Privacy Talk with Maciej Gawroński, Partner, Attorney-at-law at GP Partners: How are you concerned with Working Party 29 before GDPR?
“This interview recorded on 11th March 2024 is talking about privacy law and freedom of expression.”
Kohei is having great time discussing privacy law and freedom of expression.
This interview outline:
- Introduction
- Why did you decide to start as lawyer?
- How are you concerned with Working Party 29 before GDPR?
Kohei: Hello, everyone. I’m so honoured to invite Maciej at this time. So he’s a pretty great lawyer in Europe. And he did a very exclusive work in the Data Protection space. So, Maciej, thank you for joining this interview.
Maciej: Thank you very much for having me. Thank you for listening to everybody.
- Introduction
Kohei: Thank you for your answers. So let’s get started on his profile.
Maciej Gawroński (born May 12, 1973), is a Polish lawyer specializing in technology, dispute resolution and regulations. Maciej is the managing partner of a Warsaw based law firm GP Partners and previously led a Polish branch of an international law firm Bird & Bird.
He is a supporting expert of the European Data Protection Board, member of the Scientific Council of the Institute at the University of Economics and Human Sciences in Warsaw, recommended arbitrator of the Court of Arbitration at the Polish Chamber of Commerce.
Maciej has advised on hundreds of technology projects and disputes, including the full lifecycle of the largest Polish IT implementation.
He has represented clients in billion-dollar disputes before Polish courts, national arbitration courts, and international arbitration tribunals. In 2011 Maciej edited the first-of-a-kind study “Cloud Computing in the Polish Financial Sector”.
Regulations and Standards” published by the Polish Banking Association. In 2014, Maciej simultaneously held expert roles with the European Commission on cloud computing contracts, and the Article 29 Working Party (the predecessor of the European Data Protection Board) on data transfers, contributing to GDPR articles 20, 28.9, 82.1. (data portability, liability of sub-processors, electronic form of a data processing agreement).
In 2018 Maciej edited and co authored “Guide to the GDPR”, which was the number one legal bestseller in Poland both for 2018 and 2019. This book was endorsed by PUODO and published in English in 2019.
In 2021 President of the Polish Personal Data Protection Office (PUODO) honored Maciej with the Award of Polish Data Protection Authority for his contribution to the education in the field of personal data protection.
(Movie: Maciej Gawroński, laureat nagrody im. Michała Serzyckiego w 2021 r.)
Maciej has taught technology law at postgraduate courses at several Polish universities, contributed to many books about law and technology. Outside his professional life, Maciej cherishes his roles as a husband and father, enjoys snowboarding and electronic music, and is a proud owner of two Spanish mastiffs.
His interests span science fiction, space exploration, science, spirituality, and biohacking. That’s so great to join this moment, Maciej, Thank you.
Maciej: Thank you very much and sorry for this elaborate and prolonged bio.
I should have made some cuts out of it. But in 50 years and 30 years in the field I accumulated some track records I would say.
Kohei: That’s amazing. So let’s dig into the day’s topics. First of all, I’d like to ask you the important question, which is why are you starting in career? So could you tell us why you start your career as a lawyer?
- Why did you decide to start as lawyer?
Maciej: That’s an interesting question. And actually I have a practical answer to it. So initially, I hoped I’d be a mathematician because I, you know, won several mathematics, math contests.
However, in secondary school, the teacher who was teaching mathematical analysis, she was a very poor teacher.
I was, not discouraged, but kind of disgusted by her behavior and then I decided maybe I’ll become a programmer.
But my mother was a lawyer, so I felt maybe, maybe, because I thought lawyers are stupid, so I thought maybe I’d just become a lawyer, because it’d be easy competition to beat.
So I’m just saying that I was like 17 years old, or 18. So then I really became a lawyer. And it turns out that indeed the ability to reason and actually to communicate as well among the legal profession requires, or has a plenty of room for improvement, I would say.
However, the problem is that actually, it’s an art of communication. So I had to adjust very, very, very much. Not only about understanding things, but about communicating them and explaining to somehow survive in this environment.
Which I have, I think I managed to do well, as we are talking right now. So, the decision was, as I was very scared that I’m not going to be able to earn a living, so I made a choice of reason. I also knew something about my mother’s work. I hoped I would be able to then take over her work, which didn’t happen but it’s for good.
Kohei: That’s very good in sharing, as a lawyer you have done a very great work until today. For example, in your bio, I mentioned that you are part of the GDPR in many ways.
