A problem faced by programmers, politicians, and ordinary users is ensuring that artificial intelligence algorithms are not used inconsistently with their original aim. This issue has been raised numerous times in national reports prepared by individual EU member states, including Poland.
Continue reading “Are licences the way to achieve responsible AI?”
On 3 April 2019 the President of Poland signed into law the GDPR Implementation Act (full name: Act Amending Certain Acts to Ensure Application of the General Data Protection Regulation). Among several issues addressed controversially in the GDPR Implementation Act are the requirement to express consent to profiling and the catalogue of types of personal data that may be processed by suppliers of online services. This catalogue is set forth in Art. 18(1) of the Electronic Services Act. The original draft of the GDPR Implementation Act provided for repeal of that section, but during the course of legislative work on the act it was decided to leave the catalogue in place. This solution may conflict with the GDPR.
An interview with Daniel Bigos, Gabriel Dymowski, Marcin Lorenc and Piotr Żelazko, members of the DoxyChain team (formerly DigiDocs), which took second place in the Polish phase of the Global Legal Hackathon.
Justyna Zandberg-Malec: Your project took second place in the Global Legal Hackathon. What is your solution all about?
Marcin Lorenc: We proposed basing powers of attorney for litigation, and in the future also other documents, on the secure blockchain technology. Using our application, which we are now perfecting, it will be possible to appoint or dismiss an attorney, as well as manage the circulation of powers of attorney and access the history of operations. The principal will know where his authorisation was used and who is the actual attorney in the given case. Lawyers in Poland use the right of substitution, passing on the representation of the principal to a colleague, which means that the principal doesn’t always know for sure who is actually representing him. In turn, the attorney may not remember all the cases where he was appointed to represent the client. Our solution comprehensively resolves the problem of such documents.
Continue reading “Powers of attorney (and more) on blockchain”
On 25 March 2019, the president of the Personal Data Protection Office announced the imposition of the first-ever fine in Poland for failure to comply with the EU’s General Data Protection Regulation. The fine is quite high (about PLN 1 million) and involves noncompliance with the information obligation by a company that harvested personal data—addresses and telephone numbers of individuals operating businesses—from publicly available sources and then processed the data.
Continue reading “Million-zloty fine for ignoring information obligation under GDPR”
Cybersecurity Protocol for International Arbitration: Three international organisations—ICCA, the New York City Bar Association and CPR—are introducing best practice in protecting against cyber threats.
Cybersecurity is a particularly important element of the legal sector, including international arbitration. Digital exchange of information in arbitration proceedings involves, among other things, sensitive data of the participants in the proceedings, including the parties, arbitrators and arbitration institutions.
Failure to protect the exchange of information in cyberspace may result in leaking of sensitive information and abuse of confidential data by third parties. This can result in economic loss, damage to the reputation of the participants, as well as violation of the principle of fairness of the proceedings and the independence of arbitrators.
Continue reading “Cybersecurity for international arbitration”
The EU reform of the payment services sector is now entering the last straightaway. One of the key changes launched by adoption of the revised Payment Services Directive (PSD2) was introduction of new types of payment services which require access to the user’s payment account using a type of interface defined in the regulations. The duties connected with such access rest on the providers operating the accounts, which have a choice between creating a dedicated “application programming interface” (API) or upgrading their existing user interface system. Both solutions are to a certain extent linked with the earlier known and controversial method of screen scraping.
Screen scraping is automated harvesting by a computer program of data presented in visual form, usually not adapted for machine reading. The data obtained in this way may derive from various sources, such as websites displayed by a browser, computer programs, or mobile applications.
Continue reading “Can a user’s account be accessed through screen scraping?”