Introduction In the contemporary legal landscape, data privacy stands as a paramount concern, with the General Data Protection Regulation (GDPR) serving as the cornerstone legislation governing the processing of personal data within the European Union (EU) and beyond. Article 30 of the GDPR imposes a pivotal obligation on data controllers and processors to maintain a meticulous Record of Processing Activities (ROPA). This article endeavors to elucidate the intricacies surrounding Article 30, offering practical insights and dissecting the evolving practices of Data Privacy Authorities concerning ROPA compliance. Understanding Article 30 of GDPR GDPR Recital 82 states: “In order to demonstrate compliance […]
Details
Gecić Law is proud to announce an exclusive seminar that will explore the most critical aspects of law in the field of artificial intelligence (AI). The AI seminar titled “The Law in the Era of Artificial Intelligence” was organized in cooperation and with the exceptional support of the Union University Law School Belgrade. Participants will include students in their final years of study, master’s, and doctoral studies. The seminar will take place from October 16 to November 8. This intensive program will take participants through the general regulatory framework. It will also discuss ethical principles and parallels between EU law […]
Details
On July 10, 2023, the European Commission (“Commission“) adopted its adequacy decision for the EU-U.S. Data Privacy Framework (“DPF”). The decision concludes that the United States (“US”) ensures an adequate level of data protection – comparable to that of the European Union (“EU“). What does this mean for EU Individuals and Businesses? The much-anticipated decision brings a conclusive resolution to the legal uncertainties surrounding the export of EU users’ data by US companies, an issue that has troubled thousands of businesses in recent years. The General Data Protection Regulation (“GDPR“) empowers the Commission to determine, through an implementing act, whether […]
Details
I. Strengths of the GDPR The General Data Protection Regulation (“GDPR”), implemented in 2018, has played a vital role in safeguarding personal data in the era of information and communications technologies (“ICT”). As AI technologies continue to advance rapidly, questions arise regarding the effectiveness and adaptability of GDPR in addressing the evolving challenges of data protection. This article examines whether GDPR is ready for retirement or if it requires updates to address AI-related data protection concerns effectively. Namely, Artificial Intelligence (AI) is defined as a methodology used in machine learning to determine which one of several used models has the […]
Details
Last week, Branko Gabrić, our counsel, had the honor of being invited to speak at the South-East European Data Protection Congress in Belgrade. The congress was held to establish a forum for data protection professionals to facilitate the exchange of ideas, opinions, updates, experiences, and the application of best practices, ultimately boosting the data protection scene in the region. Branko participated in the central panel on the first day of the conference, which focused on “Transparency – Can Organizations Ever be Too Transparent?”. Alongside him were Boško Vojkić, Director of Data Protection at Ergomed PLC; Stevan Stanojević, founder of PrivacyOneStop; […]
Details
Although the Personal Data Protection Act (“Act“) has been in effect for four years, it seems that its provisions have not yet been fully implemented in practice, nor have all companies in Serbia fully adapted to them. Non-compliance with the obligations prescribed by the Act especially starts hurting when inspections are carried out by the Commissioner, and a new round is being announced. So, let’s take a moment to revise what companies should pay attention to when it comes to complying with the Act. Back to basics The general obligations of companies are contained in the principles of the Act. […]
Details
Does blockchain technology carry risks of money laundering and terrorist financing? The Financial Action Task Force (“FATF”) responds affirmatively. In October 2021, FATF published an Updated Guidance for a Risk-Based Approach (“Guidance”), as a result of crypto market monitoring. The Guidance is based on the assessment of the risk of money laundering and terrorist financing regarding the regulation and supervision of virtual assets (“VA“) and Virtual Assets Service Providers (“VASP“). The amendments to the Guidance are the result of the FATF’s ongoing work and oversight of the VA and VASP sectors and their development, to prevent money laundering and terrorist […]
Details
Facebook teamed up with Ray-Ban to create Ray-Ban Stories, new smart glasses. The product, which will initially be only available in stores in Australia, Canada, Ireland, Italy, the UK and the US, is already facing severe scrutiny over privacy concerns. So, how are different privacy watchdogs taking the development of these spectacles? Did Facebook take any steps to respond to privacy concerns? And finally, could the smart glasses come under the radar of privacy watchdogs in the Western Balkans? What are Facebook’s Ray-Ban smart glasses? Smart glasses are not a new technological development. The concept has been around for […]
