Some time ago, Burger King announced that it was offering a mobile application allowing users to “burn” competing fast-food ads. By directing the device’s camera to a billboard, flyer or coupon showing the “right” competing logo, a smartphone user activates an augmented reality image of flames burning the competitor’s logo on the phone screen. In exchange for burning the competitor’s logo, the app generates a code entitling the user to receive a free sandwich at the Burger King chain. The launch of the app was supported by a promotional campaign, and a promotional video showing the operation of the app can be viewed online.
The Court of Justice of the European Union has once again spoken about the limits of the right to be forgotten. This time, it answered requests for a preliminary ruling in the case of Google v CNIL (Commission Nationale de l’Informatique et des Libertés, the French public authority responsible for regulating personal data processing). The case concerned a fine of EUR 100,000 which the CNIL imposed on Google after it refused to remove, in the exercise of a data subject’s right to be forgotten, links from all language versions of its search engine.
Recently, the Swedish supervisory authority responsible for compliance with the General Data Protection Regulation imposed a fine of approximatively EUR 20,000 for the use of technology to monitor students’ attendance. Importantly, the processing of personal data in the form of images of students was not carried out on a permanent basis, but was a short-term test to assess the usefulness of such a solution in the schools’ activity.
Many crowdfunding platforms in Poland have focused their attention recently on the regulations governing the offering of financial instruments. This happened largely because of the position of the Polish Financial Supervision Authority (KNF) on interpretation of Art. 72 of the Trading in Financial Instruments Act of 29 July 2005. But in this context it is also worth drawing attention to other, less-obvious regulations that could be applied to crowdfunding platforms.
On 17 July 2019 the General Inspector of Financial Information (GIIF) published Poland’s first AML/CFT National Risk Assessment. This document of nearly 450 pages was prepared pursuant to the new Anti Money Laundering and Counter Financing of Terrorism Act, which introduced regulations requiring GIIF to prepare a national assessment and update it periodically.
We wrote several months ago about the imposition of fines by the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) for data protection breaches. Recently CNIL has imposed more fines, including for violation of standards for secure processing of personal data on a website.
The case involved an auto insurance broker. On the broker’s website, users could request a calculation of insurance premiums, conclude an insurance contract, and log on to their account, where various types of personal data were accessible, such as bank statements and information about driving-licence suspensions or convictions for traffic violations.