newtech.law - legal aspects of new technologies

The EU reform of the payment services sector is now entering the last straightaway. One of the key changes launched by adoption of the revised Payment Services Directive (PSD2) was introduction of new types of payment services which require access to the user’s payment account using a type of interface defined in the regulations. The duties connected with such access rest on the providers operating the accounts, which have a choice between creating a dedicated “application programming interface” (API) or upgrading their existing user interface system. Both solutions are to a certain extent linked with the earlier known and controversial method of screen scraping.

What is screen scraping?

Screen scraping is automated harvesting by a computer program of data presented in visual form, usually not adapted for machine reading. The data obtained in this way may derive from various sources, such as websites displayed by a browser, computer programs, or mobile applications.

An interview with Karol Kłaczyński, Agnieszka Poteralska, Artur Tanona and Maciej Zalewski, members of the team that won first place in the Polish phase of the Global Legal Hackathon.

You won the Polish phase of the Global Legal Hackathon with a solution that you yourselves describe as “a plug-in to Word,” but which has the chance to truly expedite the work of lawyers. What is your concept all about?

Karol Kłaczyński: InteliLex provides quick access to the document database created at the given organisation. In our discussions with lawyers this problem often comes up. The knowledge exists, it has been developed, but searching for it is time-consuming and inefficient. InteliLex helps improve the efficiency of the search.

We recently wrote about the relation between data protection regulations and freedom of expression in the context of the right to be forgotten. On 14 February 2019, in Buivids (C-345/17), the Court of Justice of the European Union issued another judgment on the impact of the journalism exception to the obligation to apply the former Data Protection Directive (95/46/EC). Even though the judgment was issued under the law prior to entry into force of the General Data Protection Regulation, it may be helpful in understanding the impact of freedom of expression on data protection under the GDPR.

Register now for the Global Legal Hackathon. The event aims to develop innovative technological and business solutions that help both lawyers and people seeking legal assistance.

The Polish edition will be held in Warsaw. It will run from Friday, February 22^nd to Sunday, February 24^th. In over 40 cities around the world, lawyers and IT specialists will meet to create a modern solution for the law industry. The winners of the Polish edition will receive cash prizes and a trip to the finals of the competition in New York.

On 10 January 2019 Advocate General Maciej Szpunar at the Court of Justice of the European Union issued an opinion on the right to be forgotten in the Google search engine, in CNIL (C-136/17). The specific issue is whether, if a data subject requests to be forgotten with respect to sensitive data, Google has an absolute duty to remove the person’s data. The case arose in France before the General Data Protection Regulation entered into force on 25 May 2018, but the conclusions stated in the opinion are also relevant to how the right to be forgotten will be interpreted under the GDPR going forward.

Until now, despite countless warnings before entry into force of the EU’s General Data Protection Regulation in May 2018, administrative authorities have not imposed high fines for violation of regulations on processing of personal data. But this situation seems to be changing, at least in France. On 21 January 2019 the French data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), imposed a fine of EUR 50 million on Google LLC. The CNIL found that Google had not processed personal data transparently, providing data subjects inadequate information on processing and personalising ads without the consent of the persons who were shown the ads.