and trade union offices. These locations are excluded because monitoring them would violate employee dignity, personal privacy, and in the case of union offices, freedom of association rights protected under Polish constitutional law.

The prohibition on monitoring break rooms applies to rooms used exclusively for rest and meals. Open-plan offices with kitchen areas accessible to foot traffic may be assessed differently, but purpose-built canteens and break rooms are clearly within the prohibition. Employers uncertain about borderline locations should seek legal advice rather than assume cameras are permitted.

Employee Notification Requirements for CCTV

Before any camera system becomes operational, Polish employers must complete two notification steps. First, the monitoring system must be described in the employer's internal work regulations (regulamin pracy), collective agreement, or, where neither exists, in individual employment contracts or a separate document signed by employees. Second, employees must be informed of the monitoring purpose, scope, camera locations, and data retention period at least two weeks before monitoring begins. New employees must receive this information in writing before their first working day.

Labor Code Article 22(3): When Can Polish Employers Monitor Email?

Labor Code Article 22(3) authorizes employers to monitor electronic communications of employees, specifically email, under defined conditions. This provision fills a gap that GDPR alone did not address explicitly for the employment context, providing clear statutory authorization alongside the conditions that make it lawful.

Company Email Only: The Strict Scope Limitation

Article 22(3) restricts email monitoring to company email accounts provided to employees for work purposes. Personal email accounts, even when accessed on company devices or via a company network, are outside the scope of permitted monitoring. Reading, scanning, or indexing personal email constitutes a violation of correspondence secrecy under the Polish Constitution (Article 49) and Article 267 of the Criminal Code (unauthorized access to information).

This limitation has practical implications for employers who monitor network traffic. Deep packet inspection that captures the content of personal email or personal messaging applications exceeds what Article 22(3) permits. Employers can lawfully log that an employee accessed a personal email service, but accessing the content of those communications falls outside the legal basis.

Purpose: Work Organization and Labor Efficiency

Article 22(3) permits email monitoring only when it is necessary to ensure work organization or control of work quality and efficiency. Monitoring for curiosity, routine oversight without a documented purpose, or building profiles of employee behavior beyond work performance is not within the permitted scope. Employers must be able to articulate why email monitoring is necessary for work organization, not merely desirable or convenient.

Documenting Email Monitoring in Work Regulations

Email monitoring must be stated in the employer's work regulations, collective agreement, or (for employers with fewer than 20 employees not covered by collective agreements) communicated in writing to each employee before monitoring begins. The notice must specify: what is monitored (company email), the purpose of monitoring, the manner of monitoring (whether access is automated or manual, whether content is read), and how long monitoring data is retained. The same two-week advance notice requirement that applies to CCTV applies equally to email monitoring.

What About Computer Activity Monitoring?

Polish law does not contain a specific Labor Code provision addressing computer activity monitoring beyond email, in the way Articles 22(2) and 22(3) address CCTV and email respectively. Activity monitoring — tracking application usage, website visits, idle time, and keystrokes on company computers — is governed by GDPR and the general Labor Code principles of proportionality and dignity protection. Employers deploying activity monitoring software must identify a GDPR lawful basis (typically legitimate interest under Article 6(1)(f)), document their proportionality assessment, and comply with all transparency and notification requirements.

Works Council and Trade Union Consultation: What Does Poland Require Before Monitoring Begins?

Polish labor law imposes a consultation obligation on employers before introducing any monitoring system. This obligation applies regardless of the monitoring type: CCTV, email monitoring, or activity monitoring software all trigger the requirement.

Who Must Be Consulted?

Under the Act on Employee Information and Consultation (Ustawa o informowaniu pracownikow i przeprowadzaniu z nimi konsultacji, 2006), employers with 50 or more employees who have established a Rada Pracownikow (works council) must inform and consult the council before introducing monitoring — an obligation that parallels works council consultation requirements across other European jurisdictions. Where trade union organizations (organizacje zwiazkowe) operate at the workplace, employers must consult those organizations as well. If neither a works council nor trade unions are present, the employer must consult employee representatives elected specifically for this purpose.

Is This a Blocking Right or a Consultation Right?

The Polish works council's role is consultation, not co-determination. This is a significant distinction from Germany's monitoring framework, where Betriebsrat works councils can block monitoring deployment outright. In Poland, the employer must inform the works council, allow it to express an opinion, and take that opinion into account, but the employer can proceed even if the works council objects. The works council cannot veto monitoring deployment.

