newtech.law - legal aspects of new technologies

The Court of Justice of the European Union has once again spoken about the limits of the right to be forgotten. This time, it answered requests for a preliminary ruling in the case of Google v CNIL (Commission Nationale de l'Informatique et des Libertés, the French public authority responsible for regulating personal data processing). The case concerned a fine of EUR 100,000 which the CNIL imposed on Google after it refused to remove, in the exercise of a data subject’s right to be forgotten, links from all language versions of its search engine.

At the end of September 2019, Rahim Blak published the response issued to him by the Office of the Polish Financial Supervision Authority (UKNF) to questions concerning the possible application of financial regulations to his planned and realised activity involving raising capital through distribution on the market of personal tokens. Although the response was issued in a specific case submitted to the Innovation Hub, given the lack of a public general position of KNF on the legal status of tokens, the document is also relevant to the broader market.

Recently, the Swedish supervisory authority responsible for compliance with the General Data Protection Regulation imposed a fine of approximatively EUR 20,000 for the use of technology to monitor students’ attendance. Importantly, the processing of personal data in the form of images of students was not carried out on a permanent basis, but was a short-term test to assess the usefulness of such a solution in the schools’ activity.

Many crowdfunding platforms in Poland have focused their attention recently on the regulations governing the offering of financial instruments. This happened largely because of the position of the Polish Financial Supervision Authority (KNF) on interpretation of Art. 72 of the Trading in Financial Instruments Act of 29 July 2005. But in this context it is also worth drawing attention to other, less-obvious regulations that could be applied to crowdfunding platforms.

On 17 July 2019 the General Inspector of Financial Information (GIIF) published Poland’s first AML/CFT National Risk Assessment. This document of nearly 450 pages was prepared pursuant to the new Anti Money Laundering and Counter Financing of Terrorism Act, which introduced regulations requiring GIIF to prepare a national assessment and update it periodically.

We wrote several months ago about the imposition of fines by the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) for data protection breaches. Recently CNIL has imposed more fines, including for violation of standards for secure processing of personal data on a website.

The case involved an auto insurance broker. On the broker’s website, users could request a calculation of insurance premiums, conclude an insurance contract, and log on to their account, where various types of personal data were accessible, such as bank statements and information about driving-licence suspensions or convictions for traffic violations.