Technology  Law 

Personal Data Processing News

In March 2019, the most important event in personal data protection was undoubtedly the adoption of the GDPR Adaptation Act and the relevant accompanying act. In doing so, the Czech Republic remedied one of its legislative shortcomings as it was one of the last EU states lacking the Adaptation Act. Following France, another EU state that has fined a higher fine for violating the GDPR is Poland.


The Czech Parliament has Adopted the GDPR Adaptation Act

On 12 March 2019, the Chamber of Deputies approved two drafts of what are referred to as “GDPR Adaptation Acts”, which the Senate had previously returned with comments primarily directed against the extension of the competencies of the Office for Personal Data Protection (the “OPDP”) in respect of the right to information and against the mere decrease in fines for some public entities.

The Personal Data Processing Act (the “PDPA”), which will replace the existing Act No. 101/2000 Coll., on Personal Data Protection, had been adopted in the Senate’s version. In contrast, in the Accompanying Act amending certain acts in relation to the adoption of the Personal Data Processing Act (the “Accompanying Act”), the Deputies upheld their original proposal. On 10 April 2019, the new rules governing personal data protection were signed by the President.

Besides the enactment of exceptions admitted by the GDPR and the specification of certain GDPR definitions, the objective of the PDPA and the Accompanying Act is also the implementation of two criminal-law directives.

The adoption of the act will affect, for example, the following:

  • The Internet age of consent (finally stipulated at 15 years);
  • The term ‘legitimate interest’ under the GDPR and relating exceptions;
  • The exception from assessing the impact on personal data protection;
  • The obligation of certain public authorities to appoint a Data Protection Officer;
  • The impossibility of fining certain public entities;
  • The accreditation of the GDPR certification authorities;
  • Personal data processing for journalistic purposes; and
  • The amendment to almost 40 acts, which will be primarily reflected in criminal law.

As a result of the adaptation package, Act No. 106/1999 Coll., on Free Access to Information, will newly include a provision introducing the institutes of what is referred to as an ‘information order’, based on which the liable entity will be obliged to provide the applicant with the requested information under the above-stated legislation. The new provisions of the Information Act will apply with effect from 1 January 2020.

No Fines for Selected Public Entities

The final wording of the PDPA fully abolishes the possibility of imposing administrative sanctions for the misuse of personal data on some public entities (municipalities not having extended powers in the scope of the municipal authority of a municipality with extended powers, and educational facilities established by municipalities) as requested by the Senate, which had argued that this would merely result in the transfer of funds as part of public budgets. According to the original proposal, only the maximum limit to fines should have been decreased.


The First Fines for Violating the GDPR Abroad

The Polish Personal Data Protection Office released information that it had imposed a sanction of PLN 943,000 (approximately EUR 220,000). The fine was imposed for a failure to comply with the reporting duty. According to the Office’s information, up to six million data subjects were unaware of processing and thereby were unable to exercise their rights as stipulated by the GDPR. The company, on which the fine was imposed, collected the data from a publicly accessible register similar to the Czech Trade and Commercial Registers. In the case, it argued by saying that it would be extremely costly to comply with the reporting duty in relation to the persons in respect of whom it did not have e-mail addresses. Given that the company had the telephone numbers and postal addresses of the subjects, the Office did not accept the argument.

In Denmark, the relevant office seeks to impose a fine on a taxi service operator for storing personal data for an excessive amount of time, specifically for storing telephone numbers for five years without sufficient justification. The proposed sanction corresponds to EUR 160,000; however, it has yet to be approved by Danish courts.

For the Polish Office’s information about the imposed fine follow this link.

The article is part of dReport – April 2019, Legal news.

GDPR dReport newsletter

Rising prices of construction material complicate the public procurement process and performance of public contracts

In early September, the Czech Ministry of Regional Development and the Office for the Protection of Competition issued an opinion on the price increase of construction material. This way, the authorities respond to the rising prices of reinforcing steel, thermal insulation, scrap iron and other material by tens or even hundreds of per cent. The reason for the price rise is a lack of the mentioned goods on the market and related long delivery times. The authors of the opinion present possible solutions to the problems that can arise in the public procurement market as a result of this situation. 

22. 9. 2021

Private financial institutions are the new supervisors of environmental regulation. The courts’ approach is also changing

Regulations in the area of environmental law are constantly increasing, which means that sustainability is an increasingly important topic that directly affects individuals, companies and states. However, oversight of compliance with the new rules is no longer exercised only by environmental inspection authorities, but also by private financial institutions. The courts whose decisions directly affect the corporate and state responsibility for climate change have also adopted a new approach to this issue. Read about the most important events in environmental law in Q2 of 2021 and get acquainted with regulatory news that will affect the future of sustainable business throughout the European Union. 

28. 7. 2021

The EU wants to achieve climate neutrality by 2050, then it will aim for negative emissions

The existential threat resulting from climate change demands that the EU as well as its member states heighten their ambitions and intensify their measures. This is reflected not only in the EU’s approach to the European Climate Law and in the constant collection and analysis of data (referring to carbon rates, for example), but also in a change of the judicial ruling practice. In a recent ground-breaking verdict, a Dutch court ordered a private company to adjust its activities with regard to the need for tackling climate change. 

28. 7. 2021