Details
The Irish Data Protection Commission (“DPC”) fined Facebook’s WhatsApp with EUR 225 million in its latest EU data protection ruling. The fine is the second largest of its kind in the EU. So far, only Amazon paid more in a privacy case in the EU. The DPC said in its ruling on September 2 that WhatsApp’s policies were not in line with the EU’s General Data Protection Regulation (“GDPR”), noting it registered breaches of Article 5(1)(a) as well as Articles 12 through 14. The breaches particularly include the provision of information and the transparency of that information to both users […]
Details
Why Schrems? The EU’s trust in the processing of personal data seems to be shaken. With the famous case Maximillian Schrems v Facebook Ireland Limited pending before the Austrian Supreme Court (“Court“) for a while now, Maximillian Schrems requested the Court to refer four questions to the Court of Justice of the European Union (“CJEU“) concerning the lawful use of personal data of all Facebook users from the EU. So, who is Maximilian Schrems? Maximillian Schrems is a law student from Austria and a personal data protection activist who has been extremely vocal about data protection before EU authorities. […]
Details
The topic of data protection and Big Tech keeps on giving. It appears the subject of data protection simply does not want to leave the main stage and wishes to remain in everyone’s center of attention. This should not come as a surprise, since the world is only starting to become more integrated in terms of digital services provided by Big Tech companies. The most recent “controversy” on data protection and Big Tech comes from Germany, or to be more precise, Hamburg’s Commissioner for Data Protection (“Commissioner”). The Commissioner investigated Facebook’s use of personal data gathered from WhatsApp users and […]
Details
What do Facebook, WhatsApp and TikTok have in common? Well, they are social media giants, with billions of users all around the world. But there is something else that these platforms have in common that is worthy of attention. Lately, they have all been “hunted down” by regulators over their data policies. So, we wanted to take the time to say a few words on the TikTok case. What makes the TikTok case special? As most of you already know, TikTok is a social media platform used to make short-form videos that last between 15 and 60 seconds. The videos […]
Details
In addition to numerous novelties and changes in Serbian legislation, the beginning of this year was also marked by the legal regulation of archiving materials and similar documentation, which attracted significant attention. The new Archival Material and Archival Activity Act (the “Act“) is not only an important step towards improving the protection of archival material and regulating archival activity but also towards developing awareness of the importance of preservation of archival material, since that helps “protect” the history of our country. Until recently Serbia did not have a specific act that would comprehensively regulate the issue of archival material and […]
Details
After a short break from our previous reflections on the EU’s new set of regulations concerning digital markets (more details available here), we are back with an even more vivid and thorough breakdown of the proposed regulation. To pick up where we left off, we will be taking a closer look at the Digital Services Act (“DSA“ or „Act“). As we have already familiarized ourselves with the EU’s goals and ambitions regarding new digital market regulation, we can now fully indulge ourselves by taking a closer look at the Act. We hope that you managed to catch your breath because […]
Details
Although it has been more than a year since the new Personal Data Protection Act (“Act”) entered into force in Serbia, some of its provisions are not yet fully applicable. One clear-cut example is Article 44 of the Act, which requires foreign companies (therefore those who does not have a registered business seat in Serbia) to appoint a Personal Data Protection Representative for Serbia (“Representative”). Who is the Representative? This provision, (as well as the majority of the Act’s provisions), was adopted from Article 27 of the General Data Protection Regulation (“GDPR”) and refers to any personal data controller and […]
Details
Is bad stronger than good? It is a fact that people are far more inclined to remember negative criticism or comments, than praise. It takes so many positive events to make amends for just one negative event. The Court of Justice of the European Union issued a Press release on October 3, concerning judgement in the case in which Mme Eva Glawischnig-Piesczek sued Facebook Ireland before the Austrian courts. She requested the removal of the notably harmful comment by a Facebook user which Austrian courts found insulting and defaming. The news immediately hit the headlines! The plain and simple truth […]
Details
The German Competition Authority (“Bundeskartellamt”) issued a decision which will have significant impact on both Facebook’s data policy and competition issues in relation to social networks. The decision came after an almost three-year investigation into the practices of this social network. Internal divestiture of Facebook’s data The Bundeskartellamt has imposed far-reaching restrictions on Facebook, concerning its data processing practices. So far, Facebook users have only been able to use the platform if they agreed to the terms and conditions which provide that user data can be collected outside the platform, including from websites and apps owned by Facebook, as well […]