In practice, however, trade unions operating at the workplace may have stronger negotiating leverage through collective bargaining. Where monitoring conditions are governed by a collective agreement (uklad zbiorowy pracy), any changes to monitoring scope may require formal renegotiation of those agreement terms. This creates a practical constraint that goes beyond the formal consultation requirement.

What Must the Consultation Cover?

The information provided to the works council or trade union must cover: the type of monitoring being introduced, the technical means used, the purposes and justification, the scope of data collected, retention periods, employee access to their own data, and any measures taken to protect employee privacy. Providing superficial information that does not enable meaningful consultation may itself constitute a violation of the consultation requirement.

Practical Timeline for Polish Monitoring Deployment

Based on the statutory requirements, deploying a monitoring system in Poland requires a minimum timeline of approximately four to six weeks: time to update work regulations, consult the works council or trade unions, notify employees, allow the two-week notice period to elapse, and then commence monitoring. Organizations that attempt to deploy monitoring faster than this timeline risk operating without proper legal basis during the period before the two-week notice expires.

GDPR applies to all processing of employee personal data in Poland, including data generated by monitoring systems. The Polish GDPR implementation act (Ustawa o ochronie danych osobowych, 2018) does not add substantial country-specific employment monitoring rules beyond the Labor Code provisions already discussed. GDPR's principles, however, shape how those provisions are interpreted and enforced by the UODO.

Lawful Basis for Monitoring Under GDPR in Poland

Polish employers most commonly rely on GDPR Article 6(1)(f) (legitimate interests) as the lawful basis for monitoring activities not explicitly mandated by law. This requires a legitimate interests assessment (LIA) demonstrating that the employer's monitoring interest is not overridden by employee rights and freedoms. For monitoring activities that are explicitly authorized by the Labor Code (CCTV under Article 22(2), email under Article 22(3)), Article 6(1)(c) (legal obligation compliance) may also be available as a basis.

Consent under Article 6(1)(a) is generally not a viable basis for routine monitoring in Poland. UODO has consistently taken the position, aligned with the European Data Protection Board's guidance, that consent cannot be freely given by employees due to the inherent power imbalance in the employment relationship. Using consent as the sole basis for systematic monitoring exposes employers to challenge if employees later withdraw that consent.

Data Protection Impact Assessments for Monitoring

A DPIA (Data Protection Impact Assessment) under GDPR Article 35 is required when monitoring is likely to result in high risk to employee rights. UODO has indicated that the following monitoring activities require a DPIA: systematic monitoring of employee computer activity at scale, monitoring involving profiling of employees, processing of biometric data for access control, and deployment of new monitoring technologies not previously assessed. Organizations implementing activity monitoring software that captures keystrokes, application usage, and screenshots across many employees should conduct a DPIA before deployment.

Data Minimization and Storage Limitation in Practice

GDPR Articles 5(1)(c) and 5(1)(e) require that monitoring data be adequate, relevant, limited to what is necessary for the stated purpose, and not kept longer than needed. For Polish employers, these principles interact with the three-month CCTV retention limit in Article 22(2): even where the legal proceedings exception might allow longer retention, the storage limitation principle requires that employers document the justification and review it regularly. Retaining footage indefinitely "just in case" fails the storage limitation test under GDPR.

Employee Rights Under GDPR

Polish employees retain full GDPR data subject rights regarding monitoring data: the right to access their data (Article 15), the right to erasure where no legal basis for retention exists (Article 17), the right to object to processing based on legitimate interests (Article 21), and the right to receive information about automated decision-making (Article 22). Employers must establish mechanisms for employees to exercise these rights and respond within the statutory one-month timeframe.

UODO Enforcement: What Fines Have Polish Employers Faced for Monitoring Violations?

The UODO (Urzad Ochrony Danych Osobowych, the Polish Data Protection Authority) has demonstrated a willingness to enforce monitoring-related violations with substantial administrative fines since GDPR took effect in 2018. GDPR enforcement precedents from other EU jurisdictions provide useful context for the direction Polish enforcement is heading. Polish employers should treat UODO enforcement as a real risk, not merely a theoretical concern.

