newtech.law - legal aspects of new technologies

Financial technology (FinTech) has been one of the hottest technology areas for several years. It has attracted much attention in Poland as well, particularly due to the successes to date of local FinTech start-ups.

This topic picked up additional steam when a financial innovation working group was appointed at the Polish Financial Supervision Authority (KNF), and then the FinTech Department was opened at the KNF Office. With its Innovation Hub programme, the department has contributed to creation of a positive atmosphere around FinTech in Poland.

We recently wrote about the first fine for noncompliance with the General Data Protection Regulation imposed by the president of Poland’s Personal Data Protection Office. Data protection authorities in other EU member states are also displaying notable initiative in conducting inspections and imposing fines. A few days ago the Information Commissioner’s Office in the UK imposed a fine of GBP 120,000 on a television production company for failing to provide adequate information to subjects who were filmed and recorded by devices at a healthcare facility, and failing to obtain their consent to film and record them. The case involved occurrences between July and November 2017—before the GDPR entered into force—but may nonetheless prove relevant for interpreting the obligations imposed on data controllers under the GDPR.

On 8 April 2019 the European Commission published the Ethics Guidelines for Trustworthy AI, drafted by the High-Level Expert Group on Artificial Intelligence (HLEG AI), an independent body whose main task is to prepare these guidelines as well as recommendations on AI investment policy (work still underway).

A problem faced by programmers, politicians, and ordinary users is ensuring that artificial intelligence algorithms are not used inconsistently with their original aim. This issue has been raised numerous times in national reports prepared by individual EU member states, including Poland.

On 3 April 2019 the President of Poland signed into law the GDPR Implementation Act (full name: Act Amending Certain Acts to Ensure Application of the General Data Protection Regulation). Among several issues addressed controversially in the GDPR Implementation Act are the requirement to express consent to profiling and the catalogue of types of personal data that may be processed by suppliers of online services. This catalogue is set forth in Art. 18(1) of the Electronic Services Act. The original draft of the GDPR Implementation Act provided for repeal of that section, but during the course of legislative work on the act it was decided to leave the catalogue in place. This solution may conflict with the GDPR.

An interview with Daniel Bigos, Gabriel Dymowski, Marcin Lorenc and Piotr Żelazko, members of the DoxyChain team (formerly DigiDocs), which took second place in the Polish phase of the Global Legal Hackathon.

Justyna Zandberg-Malec: Your project took second place in the Global Legal Hackathon. What is your solution all about?

Marcin Lorenc: We proposed basing powers of attorney for litigation, and in the future also other documents, on the secure blockchain technology. Using our application, which we are now perfecting, it will be possible to appoint or dismiss an attorney, as well as manage the circulation of powers of attorney and access the history of operations. The principal will know where his authorisation was used and who is the actual attorney in the given case. Lawyers in Poland use the right of substitution, passing on the representation of the principal to a colleague, which means that the principal doesn’t always know for sure who is actually representing him. In turn, the attorney may not remember all the cases where he was appointed to represent the client. Our solution comprehensively resolves the problem of such documents.