newtech.law - legal aspects of new technologies

At the end of September 2019, Rahim Blak published the response issued to him by the Office of the Polish Financial Supervision Authority (UKNF) to questions concerning the possible application of financial regulations to his planned and realised activity involving raising capital through distribution on the market of personal tokens. Although the response was issued in a specific case submitted to the Innovation Hub, given the lack of a public general position of KNF on the legal status of tokens, the document is also relevant to the broader market.

Recently, the Swedish supervisory authority responsible for compliance with the General Data Protection Regulation imposed a fine of approximatively EUR 20,000 for the use of technology to monitor students’ attendance. Importantly, the processing of personal data in the form of images of students was not carried out on a permanent basis, but was a short-term test to assess the usefulness of such a solution in the schools’ activity.

Many crowdfunding platforms in Poland have focused their attention recently on the regulations governing the offering of financial instruments. This happened largely because of the position of the Polish Financial Supervision Authority (KNF) on interpretation of Art. 72 of the Trading in Financial Instruments Act of 29 July 2005. But in this context it is also worth drawing attention to other, less-obvious regulations that could be applied to crowdfunding platforms.

On 17 July 2019 the General Inspector of Financial Information (GIIF) published Poland’s first AML/CFT National Risk Assessment. This document of nearly 450 pages was prepared pursuant to the new Anti Money Laundering and Counter Financing of Terrorism Act, which introduced regulations requiring GIIF to prepare a national assessment and update it periodically.

We wrote several months ago about the imposition of fines by the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) for data protection breaches. Recently CNIL has imposed more fines, including for violation of standards for secure processing of personal data on a website.

The case involved an auto insurance broker. On the broker’s website, users could request a calculation of insurance premiums, conclude an insurance contract, and log on to their account, where various types of personal data were accessible, such as bank statements and information about driving-licence suspensions or convictions for traffic violations.

After a proceeding lasting two years, the Office of Competition and Consumer Protection (UOKiK) issued a decision on 30 May 2019 in the case of the Polish telecom Netia concerning the method of collecting marketing consents, and the wording of the consents, obtained for Netia by its business partners. UOKiK found that a substantial showing was made that Netia’s practice of making telephone calls to consumers who were not Netia subscribers, and had not given prior consent to contacts by telephone, violated the collective interests of consumers.