Common Violations UODO Has Targeted

UODO enforcement actions related to workplace monitoring have addressed several recurring violation categories. First, CCTV coverage of prohibited areas: multiple employers have faced fines for cameras in break rooms, changing rooms, and areas adjacent to restrooms. Second, failure to properly inform employees about monitoring before it began, including cases where monitoring was operating for months or years without employees having received the required written notification. Third, excessive CCTV data retention beyond the three-month statutory limit, including cases where system operators never configured automatic deletion. Fourth, use of monitoring data for purposes incompatible with the stated purpose (purpose limitation violations, such as using productivity monitoring data in disciplinary proceedings without a documented basis for that use).

Fine Levels: 2023 to 2025 Enforcement Trends

UODO fines for employment monitoring violations in the 2023 to 2025 period have ranged from approximately 20,000 PLN (around 4,500 EUR) for procedural violations such as inadequate employee notification, to several hundred thousand PLN for systemic violations involving large numbers of employees. While Poland has not yet issued maximum-scale GDPR fines (which could reach 20 million EUR or 4% of global annual turnover) specifically for workplace monitoring, UODO's pattern of escalating enforcement suggests that organizations with large monitoring deployments and poor documentation face material financial exposure.

What UODO Looks For During Audits

UODO audits of monitoring practices typically examine: whether work regulations describe monitoring accurately and specifically, whether employee notification was provided and when, whether a DPIA was conducted where required, whether there is a documented lawful basis for each monitoring activity, whether data retention periods are configured and documented, and whether works council or trade union consultation took place. Organizations that can produce these documents typically achieve faster resolution and reduced penalties even when violations are found.

Criminal Liability for Serious Monitoring Violations

Beyond UODO administrative fines, serious monitoring violations in Poland can result in criminal liability. Unauthorized access to computer systems under Article 267 of the Polish Criminal Code applies to employers who access employee personal email or personal accounts without authorization. Violation of correspondence secrecy under Article 267(3) covers interception of communications. Violation of employee privacy rights can also give rise to civil claims for damages under Article 24 of the Civil Code in conjunction with Article 448. Polish courts have awarded damages to employees where monitoring was found to violate personal rights (dobra osobiste).

How Do Polish Employers Build a Compliant Monitoring Program in 2026?

Building a monitoring program that satisfies Poland's dual Labor Code and GDPR framework requires completing a specific sequence of steps before any monitoring begins. The following process reflects current UODO guidance and Polish legal practice.

Step 1: Define Monitoring Purpose and Scope

Every monitoring activity must have a clearly articulated purpose that maps to a permitted category under the Labor Code or a documented legitimate interest under GDPR. Before selecting monitoring tools, the employer should document: what will be monitored (applications, websites, CCTV, email), why that monitoring is necessary for the business purpose, which employees or roles are within scope, and how the monitoring data will be used. Vague statements like "to improve productivity" are insufficient. Specific statements like "to verify compliance with the company internet use policy for roles that handle customer data" provide a documentable basis.

Step 2: Conduct a Proportionality Assessment

Polish courts and UODO assess monitoring lawfulness in part through proportionality: is the monitoring limited to what is necessary to achieve the stated purpose? Continuous keystroke logging across all employees regardless of role would struggle to satisfy proportionality in most contexts. Targeted monitoring of employees in roles with access to sensitive customer data, with clear notification and limited scope, is far more defensible. The proportionality assessment should be written down and retained.

Step 3: Update Work Regulations

Monitoring must be documented in the employer's internal work regulations (regulamin pracy), collective agreement, or individual employment contracts before monitoring begins. The documentation must specify what is monitored, why, how, for how long data is retained, and who has access to monitoring data. Work regulations must be registered with the Labor Inspectorate (Panstwowa Inspekcja Pracy) for employers required to maintain them under the Labor Code.

Step 4: Consult the Works Council or Trade Unions

After drafting the monitoring policy but before employee notification, the employer must consult the works council or trade union organizations. Allow adequate time for the works council to review the policy and formulate its opinion. Document the consultation, including dates, the information provided, the council's response, and how the employer considered that response. This documentation is part of the compliance record UODO may request.

Step 5: Notify Employees at Least Two Weeks in Advance

After completing works council consultation and finalizing the monitoring policy, notify employees in writing at least two weeks before monitoring commences. The notification must include the monitoring purpose, scope, duration, and employee rights. For existing employees, deliver notification to each individual (not merely post it on a bulletin board). For new employees, provide notification before their first day of work. Keep signed acknowledgment records.