So the next question is about what did you work for the GDPR at The Article 29 Working Party before the European Data Protection Board, and please tell us your book “ The Guide to the GDPR” as well.
- How are you concerned with Working Party 29 before GDPR?
Maciej: With pleasure. Actually I started doing data protection work in 1999 when I was in France on a scholarship. And then when I was working in other law firms, I was just practicing my technology, law and then data protection law and when the time came, so cloud computing came. It was mostly about data protection and in Poland as well about outsourcing.
Then, I somehow built up relation or like business recognition or personal recognition with then, General Inspector of Polish Personal Data Protection, which was at the time PhD, now Professor, Mr Wojciech Wiewiórowski, who is now the European Data Protection Supervisor, and he recommended, suggested and recommended me to work with the Article 29 Working Party on sub processing agreements, export of data out of the EU and contractual clauses regulating this particularly.
Simultaneously I just volunteered to become a part of the European Commission Expert Group on Cloud Computing Contracts because I was doing cloud computing contracts, or more like regulation whether you can commission it. It was quite a fruitful year. And then I was eventually leading this thread on data portability.
So when I was working with the Article 29 Working Party, based on my IT experience from contracts I’ve done and like, I came up with various ideas. So eventually, I suggested that rule of subprocesses liability. Which I didn’t know that they would take it and put it into the GDPR.
So I’m very sorry. I’m sorry, it was not my intention to make everybody liable. But then they told us that these ideas were very interesting, but they will take it, they will take it to the GDPR, which they’ve done.
And this data processing agreement electronic form it’s because in Poland we had some issue with the written form, because in Poland the written form is with a handwritten signature.
And there was one more thing, so, data portability I was also involved in that. So, that’s it. I haven’t followed on and only later I’ve realized that the Commission delivered on the promise to include these things in the GDPR.
But then, the fact is, well, actually, when I left Bird & Bird in 2016. I started an independent law firm. It was the time when in 2016, the GDPR was adopted and we realized that they put these fines inside of the act.
As data protection lawyers, as technology lawyers, we were, you know, very happy, because we knew, it was going to get serious.
And then, I was asked to deliver certain presentations about GDPR, but they already wanted more practical presentations.
So I got involved. And then I was asked to actually write the content of a few programs for data protection, as well as a database for a leading Polish legal database, which is Lex, Wolters Kluwer Lex.
I’ve done it and then we turn it into a book “RODO. Przewodnik ze wzorami” And this book was well placed timewise because it was when the implementation of the GDPR took place around the whole Europe.
So the book became very popular. And some people used it as a handbook to learn about GDPR, some of them how to implement GDPR, as there were also documents, samples, drafts, templates, things we came up with.
Then, the Polish Personal Data Protection Office (UODO) also recommended the book, and then I started to work with the Polish Data Protection Office, as well as giving a lot of lectures.
And then we also in the meantime published the book in English (“Guide to the GDPR” ). The only problem is that it was very highly priced in English. And it was a year after the implementation.
I’ve been asked about the second edition. It would be nice, but the thing is, there are two things in it. One that now we’ve got artificial intelligence. So it’s also an exciting topic, and we got a new EU AI Act.
Secondly, the time, volume of literature and jurisprudence around GDPR and data production was limited. So it was easier in a way to write a book. And thirdly, my ADHD doesn’t like to do things twice.
I like new things. I’m excited by the novelty. So this is so, I don’t know if there will be another edition. Maybe there would be, I have some ideas, but also life happens. Not so, not so easy.
And then there was also the book about communication with the court and the judges [Polish title: „Jak pisać pisma procesowe i prowadzić komunikację w sporze czyli książeczka o pisaniu pism”] which is also a work in progress in English “Little Book on Drafting Pleadings” .
I will have a second edition in English, so we’re working on it, polishing, and it was very popular as well. And the good thing about the other one is that it’s not going to age very fast, because it’s about communication. It’s not about specific rules. Okay, because I’m speaking and speaking.
Kohei: That’s very good. I hope this book is written in Japanese as well. Hopefully, a lot of people are struggling now to comply, not just the compromise like, do the GDPR that’s been very helpful for practitioners as well.
Maciej: I got the question, Daijobu Des ka?
Kohei: Okay.Daijobu.
Maciej: So that’s what I know in Japanese.
Kohei: It’s very good communication. So,the next question is about your legal services. So as you’re independent law firm, you have a variety of options for your clients. Could you tell us of your uniqueness to your challenges with your law firm?
Thank you for reading and please contact me if you want to join interview together.
Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!
