data protection | In Principle

Go to content
Subscribe to newsletter
In principle newsletter subscription form

data protection

The gig economy: Digital platform workers vs. personal data
In recent years, the gig economy, based on a model of flexible employment using online platforms, has grown rapidly. In the EU, it is estimated that 43 million people will be employed through such platforms in 2025. A heated discussion is underway regarding the new regulations in this sector, in particular regarding the employment model for such workers, but also about making automated decisions regarding them using various types of algorithms. What should the organisers of job platforms keep in mind in light of the GDPR? We discuss this using the example of decisions on food delivery platforms issued by the Italian Data Protection Authority.
The gig economy: Digital platform workers vs. personal data
The Digital Markets Act: A revolution, and not only for gatekeepers
The Digital Markets Act or DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector), which entered into force on 1 November 2022, creates many new obligations for businesses operating in the digital sector, particularly so-called “gatekeepers.” The DMA will impact the functioning of the entire digital ecosystem—not only gatekeepers, but also other participants in digital markets, including business users and end users of core platform services, competing providers of core platform services, and providers of other digital services.
The Digital Markets Act: A revolution, and not only for gatekeepers
“Bossware” under labour and data protection law
The proliferation of remote work, combined with the development of monitoring technologies, has led employers around the world to implement various, sometimes technologically advanced methods to check employees’ performance and commitment to their work. In this area, IT solutions and programs commonly called “bossware” are gaining popularity.
“Bossware” under labour and data protection law
Remote work vs. personal data processing
The upcoming amendment to the Labour Code on remote work is expected to comprehensively regulate a number of issues and relationships between employer and employee, significantly changing the existing legal landscape for performing work from home. The amendment also touches on issues of processing of personal data. Although work on the bill is still underway, it appears unlikely that the provisions discussed below will change significantly, so it is already worth taking a closer look at them.
Remote work vs. personal data processing
Standard contractual clauses need to be updated by 27 December 2022
Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.
Standard contractual clauses need to be updated by 27 December 2022
Secondary use of electronic health data
Regulating the secondary use of health data opens up research and analytical opportunities, which can drive scientific progress, new products and devices, digital innovation in the healthcare sector, and improvement of the healthcare system.
Secondary use of electronic health data
Primary use of electronic health data
All EU citizens will have access to their electronic health records by 2030 thanks to the EU’s central eHealth platform linking national contact points to the MyHealth@EU infrastructure and efficient national digital health authorities.
Primary use of electronic health data
The European Health Data Space
True cross-border healthcare based on medical documentation accessible throughout the EU via interoperative electronic health data systems. Unleashing the potential of health data for science and  developing new drugs and treatments. These are among the benefits promised by the European Health Data Space.
The European Health Data Space
The Polish data protection authority will inspect compliance with the regulations on data protection officers
A list of questions has been published on the website of the Personal Data Protection Office on compliance with the GDPR provisions on data protection officers. These issues will need to be addressed by data controllers and processers summoned by the data protection authority.
The Polish data protection authority will inspect compliance with the regulations on data protection officers
Information on patients’ health disclosed remotely
The law in Poland is quite precise about who can be given information about a family member’s health, and in what situations. But when contacted by a family member by phone, how can the healthcare provider verify the caller’s identity? And can a hospital in principle refuse to provide information by phone?
Information on patients’ health disclosed remotely
Data Governance Act: A step closer to easier sharing of data
On 30 November 2021, the Council of the European Union and the European Parliament reached a provisional agreement on the final wording of a draft Data Governance Act (DGA) (COM/2020/767 final). The aim of the proposal is to promote the availability of data and to build a trustworthy environment facilitating the use of data (both person and non-personal) for research and creation of innovative new products and services. It is also intended to create a legal framework for easier sharing of data and mechanisms facilitating re-use of certain data held by the public sector, including data involving health, agriculture and the environment.
Data Governance Act: A step closer to easier sharing of data
Are you drafting a whistleblowing policy? Don’t forget about personal data
Work is underway on a bill implementing the EU’s Whistleblower Directive (2019/1937). It is not yet clear whether the directive will be implemented into Polish law on time (by 17 December 2021), but many companies are already drafting the necessary documents and organisational procedures.
Are you drafting a whistleblowing policy? Don’t forget about personal data