Until now, despite countless warnings before entry into force of the EU’s General Data Protection Regulation in May 2018, administrative authorities have not imposed high fines for violation of regulations on processing of personal data. But this situation seems to be changing, at least in France. On 21 January 2019 the French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), imposed a fine of EUR 50 million on Google LLC. The CNIL found that Google had not processed personal data transparently, providing data subjects inadequate information on processing and personalising ads without the consent of the persons who were shown the ads.
new tech law blog

Algorithms in the service of the tax office
At the end of 2017, we wrote about the possibility of using artificial intelligence in the financial services sector. We pointed out that AI algorithms can be used by the financial industry to automate customer contacts and issue initial credit decisions. The use of algorithms by government bodies seemed to be less important at the time. However, this issue ignited much controversy at the end of 2018 due to a ruling by the Province Administrative Court in Warsaw on the freezing of a bank account under a recently introduced section of the Tax Ordinance, which also introduced the digital clearinghouse STIR into the Polish legal system.
First compensation for GDPR infringement
Apart from potentially very high administrative penalties that national data protection authorities may impose on violators of the EU’s General Data Protection Regulation (as has already occurred, for example, in France), under the GDPR any person who has suffered material or non-material damage has the right to obtain compensation from the controller or processor of his personal data for the damage suffered. This is an instrument that has attracted much less attention than administrative sanctions, but it may have very serious financial consequences.
Ban on unjustified geo-blocking and other forms of discrimination now in force
Just before the most intensive holiday online sales period, businesses need to implement changes ensuring customers have equal access to goods and services regardless of their nationality, place of residence or place of business. From 3 December 2018, the Geo-blocking Regulation (2018/302) applies throughout the European Union.
We wrote about this proposal earlier (text only in Polish), but due to the commencement of the bans and changes to the adopted final regulation, we come back to the subject.
Security tokens
The discussion about the legal status of tokens and, in particular, whether and when a token is a security or other financial instrument, is still gaining momentum. There are more and more proposals around this discussion that resolve this issue at the outset, recognising that tokens are intended to become securities. These are so-called security tokens, and the issues are sometimes called security token offerings (STOs).
Will Facebook think twice before it removes content?
Last week, the Ministry of Digital Affairs announced that it has concluded an agreement with Facebook introducing a mechanism for Polish users to question a decision to delete content or a profile.
First instance, Facebook; second instance, contact point on NASK platform
Users around the world complain of arbitrary and unreasonable decisions to remove their content or Facebook profiles.
Until now, Facebook has made it possible to appeal against such a decision by filling in a form on its website. Facebook dealt with complaints but that did not always translate into a change of the original decision.
Thanks to the new agreement, after an unsuccessful appeal, a website user will be able to appeal again, this time via a specially created platform on the Research and Academic Computer Network (NASK) website, the so-called contact point.