Step 6: Configure Technical Retention and Access Controls

Technical configuration must reflect legal requirements. CCTV systems must be set to automatically overwrite footage after three months (unless the exceptions apply). Activity monitoring systems should retain data for periods documented in the work regulations, with access restricted to authorized managers. Configure audit logs that record who accessed monitoring data, when, and for what purpose. These logs become critical evidence in any UODO audit or litigation.

Step 7: Conduct DPIA Where Required

Where monitoring involves systematic tracking of employee behavior at scale or processing of sensitive data, complete a DPIA before deployment. The DPIA should assess risks to employee rights, mitigation measures, and the outcome of the risk assessment. If the DPIA identifies high residual risks that cannot be mitigated, consult UODO before proceeding. Keep the DPIA document as part of the compliance record and review it when monitoring scope or tools change.

Polish employee monitoring compliance checklist covering Labor Code Articles 22(2) and 22(3), GDPR RODO requirements

Remote Work, Sensitive Data, and Special Situations Under Polish Monitoring Law

Remote Work Monitoring After Poland's 2023 Labor Code Amendments

Poland amended its Labor Code in April 2023 to formally regulate remote work (praca zdalna), creating specific obligations for employers managing remote employees. For monitoring purposes, the remote work provisions require that any monitoring of remote workers be specified in the remote work agreement (porozumienie o pracy zdalnej) or remote work regulations. The same notification and consultation obligations apply. Employers monitoring remote workers on company-provided equipment must limit monitoring to company systems and work hours, and may not capture images of employees' home environments or monitor their activities outside declared work hours.

Sensitive Data and Biometric Monitoring

Processing of special category data (sensitive data) under GDPR Article 9 requires explicit employee consent or another specific exception. Biometric time and attendance systems that use fingerprints or facial recognition process biometric data, which qualifies as special category data. Polish employers deploying biometric access control or time registration systems need explicit employee consent, and must demonstrate that consent was truly freely given (which is difficult in employment contexts). UODO has expressed significant concern about biometric systems in workplaces and has issued guidance recommending alternative methods where biometrics are not strictly necessary.

Monitoring During Disciplinary Investigations

Polish law permits targeted monitoring during documented disciplinary investigations under circumstances where there is reasonable suspicion of a serious violation. This covert investigation exception is narrower than it may appear: it applies to specific investigations for specific violations, not ongoing covert monitoring of all employees. Any evidence gathered through monitoring during a disciplinary investigation may be used in proceedings, but evidence gathered through unlawful monitoring may be challenged and excluded. Polish labor courts have addressed the admissibility of monitoring evidence in multiple decisions, and employers should ensure that disciplinary investigation monitoring is documented and legally defensible before relying on it.

Cross-Border Processing: Polish Employees in International Organizations

International organizations with employees in Poland and monitoring systems hosted outside the EU face additional compliance obligations. Cross-border transfer of Polish employee monitoring data to non-EU countries requires one of the transfer mechanisms under GDPR Chapter V: adequacy decision, standard contractual clauses (SCCs), binding corporate rules (BCRs), or a derogation. The UODO is the lead supervisory authority for monitoring of employees based in Poland, regardless of where the employer's headquarters are located. International employers should ensure their monitoring software vendors offer data residency options that keep Polish employee data within the EU or provide compliant transfer mechanisms for data processed outside the EU.

Frequently Asked Questions: Employee Monitoring Laws in Poland

Is employee monitoring legal in Poland?

Employee monitoring is legal in Poland under a dual legal framework: the Labor Code (Kodeks Pracy) Articles 22(2) and 22(3), which govern workplace-specific monitoring rules, and the GDPR (implemented in Poland as RODO). Employers must state monitoring purposes in their internal work regulations, inform employees at least two weeks before monitoring begins, and consult the works council or trade unions before deployment. Monitoring must be proportionate and limited to work premises and work hours.

What does Poland's Labor Code say about employee monitoring?

Poland's Labor Code Articles 22(2) and 22(3), introduced in 2019, establish specific rules for workplace monitoring that go beyond the GDPR baseline. Article 22(2) permits visual monitoring (CCTV) for safety, asset protection, or production control purposes. Article 22(3) permits email monitoring of company accounts only, strictly for work organization purposes. Both articles require advance employee notification, documentation in internal work regulations, and a minimum two-week notice period before monitoring starts.

