newtech.law - legal aspects of new technologies

The proliferation of remote work, combined with the development of monitoring technologies, has led employers around the world to implement various, sometimes technologically advanced methods to check employees’ performance and commitment to their work. In this area, IT solutions and programs commonly called “bossware” are gaining popularity.

In practice, bossware can include a variety of solutions and technologies, such as:

• Keyloggers monitoring the employee’s use of the keyboard on a company computer
• Downloading and analysis of screenshots from the employee’s business device
• Tracking mouse movements
• Constant or periodic observation of employees using the camera (e.g. eye movement) or microphone on a business device
• Tracking the employee’s online activity
• Monitoring the use of business email, calendar and business messaging
• Analysis of the performance of applications and programs run by the employee.

A specific feature of bossware solutions is the frequent use of automated analysis to flag employees whose productivity, commitment or manner of work deviates from the employer’s expected norm, without their superiors’ involvement.

Polish employers are also reaching for bossware. In this regard, we describe below what they should take under consideration in light of Polish labour law and data protection law.

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Under the General Data Protection Regulation, the transfer of personal data to “third countries” (outside the European Economic Area) is only permitted if the conditions set forth in the GDPR are met, i.e. generally when:

• The transfer is made to a country which the European Commission has determined provides an adequate degree of protection (i.e. it has issued an adequacy decision—decisions issued so far are available on the European Commission website)
• If there is no adequacy decision, then adequate safeguards are provided, including in the form of conclusion of an agreement based on standard contractual clauses between the entities involved in the transfer
• If there is no adequacy decision or adequate safeguards, then one of the special circumstances specified in the GDPR applies.

Blockchain and cryptocurrencies based on it continue to fire the imagination. It’s no surprise that more and workers, particularly in IT, are interested in being paid in crypto. But is it permissible in Poland to pay workers and contractors in this form?

Crypto as a new employee benefit

According to various estimates, there is a shortage of about 50,000 IT specialists in Poland. So there is a pitched battle underway on the market to recruit and retain experienced programmers, forcing companies to offer various benefits to attract IT talent. Meanwhile, in Poland and around the world, despite huge declines in the value of cryptocurrencies in 2018–2020 (a period dubbed “crypto winter”) and again in recent weeks, the interest in digital currencies continues to grow. These trends are combining to cause more and more employers, particularly in the FinTech sector, to consider offering staff a portion of their salary in cryptocurrency or giving the choice of the currency in which they will receive their salary—fiduciary money or digital.

Staking-as-a-service (StaaS) providers are steadily growing on the crypto-assets market along with the increasing popularity of decentralised networks based on the proof-of-stake consensus mechanism. The growing profile of StaaS providers also raises legal questions about the nature of these business models and the regulatory risk associated with them. In this article we examine one of these risks: the risk of treating the activity of StaaS providers as the activity of an alternative investment fund (AIF).

It has long been obvious that within the next few years we would witness attempts to regulate the world of decentralised finance. As it turns out, one of the most revolutionary laws may be introduced through an amendment to an obscure regulation on information accompanying money transfers.

I’m referring to the proposed changes to Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds—also known as WTR2. It is part of a broader package of regulations aimed at combatting money laundering and financing of terrorism. The main aim of WTR2 is to ensure that money transfers are accompanied by relevant information enabling identification of the parties to the transaction.

Last year regulators in the EU devoted a lot of attention to cookie files and other tracking technologies used on websites. This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France). Because they may shape the future approach of regulators to the use of cookies, it is worth discussing some of the main conclusions flowing from these decisions.