Privacy Talk with Maciej Gawroński, Partner, Attorney-at-law at GP Partners: What is changed with Polish Data Protection environment after GDPR?
“This interview recorded on 11th March 2024 is talking about privacy law and freedom of expression.”
Kohei is having great time discussing privacy law and freedom of expression.
This interview outline:
- What is the uniqueness of your law firm?
- What is changed with Polish Data Protection environment after GDPR?
- What is the uniqueness of your law firm?
Maciej: With pleasure. Thank you very much for asking. So Well, I think that to a large extent, we’ve got the best of both worlds.
So the best of independence and the best of let’s say legal international experience, because we are lawyers who have international experience, but we are now independent, which gives us the understanding of business needs, reasonable command of English, and, as well as probably better, better rates than the so-called Big Law.
But anyway what we are doing and why we are unique. So we are doing let’s say four to five main things although the firm is like the generalized firm because we are doing anything which is related to technology.
We are doing M&A and corpo, and we are doing dispute resolution and regulations, regulatory not only financial — but to a large extent financial regulation. But we also do public procurement in employment and immigration, because of the war, so immigration became a hot topic as well.
There are various things. We have them listed on our website, they probably will be rearranging their website to make it even more communicative and up to date because well, it’s needs some updates.
But anyways, our uniqueness is tha we indeed can combine knowledge and business perspective and we are actually quite good at communicating. As I said, we have this book.
We wrote a book about communication, and this is mostly what my legal mission or way of thinking is, all is about communication. It is what we do, we communicate things and ideas.
We’ve got a huge, well, I would say in data protection at the moment our reputation is, we are highly regarded obviously because of the achievements. And they tend to call me an IT guru.
I’ve even heard it two weeks ago, when there was an arbitration conference about cybersecurity in arbitration, that was in a panel and this is how I’ve been presented, and honestly, I’ve been flattered, so it’s a nice thing as well.
It’s not about feeding your own ego more like securing your insecurity. Therefore, we do technology. We do cloud computing, we do a lot of e-commerce things.
And we do disputes well. These disputes are interesting because some of them are technology, some are arbitration, some of them relate to cryptocurrencies and anti money laundering even in some of them.
More recently we have an eruption of shareholder disputes, which is a very nasty thing. So there is a lot of dimensions to it. A lot of surfaces of dispute, I’m not going to get into the depth here. So it’s probably a good thing to go to us.
Also, one of the things why we devised the book, is my idea (the book on communication with the courts)…, Just to be honest I don’t like arguing and disputing so much. I like to present the case.
But the mere conflict is not something which I love, I prefer to persuade then to stay in conflict. So the thing is, to increase our presentation power, the book is a good instrument, because then everybody knows what I’m going to do.
I’m going to take new examples from the courtroom as well as obviously from the documents of cases. So the thing is that when you are standing against us or you are trying a case where we are, you must be aware that we will probably digest the input and we might come back with it on the market, obviously, on a no-name basis but still.
So it’s probably this. The firm is, at the moment, four partners, about 12 or 13 lawyers. So still everything is very one on one, very good communication, no silos.
Maybe if we grow, probably when we grow, we will have all sorts of issues which usually all these businesses have. But well there were even some books about this gravity towards the center.
So whether the center which is actually the mean, medium performance, good or bad, we’ll try to stay at the right side, the father’s side of the Gauss curve. So we try to excel, we try to excel.
And we also get involved in things like this, this lawsuit against Facebook for deplatforming of a quite popular political party, then it’s a free speech thing.
We’ve also got involved into the complaint against Open AI for, honesty, not giving any regard, well not giving a lot of regard to the data protection in their service.
And we’ve filed with it [the complaint] with the Polish Data Protection Authority. It probably would need to get some extra momentum because I don’t think there’s anything happening for the last few months, but I am coming back to Poland, I will talk to them.
Kohei: Communication is the key tool. The law firm is more likely to bring the solutions for the clients. I suppose it’s a kind of very important action for your law firm. So we’d like to move on to the next questions.
So you had very great experiences in Poland, in terms of the data protection space so far, so could you share with us how the Polish Data Protection environment changed after the GDPR? It’s a very important topic.
