Posted on Categories blockchain, privacy/personal data protection

How to process personal data processed on a blockchain – the French approach

At the end of September the French personal data state processing regulator, the Commission Nationale Informatique & Liberté (CNIL), published a preliminary analysis of the issue of what kind of systems suitable for blockchain might apply to personal data processing. The CNIL has also been looking at the issues that are fundamental from the point of view of the GDPR, for example who the controllers and processors are on a blockchain. The CNIL has proposed a number of specific solutions but realises that it does not have extensive knowledge of this technology. It has said that it is open to proposals from experts and says they are welcome to propose their own solutions.

Continue reading “How to process personal data processed on a blockchain – the French approach”

Posted on Categories fintech, startups

Effective regulatory sandboxes: not only financial regulations, but also personal data protection

Regulatory sandboxes usually focus on financial regulations. However, these are not the only obstacle holding back innovative fintech start-ups. More extensive sandbox solutions that also cover data protection issues could make Poland a pioneer on the attractive global market supporting fintech.

Continue reading “Effective regulatory sandboxes: not only financial regulations, but also personal data protection”

Posted on Categories creative industry, litigation

More and more disputes in the gaming industry

Andrzej Sapkowski’s demands for more money for copyrights to The Witcher is the tip of the iceberg. Changes in the gaming industry, like increased production costs and the dominance of digital distribution platforms, will give rise to an increasing number of disputes, in particular over intellectual property rights. What could trigger these disputes and how can they be prevented?

Continue reading “More and more disputes in the gaming industry”

Posted on Categories cybersecurity

Could businesses be sued for data leaks?

When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.

Apart from disrupting business activity, causing financial losses, and damaging a firm’s image, hacking can also lead to severe fines for failing to comply with personal data protection or cybersecurity regulations. Businesses which are victims of cybercrime might also be liable towards customers and employees for loss or leaking of important data. Compensatory liability is also possible under Polish law in cases of this kind, and may affect anyone. Cybersecurity reports show that approximately three quarters of businesses have experienced a cybersecurity incident of some kind, and these statistics are unlikely to fall in the near future. Former FBI director Robert Mueller summed up this situation well, saying “I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again”.

Continue reading “Could businesses be sued for data leaks?”

Posted on Categories blockchain, changes in law

Cryptocurrency a financial instrument? A new proposal in the EU

The legal status of cryptocurrency is particularly important not only for the so-called crypto space, but also for the future of development of blockchain technology. Recent EU legislative proposals classifing “virtual currencies” as financial instruments might significantly reduce blockchain activity in Europe.

Continue reading “Cryptocurrency a financial instrument? A new proposal in the EU”

Posted on Categories anti-money laundering, privacy/personal data protection

Overzealous checking of customer identification can be harmful

Newly formed companies, and companies that have been on the market for some time, are becoming increasingly aware of their obligations under AML/FT regulations. Firms in various sectors, such as the technological sector, do not always realise that these obligations are only applicable to the types of entities listed in AML laws. Some businesses employ know your customer (KYC) identification procedures equivalent to those provided for in AML laws even though they are not subject to these laws. The problem is that overzealousness of this kind might be a breach of laws in other areas, especially personal data laws, above all the GDPR.

Continue reading “Overzealous checking of customer identification can be harmful”