Posted on Categories IT, privacy/personal data protection

CNIL fines insurance broker for online breach of personal data

We wrote several months ago about the imposition of fines by the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) for data protection breaches. Recently CNIL has imposed more fines, including for violation of standards for secure processing of personal data on a website.

The case involved an auto insurance broker. On the broker’s website, users could request a calculation of insurance premiums, conclude an insurance contract, and log on to their account, where various types of personal data were accessible, such as bank statements and information about driving-licence suspensions or convictions for traffic violations.

Continue reading “CNIL fines insurance broker for online breach of personal data”

Posted on Categories privacy/personal data protection, telecommunication

Collection of marketing consents probed by consumer watchdog

After a proceeding lasting two years, the Office of Competition and Consumer Protection (UOKiK) issued a decision on 30 May 2019 in the case of the Polish telecom Netia concerning the method of collecting marketing consents, and the wording of the consents, obtained for Netia by its business partners. UOKiK found that a substantial showing was made that Netia’s practice of making telephone calls to consumers who were not Netia subscribers, and had not given prior consent to contacts by telephone, violated the collective interests of consumers.

Continue reading “Collection of marketing consents probed by consumer watchdog”

Posted on Categories research, robotics

An autonomous car will soon hit the road near Kraków

Recently the Kraków branch of the General Directorate of National Roads and Motorways (GDDKiA) held social consultations on issuance of a permit to conduct research in the form of a test drive of an autonomous car. Such consultations are required under Art. 65l of the Road Traffic Law of 20 June 1997.

According to an announcement from GDDKiA, the aim of the test drive is to study certain aspects of operating an autonomous car under actual traffic conditions (not artificial conditions). The tested car previously underwent a range of simulations, but now must be tested in road conditions.

Continue reading “An autonomous car will soon hit the road near Kraków”

Posted on Categories privacy/personal data protection

Processing of location data may require a data protection impact assessment

On 17 June 2019 the president of Poland’s Personal Data Protection Office (UODO) issued the Communication on the List of Personal Data Processing Operations Requiring an Assessment of the Impact of Processing on the Protection of Personal Data. The legal basis for issuance of the communication is Art. 35(4) of the EU’s General Data Protection Regulation, under which each member state’s supervisory authority must establish and publish a list of the kinds of processing operations which are subject to the requirement for a data protection impact assessment. At the same time, the prior list, enclosed with the communication of 17 August 2018, was repealed. The new list reflects the opinion issued by the European Data Protection Board and covers personal data processing activities connected with offering of goods and services to data subjects or monitoring of their behaviour in multiple EU member states.

Continue reading “Processing of location data may require a data protection impact assessment”

Posted on Categories artificial intelligence

AI must not predict how judges in France will rule

For a long time, much has been written about artificial intelligence in the legal profession. We discussed various types of solutions in this area on our blog. One is predictive analytics, i.e. using algorithms to anticipate the judgments that will be issued by a given judge under a given state of facts. Such tools rely mainly on an analysis of rulings issued in the past and draw various types of conclusions from them, e.g. with respect to the chances for prevailing in a dispute.

Along with a recent reform of the justice system in France, a ban was recently introduced against using data concerning the identity of judges to evaluate, analyse, compare or predict their actual or supposed professional practices. Violation of this ban can lead to up to five years in prison.

Continue reading “AI must not predict how judges in France will rule”

Posted on Categories blockchain

“On-chain” and “off-chain” arbitration: Using smart contracts to amicably resolve disputes

Recently counsel, arbitrators and potential parties to proceedings have been examining with interest attempts to streamline arbitration using blockchain technology. We mentioned this in our 2018 report for Rzeczpospolita (in Polish), but in the industry so much is happening around “blockchain arbitration” that the issue deserves more attention.

Currently there are at least ten projects around the world, at various phases of realisation, using blockchain to automate alternative dispute resolution at least to some degree. There isn’t room here to describe them all in detail, but Kleros, CodeLegit (discussed also in our earlier publication), Juris and Oath seem particularly noteworthy. We examined what problems they may entail from a legal perspective. All of the comments below are based on publicly accessible materials (such as project websites and whitepapers), but are limited as these projects have not yet been thoroughly tested by end users (tests of beta versions are underway for some of them).

Continue reading ““On-chain” and “off-chain” arbitration: Using smart contracts to amicably resolve disputes”