- What is changed with Polish Data Protection environment after GDPR?
Maciej: Yes, yes, I’m going to do it. The fact is that I prepared myself, for five years with the GDPR, it was last year the initiative by the Polish Data Protection Authorities.
So I had my share in it. But it’s in the form of video clips, so it’s probably not so easy for anybody not speaking Polish to follow it, but I will give you some hints on Poland in general.
First of all, obviously, the thing is that GDPR and data protection became a serious thing in Poland. That doesn’t mean that we are totally compliant. Of course, we, nobody was in total 100% compliance. In GDPR or in anything it’s not possible.
But the understanding of the importance of it and also the awareness of data protection grew a lot. That’s for starters, then we also have this 2018, there was a lot of action in publicity and public speaking about data protection by the Ministry of Digitization as well as by every expert.
So anyway, there was a lot of regularization of what companies were doing, in other organizations, in municipalities, whatever, whoever is actually controlling data.
So we had this time of, well, I would say, initial compliance Obviously, not so much applying to micro and small enterprises for obvious reasons, lack of resources.
I was working on some standardization and have some kind of cloud computing service, semi automatic, self implementation and self certification program.
So I still have this startup on my shelves in startups good data protection standard. Though, it’s because of lack of resources and so much, maybe now would be a good time for but then good time also to strengthen the data protection compliance of small and micro entrepreneurs.
But anyways, so this is one thing then it’s also a question of cybersecurity. GDPR made, for me was always about cybersecurity, and data protection, and now it’s about cybersecurity as well, in a way, for me it’s more like the constitution of the internet in Europe.
I know Digital Services Act is being called the constitution of the internet. But my perception is more about GDPR, because it’s more about individuals. So who we call data subjects, more the subjects then objects. So we were able, indeed, to generate some kind of subjectivity and control about data in Poland.
Obviously, the resources for enforcing GDPR are not that huge. So stiffening of the whole business it’s not happening, but the owners understand in this game, if you are not playing by the rules, eventually you may get caught red handed and that indeed, that indeed happened.
We were very focused on the GDPR absurdities and all the formalities. Well, the fact is that we like to tick boxes in Poland. So we turn everything into some kind of checklist and formalities.
But I think that this child is infant time for GDPR has passed, and we are no longer so much disturbed by information obligation, or just the procedures, that we start to understand the flow of data and importance of control of data. In the world where we have no control of data, actually.
I always use the same analogy. I hope you’ve watched and seen the Dark Knight movie, Batman Dark Knight. There is this absolutely stunning scene when Batman catches Joker, pulls him on a string, on a rope.
And then Joker starts his monologue, he’s upside down, but then the camera does like that [180 degree turn]. And he’s still hanging upside down, but we see him vertically in the proper direction.
And he says, like this “This is what happens when an unstoppable power meets an immovable object”. He then proceeds to say that Batman would not be able to tame him; but Joker will not kill Batman either [because he has too much fun with Batman].
So I use this analogy to describe the relation between technology and regulation. I say that technology is an unstoppable force, but it can par excellence, by definition be somehow regulated, not tamed but regulated, streamlined by regulation.
It’s always a game. It’s difficult. But in the world when we don’t have physical control over data about us as human beings, and this information about us, in digitization, then surveillance is ubiquitous. So the only thing that we can have is actually regulating the way it’s going to be used. And regulation, access, retention.
This is now a big thing because time comes for attention. So this is what we start to understand in Europe, in Poland. Maybe we’ve started to understand, that I think we started to understand throughout the world.
But what happened last year, it was the the eruption of AI. Whether it is stupid or not stupid, we are not in the age of artificial general intelligence, yet.
Still, it’s enough automation of decision making now, it’s so possible and so, with such profound consequences, that the rules of the game changed. And it’s become even more scary, we’ll get to that, if you please, let me have a sip of coffee.
Kohei: Thank you. I think it’s gradually changing in conditions the stakeholders should have in mind, the data protection and privacy is fundamental to protect the every human rights and also the you mentioned that the part of the law firm you work with the other options for your clients, such as disputes or any other options for the clients.
That’s a very important note to see. So could you share about your work with that?
Thank you for reading and please contact me if you want to join interview together.
Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!