newtech.law - legal aspects of new technologies

Regulatory sandboxes usually focus on financial regulations. However, these are not the only obstacle holding back innovative fintech start-ups. More extensive sandbox solutions that also cover data protection issues could make Poland a pioneer on the attractive global market supporting fintech.

Andrzej Sapkowski’s demands for more money for copyrights to The Witcher is the tip of the iceberg. Changes in the gaming industry, like increased production costs and the dominance of digital distribution platforms, will give rise to an increasing number of disputes, in particular over intellectual property rights. What could trigger these disputes and how can they be prevented?

When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.

Apart from disrupting business activity, causing financial losses, and damaging a firm’s image, hacking can also lead to severe fines for failing to comply with personal data protection or cybersecurity regulations. Businesses which are victims of cybercrime might also be liable towards customers and employees for loss or leaking of important data. Compensatory liability is also possible under Polish law in cases of this kind, and may affect anyone. Cybersecurity reports show that approximately three quarters of businesses have experienced a cybersecurity incident of some kind, and these statistics are unlikely to fall in the near future. Former FBI director Robert Mueller summed up this situation well, saying “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.

The legal status of cryptocurrency is particularly important not only for the so-called crypto space, but also for the future of development of blockchain technology. Recent EU legislative proposals classifing “virtual currencies” as financial instruments might significantly reduce blockchain activity in Europe.

Newly formed companies, and companies that have been on the market for some time, are becoming increasingly aware of their obligations under AML/FT regulations. Firms in various sectors, such as the technological sector, do not always realise that these obligations are only applicable to the types of entities listed in AML laws. Some businesses employ know your customer (KYC) identification procedures equivalent to those provided for in AML laws even though they are not subject to these laws. The problem is that overzealousness of this kind might be a breach of laws in other areas, especially personal data laws, above all the GDPR.

Anti-money laundering (AML) is the first area of Polish law where the parliament has adopted regulations directly related to cryptocurrencies and some other types of crypto-assets. We have devoted a lot of articles to this issue on the blog.

The direction of changes in the Polish law concerning AML results from the development of a global approach to this issue. Mostly this is due to the work of the Financial Action Task Force. FATF is an intergovernmental organisation authorised to create and assist in the implementation and monitoring of anti-money laundering standards, financing of terrorism and financing of the proliferation of weapons of mass destruction. The EU and Polish legislative work on revision of the AML regulations is based on the models presented in FATF publications from 2014 and 2015.