Karolina Romanowska | In Principle

In recent years, the gig economy, based on a model of flexible employment using online platforms, has grown rapidly. In the EU, it is estimated that 43 million people will be employed through such platforms in 2025. A heated discussion is underway regarding the new regulations in this sector, in particular regarding the employment model for such workers, but also about making automated decisions regarding them using various types of algorithms. What should the organisers of job platforms keep in mind in light of the GDPR? We discuss this using the example of decisions on food delivery platforms issued by the Italian Data Protection Authority.

The proliferation of remote work, combined with the development of monitoring technologies, has led employers around the world to implement various, sometimes technologically advanced methods to check employees’ performance and commitment to their work. In this area, IT solutions and programs commonly called “bossware” are gaining popularity.

The upcoming amendment to the Labour Code on remote work is expected to comprehensively regulate a number of issues and relationships between employer and employee, significantly changing the existing legal landscape for performing work from home. The amendment also touches on issues of processing of personal data. Although work on the bill is still underway, it appears unlikely that the provisions discussed below will change significantly, so it is already worth taking a closer look at them.

Entities transferring personal data outside the European Economic Area on the basis of standard contractual clauses that are no longer in force (where the transfer began before 27 September 2021) should conclude agreements based on new clauses by 27 December 2022.

A list of questions has been published on the website of the Personal Data Protection Office on compliance with the GDPR provisions on data protection officers. These issues will need to be addressed by data controllers and processers summoned by the data protection authority.

Work is underway on a bill implementing the EU’s Whistleblower Directive (2019/1937). It is not yet clear whether the directive will be implemented into Polish law on time (by 17 December 2021), but many companies are already drafting the necessary documents and organisational procedures.

Many entities in the gaming industry believe that they process little or no personal data. This belief can be misleading. We discuss what gaming companies should look out for in practice to avoid the risk of financial penalties

When seeking inspiration for the future legal status of data, it is worth taking a closer look at how the right to personal data has been shaped. In particular, we could consider whether it is a property right and whether the current legal framework for the right to personal data corresponds to reality and meets our needs.

Most businesses react nervously when they hear the letters “GDPR,” as in their view the regulation gets in the way of performing their day-to-day work, particularly marketing. At the same time, many businesses get lost in the tangle of regulations they are supposed to follow if they wish to lawfully direct marketing communications to individuals. What issues cause them the most difficulty?

Ensuring the transparency of websites is vital from the perspective of the GDPR. Persons entering a website must be aware of how their personal data will be processed on the site and for what purpose.