Posted on Categories privacy/personal data protection

Profiled ads on Google: Irish regulator calls the question

Ireland’s Data Protection Commissioner has commenced the first proceeding against the US giant Google since the General Data Protection Regulation entered into force. The case involves processing of users’ personal data for delivery of profiled ads.

The case was launched following numerous complaints, primarily from the makers of the Brave web browser, whose main selling point is built-in ad-blocking tools. The allegations against Google Ireland Ltd boil down to the issue of forwarding users’ personal data (particularly involving their online activity), without their knowledge, to an indefinite number of entities for the purpose of delivering profiled advertising materials.

Continue reading “Profiled ads on Google: Irish regulator calls the question”

Posted on Categories fintech

FinTech in the draft Polish Capital Markets Strategy

Financial technology (FinTech) has been one of the hottest technology areas for several years. It has attracted much attention in Poland as well, particularly due to the successes to date of local FinTech start-ups.

This topic picked up additional steam when a financial innovation working group was appointed at the Polish Financial Supervision Authority (KNF), and then the FinTech Department was opened at the KNF Office. With its Innovation Hub programme, the department has contributed to creation of a positive atmosphere around FinTech in Poland.

Continue reading “FinTech in the draft Polish Capital Markets Strategy”

Posted on Categories privacy/personal data protection

British data protection authority imposes fine for recording patients without their knowledge or consent

We recently wrote about the first fine for noncompliance with the General Data Protection Regulation imposed by the president of Poland’s Personal Data Protection Office. Data protection authorities in other EU member states are also displaying notable initiative in conducting inspections and imposing fines. A few days ago the Information Commissioner’s Office in the UK imposed a fine of GBP 120,000 on a television production company for failing to provide adequate information to subjects who were filmed and recorded by devices at a healthcare facility, and failing to obtain their consent to film and record them. The case involved occurrences between July and November 2017—before the GDPR entered into force—but may nonetheless prove relevant for interpreting the obligations imposed on data controllers under the GDPR.

Continue reading “British data protection authority imposes fine for recording patients without their knowledge or consent”

Posted on Categories artificial intelligence

Ethics Guidelines for Trustworthy AI: Key principles

On 8 April 2019 the European Commission published the Ethics Guidelines for Trustworthy AI, drafted by the High-Level Expert Group on Artificial Intelligence (HLEG AI), an independent body whose main task is to prepare these guidelines as well as recommendations on AI investment policy (work still underway). Continue reading “Ethics Guidelines for Trustworthy AI: Key principles”

Posted on Categories changes in law, privacy/personal data protection

Is Poland’s catalogue of data processed for providing electronic services consistent with the GDPR principle of data minimisation?

On 3 April 2019 the President of Poland signed into law the GDPR Implementation Act (full name: Act Amending Certain Acts to Ensure Application of the General Data Protection Regulation). Among several issues addressed controversially in the GDPR Implementation Act are the requirement to express consent to profiling and the catalogue of types of personal data that may be processed by suppliers of online services. This catalogue is set forth in Art. 18(1) of the Electronic Services Act. The original draft of the GDPR Implementation Act provided for repeal of that section, but during the course of legislative work on the act it was decided to leave the catalogue in place. This solution may conflict with the GDPR.

Continue reading “Is Poland’s catalogue of data processed for providing electronic services consistent with the GDPR principle of data minimisation?”