data protection | In Principle

Go to content
Subscribe to newsletter
In principle newsletter subscription form

data protection

Inheritance of data
A natural extension of the consideration of the legal status of data is the question of whether data can be inherited. This is no longer just a theoretical issue. Data are increasingly valuable, making it vital to answer the question of whether data constitute an asset of the decedent’s estate that can be taken over by the heirs.
Inheritance of data
What is the right to personal data?
When seeking inspiration for the future legal status of data, it is worth taking a closer look at how the right to personal data has been shaped. In particular, we could consider whether it is a property right and whether the current legal framework for the right to personal data corresponds to reality and meets our needs.
What is the right to personal data?
Dematerialisation of shares: Change in deadlines and the perspective of the Personal Data Protection Office
The mandatory dematerialisation of shares of stock, introduced by the 30 August 2019 amendment of the Commercial Companies Code, was intended to bring about a situation as of 1 January 2021 where the shares of all joint-stock companies and joint-stock limited partnerships in Poland would take the form of an electronic record, and share documents would lose their legal force from that date. But the coronavirus epidemic has made it difficult for commercial entities to make this organisational change, and the parliament has extended the deadlines for complying with certain obligations related to dematerialisation of shares. The Polish Personal Data Protection Office has also issued an opinion on dematerialisation.
Dematerialisation of shares: Change in deadlines and the perspective of the Personal Data Protection Office
Will the right to privacy be an indirect victim of COVID-19?
The law is one of the main instruments of social impact, which is particularly evident in the midst of a global health crisis, when the situation and applicable regulations are changing every day. New statutes and regulations are key to maintaining the delicate balance between order and chaos, public and private interests, and the common good and individual rights.
Will the right to privacy be an indirect victim of COVID-19?
Tech versus virus: Contact tracing
The battle with the coronavirus is dynamically entering another phase. After the initial shock, we are realising that technology may have a crucial impact on the rate of return to a somewhat more normal life. This doesn’t mean just biotech. Solutions keeping the virus under relative control until effective vaccines reach the market can prove just as important.
Tech versus virus: Contact tracing
Marketing communications to individuals: What’s the story with consent?
Most businesses react nervously when they hear the letters “GDPR,” as in their view the regulation gets in the way of performing their day-to-day work, particularly marketing. At the same time, many businesses get lost in the tangle of regulations they are supposed to follow if they wish to lawfully direct marketing communications to individuals. What issues cause them the most difficulty?
Marketing communications to individuals: What’s the story with consent?
Marketing initiatives in corporate groups in the context of personal data protection
Designing marketing initiatives in an organisation so they comply with the regulations, including data protection rules, can be problematic. The situation becomes even more complicated if marketing for several companies within a group is carried out by one of the companies, designated through informal internal arrangements (often without concluding any contracts).
Marketing initiatives in corporate groups in the context of personal data protection
GDPR-compliant websites
Ensuring the transparency of websites is vital from the perspective of the GDPR. Persons entering a website must be aware of how their personal data will be processed on the site and for what purpose.
GDPR-compliant websites
Fines for installing cookies without the user’s consent
Cookies and similar technologies are commonly used marketing tools enabling optimisation of marketing campaigns and more effective targeting of customers. So it comes as no surprise that it’s hard to find a website without a popup window informing users that the site uses cookies, referring the user to the privacy policy and cookies policy for more information. Interestingly, a great majority of these messages are themselves inconsistent with the applicable regulations on data protection, telecommunications, and electronic services.
Fines for installing cookies without the user’s consent
Data protection and public procurement
A key element of the proposed new Public Procurement Law is to regulate the protection of personal data collected in the course of procurement procedures. Significant exceptions from the general rules of the GDPR are planned. What should they consist of?
Data protection and public procurement
Could businesses be sued for data leaks?
When hackers exploited vulnerability due to software not being updated at a US credit agency, important data of millions of customers in the US, Canada, and the UK were leaked. The US federal authorities have launched an investigation that could lead to millions in fines. Bosses at the firm were questioned in a congressional hearing and the agency is facing the largest class action in US history. This sounds like the plot of a financial thriller, but the Equifax case did in fact happen and is a lesson for the future.
Could businesses be sued for data leaks?
Private enforcement under the GDPR
While the new data protection regulation provides for severe administrative penalties for failure to comply, it is well known that whether a penalty is effective is determined not by its severity but by its inevitability. Even though the personal data protection authority has been given broad powers, it does not have adequate means of exercising them. A solution could be a private enforcement mechanism within the regulation, whereby any person whose data has been breached can independently seek a judicial remedy.
Private enforcement under the GDPR