data protection | In Principle

The Digital Markets Act or DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector), which entered into force on 1 November 2022, creates many new obligations for businesses operating in the digital sector, particularly so-called “gatekeepers.” The DMA will impact the functioning of the entire digital ecosystem—not only gatekeepers, but also other participants in digital markets, including business users and end users of core platform services, competing providers of core platform services, and providers of other digital services.

The proliferation of remote work, combined with the development of monitoring technologies, has led employers around the world to implement various, sometimes technologically advanced methods to check employees’ performance and commitment to their work. In this area, IT solutions and programs commonly called “bossware” are gaining popularity.

The upcoming amendment to the Labour Code on remote work is expected to comprehensively regulate a number of issues and relationships between employer and employee, significantly changing the existing legal landscape for performing work from home. The amendment also touches on issues of processing of personal data. Although work on the bill is still underway, it appears unlikely that the provisions discussed below will change significantly, so it is already worth taking a closer look at them.

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

Regulating the secondary use of health data opens up research and analytical opportunities, which can drive scientific progress, new products and devices, digital innovation in the healthcare sector, and improvement of the healthcare system.

All EU citizens will have access to their electronic health records by 2030 thanks to the EU’s central eHealth platform linking national contact points to the MyHealth@EU infrastructure and efficient national digital health authorities.

True cross-border healthcare based on medical documentation accessible throughout the EU via interoperative electronic health data systems. Unleashing the potential of health data for science and  developing new drugs and treatments. These are among the benefits promised by the European Health Data Space.

A list of questions has been published on the website of the Personal Data Protection Office on compliance with the GDPR provisions on data protection officers. These issues will need to be addressed by data controllers and processers summoned by the data protection authority.

The law in Poland is quite precise about who can be given information about a family member’s health, and in what situations. But when contacted by a family member by phone, how can the healthcare provider verify the caller’s identity? And can a hospital in principle refuse to provide information by phone?

On 30 November 2021, the Council of the European Union and the European Parliament reached a provisional agreement on the final wording of a draft Data Governance Act (DGA) (COM/2020/767 final). The aim of the proposal is to promote the availability of data and to build a trustworthy environment facilitating the use of data (both person and non-personal) for research and creation of innovative new products and services. It is also intended to create a legal framework for easier sharing of data and mechanisms facilitating re-use of certain data held by the public sector, including data involving health, agriculture and the environment.

Work is underway on a bill implementing the EU’s Whistleblower Directive (2019/1937). It is not yet clear whether the directive will be implemented into Polish law on time (by 17 December 2021), but many companies are already drafting the necessary documents and organisational procedures.

Many entities in the gaming industry believe that they process little or no personal data. This belief can be misleading. We discuss what gaming companies should look out for in practice to avoid the risk of financial penalties