Lasek - legal aspects of new technologies

Last week, the Ministry of Digital Affairs announced that it has concluded an agreement with Facebook introducing a mechanism for Polish users to question a decision to delete content or a profile.

First instance, Facebook; second instance, contact point on NASK platform

Users around the world complain of arbitrary and unreasonable decisions to remove their content or Facebook profiles.

Until now, Facebook has made it possible to appeal against such a decision by filling in a form on its website. Facebook dealt with complaints but that did not always translate into a change of the original decision.

Thanks to the new agreement, after an unsuccessful appeal, a website user will be able to appeal again, this time via a specially created platform on the Research and Academic Computer Network (NASK) website, the so-called contact point.

When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.

Apart from disrupting business activity, causing financial losses, and damaging a firm’s image, hacking can also lead to severe fines for failing to comply with personal data protection or cybersecurity regulations. Businesses which are victims of cybercrime might also be liable towards customers and employees for loss or leaking of important data. Compensatory liability is also possible under Polish law in cases of this kind, and may affect anyone. Cybersecurity reports show that approximately three quarters of businesses have experienced a cybersecurity incident of some kind, and these statistics are unlikely to fall in the near future. Former FBI director Robert Mueller summed up this situation well, saying “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.

While the new data protection regulation provides for severe administrative penalties for failure to comply, it is well known that whether a penalty is effective is determined not by its severity but by its inevitability. Even though the personal data protection authority has been given broad powers, it does not have adequate means of exercising them. A solution could be a private enforcement mechanism within the regulation, whereby any person whose data has been breached can independently seek a judicial remedy.

Private enforcement is being used more and more as an addition to the public law mechanism for the enforcement of regulatory provisions. This solution has been introduced recently in compensatory liability cases for breach of competition law. A solution of this kind is also possible under the GDPR.

The City of London Corporation announced in October 2017 that it would establish a new court in London for dealing with cybercrimes. This will reaffirm London’s status as a world financial centre and the best place to run businesses and solve disputes. Other states are also considering establishing such courts. In our view, Poland should not fall behind and should set one up too.

Our firm has seen an increase in cybercrime litigation cases, particularly over the last two years. Examples are: manipulating e-mail correspondence in order to change the details of transfers of funds, phishing, security breaches in servers and theft of confidential data, attacks on devices connected to the internet, malware, thefts of cryptocurrencies on deposit with cryptocurrency exchanges and public wallets, and fraudulent operations of algorithms on various websites.

Will AI replace lawyers and judges or simply change the way they work and think about the law?

Back in the late 1980s, lawyers used to type their legal briefs on old-fashioned typewriters. Briefs were shorter then but drove right to the central issue of the case. Now some lawyers copy/paste long passages from other briefs and compose new ones running to hundreds of pages. Judges’ opinions are longer too, burying the true reasons behind their decisions in page after page of verbiage. Word-processing software makes it easy to spin out long briefs or opinions where the real issues often become blurred. More importantly, it seems the way we write has also affected the way we think.