We recently wrote about the relation between data protection regulations and freedom of expression in the context of the right to be forgotten. On 14 February 2019, in Buivids (C-345/17), the Court of Justice of the European Union issued another judgment on the impact of the journalism exception to the obligation to apply the former Data Protection Directive (95/46/EC). Even though the judgment was issued under the law prior to entry into force of the General Data Protection Regulation, it may be helpful in understanding the impact of freedom of expression on data protection under the GDPR.
Continue reading “YouTube, personal data, and freedom of expression: Is uploading films on the internet journalism?”
At the end of 2017, we wrote about the possibility of using artificial intelligence in the financial services sector. We pointed out that AI algorithms can be used by the financial industry to automate customer contacts and issue initial credit decisions. The use of algorithms by government bodies seemed to be less important at the time. However, this issue ignited much controversy at the end of 2018 due to a ruling by the Province Administrative Court in Warsaw on the freezing of a bank account under a recently introduced section of the Tax Ordinance, which also introduced the digital clearinghouse STIR into the Polish legal system.
Continue reading “Algorithms in the service of the tax office”
Apart from potentially very high administrative penalties that national data protection authorities may impose on violators of the EU’s General Data Protection Regulation (as has already occurred, for example, in France), under the GDPR any person who has suffered material or non-material damage has the right to obtain compensation from the controller or processor of his personal data for the damage suffered. This is an instrument that has attracted much less attention than administrative sanctions, but it may have very serious financial consequences.
Continue reading “First compensation for GDPR infringement”
On 15 December 2017, judges of the Civil Chamber of the Supreme Court of Poland ruled on the crucial issue of the choice of court for a plaintiff alleging injury from a publication posted online.
Under Art. 35 of the Civil Procedure Code, a tort claim can be filed with the court in whose jurisdiction the event causing the damage occurred. This provision does not make it clear however whether for this purpose the place where the event causing the damage occurred can also be the area of the court’s jurisdiction where the plaintiff could have seen the online publication.
Continue reading “Choice of court for the victim of online publication?”
In 2012 a 15-year-old girl was killed when she was hit by a train in the Berlin metro. Not knowing whether the death of her daughter was suicide or an accident, her mother decided to log on to her daughter’s Facebook account and read her messages in the hope that this would resolve the matter.
After attempting unsuccessfully to guess the password, the mother asked Facebook to provide her with her daughter’s details and allow her to read private conversations. Facebook refused to grant access to the account, which had been changed to a “memorialised” account. In effect the account was frozen, and the timeline was being used as a place for friends to share memories of the deceased girl.
Continue reading “Are parents entitled to access the Facebook account of a deceased child?”
The Supreme Court of Poland ruled on 17 February 2016 that an entity conducting direct marketing using automated generating systems (in that case SMS ads) is liable for failure to obtain consent from recipients also when it has contracted out the marketing to an external firm.
Continue reading “Outsourcing no escape from liability for telemarketing without consent”