Details
Friday is widely regarded as a day marked by joy and happiness. However, last Friday did not produce such emotions for data protection officers working in the online streaming services (“OSS”) industry, that is in Amazon, Apple, DAZN, Flimmit, Netflix, SoundCloud, Spotify and Youtube. Namely, the Austrian campaign group None of Your Business (“NOYB”) filed 10 complaints with the Austrian Data Protection Authority and asked for an investigation of an alleged breach of Article 15 of the General Data Protection Regulation (“GDPR”). NOYB accused OSS for violating the “Right to access by the data subjects” (which provides that the data […]
Details
Bogdan Gecić, managing partner at Gecić Law, a top tier law firm from Belgrade, gave a lecture on the importance of social media and communication at the Law Firm Marketing Summit held in London. “Social media are an important tool to cement presence on the Internet and share the values of your firms with the public”, said Mr. Gecić. “We do not only embrace social media as a medium of promotion of our firm and corporate life within the office, but we also share the successes of our partners and clients because we believe in the idea, as we dubbed […]
Details
Not so long ago, on May 25, 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR has been a subject of great interest and discussion, even prior to its implementation, due to its application on entities all over the world – inside or outside the European Union (EU). Although the GDPR has, practically, changed the legal framework in relation to the rules on data protection, and introduced a whole set of new obligations while imposing massive fines for non-compliance, the real implications of the application of the GDPR are yet to be seen, especially on non-EU entities. […]
Details
The year 2018 is witnessing a period of constant developments and dynamics in the area of competition law in Serbia. The latest news concerns a constitutional challenge against Article 45(4) of the Competition Act of Serbia (“Competition Act”), submitted by the Commissioner for information of public importance and personal data protection (“Commissioner”). Said provision exempts information gathered for the purpose of conducting competition proceedings, which are considered as ‘protected information’ to be disclosed to the public under the Free Access to Information of Public Importance Act (“Free Access Act”). In Commissioner’s view this provision seems to be in discord with […]
Details
In the second decade of the 21st century, the Internet network (the “Net”) became easily accessible to almost everyone, as well as the most important source of information. This is because, in addition to the availability of reviews and information collection, the Net has become easily accessible to create and upload different information and content by anyone. As a result, the Net has become the most widely used source of information, through which information from the different spheres could be found in the simplest and the fastest way. However, other than information, certain articles, images, photos, audio, audio-visual recordings and […]
Details
General Data Protection Regulation (GDPR) is currently a global hot topic – and for a good reason. It practically revamps the legal framework concerning Data Protection rules, introduces a whole set of new obligations while imposing massive fines for non-compliance. While the GDPR came into the force recently, it is no surprise that many are worried how it will affect their organizations as the legislation, under certain conditions, is to be applied worldwide —both inside and outside of the EU. Given that compliance with the GDPR will be no mean feat, requiring vast amount of time and resources, no matter how […]
Details
In the first articles of the series, we wrote about the relations between IT companies and developers, and the rights and relations of IT companies and developers set by the Copyright and Related Rights Act (“Copyright Act”), primarily with respect to commercial utilization of computer programs/software by IT companies and the possibilities of IT companies to carry our changes, adjustments and other adaptations of a computer program/software as a copyrighted work. However, do the mentioned rules apply to designers, and what happens in cases where graphic design contained within digital content is commercial utilized by IT companies, as well as […]
Details
The new EU data protection framework, set to come into force on May 24, 2018 in the form of the General Data Protection Regulation (GDPR) is directly binding in all Member States, however its scope goes beyond the boundaries of the EU – affecting foreign companies that deal with personal data of EU citizens. National Data Protection authorities of EU member states already have certain powers over foreign enterprises, as seen in the landmark Costeja case (C‑131/12) where Google Inc., an American company, was forced to protect a Spanish national’s right to the respect of his private life. The GDPR […]
Details