How long can Polish employers retain CCTV footage?

Polish employers can retain CCTV footage for a maximum of three months under Labor Code Article 22(2). This limit applies unless the footage constitutes evidence of a crime or disciplinary violation, in which case it may be retained until the final court decision or end of disciplinary proceedings. Employers must delete or overwrite footage that exceeds the three-month limit and is no longer needed for the specified purpose.

Can Polish employers monitor employee email?

Polish employers can monitor company email accounts under Labor Code Article 22(3). Email monitoring must be limited strictly to company-provided email addresses and cannot extend to personal email accounts, even if accessed on company devices. The employer must specify email monitoring in its work regulations or collective agreement and inform employees in advance. Monitoring private email is prohibited and constitutes a violation of constitutional privacy rights.

What rooms are prohibited from CCTV monitoring in Poland?

Polish law prohibits CCTV installation in sanitary rooms (restrooms), changing rooms, break rooms, canteens, and trade union offices under Labor Code Article 22(2). These spaces are excluded because monitoring them would violate employee dignity and personal rights. Installing cameras in prohibited areas constitutes a serious violation of the Labor Code and may result in UODO fines and criminal liability for the employer.

Does the works council need to approve monitoring in Poland?

Polish employers must consult the Rada Pracownikow (works council) or trade union organization before introducing any employee monitoring system. This is a consultation obligation, not a blocking right: the employer must inform and discuss, but the council cannot formally veto deployment. However, if no works council or trade union exists, the employer must consult elected employee representatives. Bypassing this requirement exposes the employer to Labor Inspectorate enforcement action.

What is UODO and what fines has it issued for monitoring violations?

UODO (Urzad Ochrony Danych Osobowych) is the Polish Data Protection Authority, responsible for enforcing GDPR (RODO) in Poland. Between 2023 and 2025, UODO issued fines for monitoring-related violations including unlawful CCTV coverage of employee rest areas, insufficient employee notification, and retention of monitoring data beyond legal limits. Fines have ranged from tens of thousands of PLN for procedural violations to over one million PLN for systemic breaches.

How much notice must Polish employers give before starting monitoring?

Polish employers must inform employees at least two weeks before monitoring begins under the Labor Code. For new employees, the employer must provide written information about monitoring before the employee starts work. This notice must specify the purpose, scope, and manner of monitoring. The two-week period allows employees to adjust and raise concerns through their representative bodies before monitoring is active.

Can Polish employers monitor remote workers?

Polish employers can monitor remote workers under the same Labor Code and GDPR rules that apply to office-based employees. Remote work monitoring must be limited to work hours and company systems. Monitoring home environments, personal devices, or activities outside declared work hours violates employee privacy. Poland's 2023 Labor Code remote work amendments require monitoring policies to be specified in remote work agreements or remote work regulations, adding an additional documentation requirement.

What is the legal basis for employee monitoring under GDPR in Poland?

The primary legal basis for employee monitoring in Poland under GDPR is Article 6(1)(f) (legitimate interests) for monitoring activities not explicitly mandated by law. For Labor Code-mandated monitoring categories, Article 6(1)(c) (legal obligation) may also apply. Consent under Article 6(1)(a) is generally not a viable basis for routine monitoring in Poland because the employment relationship power imbalance makes it impossible to demonstrate that consent was freely given.

Does Poland require a Data Protection Impact Assessment for monitoring?

A DPIA is required in Poland when employee monitoring is likely to result in high risk to employee rights under GDPR Article 35. UODO's guidance identifies systematic monitoring of employee behavior, biometric data processing, and large-scale use of new monitoring technologies as activities requiring a DPIA. Organizations implementing activity monitoring software covering multiple employees should conduct a DPIA before deployment and keep it updated when monitoring scope changes.

How does Poland's monitoring law compare to Germany?

Poland's monitoring framework is less restrictive than Germany's co-determination model. Polish works councils have a consultation right but not a blocking right, whereas Germany's Betriebsrat can prevent monitoring deployment outright. Both countries require advance employee notification and documentation in internal regulations. Poland's three-month CCTV retention limit is more specific than Germany's general proportionality standard. Both countries apply GDPR as the baseline framework on top of national employment law.