Rutkowski - legal aspects of new technologies

Jump to content
newtech.law
newtech.law
Change language to PL Change language to EN

Author: Łukasz Rutkowski

20 October 2025
data economy IT startups robotics artificial intelligence changes in law

Data Act: Trade secrets and users’ right to access product data

One of the main new institutions introduced by the EU’s Data Act is the user’s right to access data (including metadata necessary to interpret or use the data) derived from a connected product the person is using or a service related to a connected product.

The data which a user can access may have significant commercial value for the data holder (e.g. the manufacturer of a connected product). Therefore, it may be crucial from the data holder’s perspective to ensure that such data remain undisclosed, or that use of the data be restricted.

Continue reading
Rutkowski
Łukasz Rutkowski
26 September 2025
data economy IT robotics startups artificial intelligence changes in law

Data Act: Operational pointers for the IoT and related services sector

The internet of things and related services is one of the key industries affected by the EU’s Data Act. Businesses in this sector may have to make changes to bring their operations into compliance with the new requirements. In this article we examine the key obligations under the Data Act for IoT companies, and their operational implications.

Pre-contractual information obligations

What do these duties involve?

Entities that sell, rent or lease a connected product are required to provide at least the following information before entering into a contract with users:

  • What data can be generated by the connected product (type, format, and estimated volume of data)
  • Whether the connected product is capable of generating data continuously and in real time
  • Whether the connected product is capable of storing data on the device or on a remote server, including, where applicable, the intended duration of data retention
  • How the user may access, retrieve or, where relevant, erase the data, including the technical means to do so, as well as their terms of use and quality of service.
Continue reading
Rutkowski
Łukasz Rutkowski
15 September 2025
data economy IT robotics startups artificial intelligence changes in law

What does the Data Act regulate, and what is its significance for businesses?

The Data Act became applicable on 12 September 2025. What do businesses need to pay attention to under this new EU-wide regulation?

Nature and purpose of the Data Act

The Data Act—Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act)—is an EU regulation, and as such applies directly in Poland and all other EU member states. At the national level the Data Act will be supplemented by local regulations, but these will essentially govern only procedural issues (e.g. infringement proceedings), not substantive issues. In other words, substantively the Data Act will govern across the entire EU.

Continue reading
Wojdyło
Krzysztof Wojdyło
Rutkowski
Łukasz Rutkowski
2 January 2023
privacy/personal data protection

“Bossware” under labour and data protection law

The proliferation of remote work, combined with the development of monitoring technologies, has led employers around the world to implement various, sometimes technologically advanced methods to check employees’ performance and commitment to their work. In this area, IT solutions and programs commonly called “bossware” are gaining popularity.

In practice, bossware can include a variety of solutions and technologies, such as:

  • Keyloggers monitoring the employee’s use of the keyboard on a company computer
  • Downloading and analysis of screenshots from the employee’s business device
  • Tracking mouse movements
  • Constant or periodic observation of employees using the camera (e.g. eye movement) or microphone on a business device
  • Tracking the employee’s online activity
  • Monitoring the use of business email, calendar and business messaging
  • Analysis of the performance of applications and programs run by the employee.

A specific feature of bossware solutions is the frequent use of automated analysis to flag employees whose productivity, commitment or manner of work deviates from the employer’s expected norm, without their superiors’ involvement.

Polish employers are also reaching for bossware. In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law.

Continue reading
Romanowska
Karolina Romanowska
Rutkowski
Łukasz Rutkowski
2 December 2022
privacy/personal data protection

Standard contractual clauses need to be updated by 27 December 2022

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Under the General Data Protection Regulation, the transfer of personal data to “third countries” (outside the European Economic Area) is only permitted if the conditions set forth in the GDPR are met, i.e. generally when:

  • The transfer is made to a country which the European Commission has determined provides an adequate degree of protection (i.e. it has issued an adequacy decision—decisions issued so far are available on the European Commission website)
  • If there is no adequacy decision, then adequate safeguards are provided, including in the form of conclusion of an agreement based on standard contractual clauses between the entities involved in the transfer
  • If there is no adequacy decision or adequate safeguards, then one of the special circumstances specified in the GDPR applies.
Continue reading
Romanowska
Karolina Romanowska
Rutkowski
Łukasz Rutkowski