newtech.law - legal aspects of new technologies

Recently, the Swedish supervisory authority responsible for compliance with the General Data Protection Regulation imposed a fine of approximatively EUR 20,000 for the use of technology to monitor students’ attendance. Importantly, the processing of personal data in the form of images of students was not carried out on a permanent basis, but was a short-term test to assess the usefulness of such a solution in the schools’ activity.

Many crowdfunding platforms in Poland have focused their attention recently on the regulations governing the offering of financial instruments. This happened largely because of the position of the Polish Financial Supervision Authority (KNF) on interpretation of Art. 72 of the Trading in Financial Instruments Act of 29 July 2005. But in this context it is also worth drawing attention to other, less-obvious regulations that could be applied to crowdfunding platforms.

On 17 July 2019 the General Inspector of Financial Information (GIIF) published Poland’s first AML/CFT National Risk Assessment. This document of nearly 450 pages was prepared pursuant to the new Anti Money Laundering and Counter Financing of Terrorism Act, which introduced regulations requiring GIIF to prepare a national assessment and update it periodically.

We wrote several months ago about the imposition of fines by the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés) for data protection breaches. Recently CNIL has imposed more fines, including for violation of standards for secure processing of personal data on a website.

The case involved an auto insurance broker. On the broker’s website, users could request a calculation of insurance premiums, conclude an insurance contract, and log on to their account, where various types of personal data were accessible, such as bank statements and information about driving-licence suspensions or convictions for traffic violations.

After a proceeding lasting two years, the Office of Competition and Consumer Protection (UOKiK) issued a decision on 30 May 2019 in the case of the Polish telecom Netia concerning the method of collecting marketing consents, and the wording of the consents, obtained for Netia by its business partners. UOKiK found that a substantial showing was made that Netia’s practice of making telephone calls to consumers who were not Netia subscribers, and had not given prior consent to contacts by telephone, violated the collective interests of consumers.

For over five years, including within this blog, we have written about the changes in application of anti money laundering and counter terrorist financing (AML/CFT) regulations to activity involving crypto assets. But further legal changes and notable new interpretations continue to arise.

As I wrote nearly a year ago, at the request of the G20 countries the issue of crypto assets was taken up recently by several key global organisations involved in establishing standards in specific fields. One of them is the Financial Action Task Force (FATF), an international organisation appointed to develop and assist in implementing and monitoring standards for combating money laundering, financing of terrorism, and financing of the proliferation of weapons of mass destruction.