Civil liability of software using biometrics on the grounds of Polish jurisdiction

  1. Introduction

We live in a smartphone era, almost every of the latest smartphone model includes a fingerprint reader. Some models feature facial recognition systems (such as the latest Apple iPhone 8 smartphone, that will use such system) or iris scan (for instance Samsung Galaxy S8 has that system incorporated). As you can see, the use of biometric security in the smartphone market has become a common practice. Earlier, before smartphone manufacturers began using biometrics, it was “present” at airports, state borders, or in security systems. It is already a noticeable part of our everyday life, which makes it clear that in the future biometric security will be an important part of our daily lives. The use of biometrics in computer science opens up a new sphere in the use of sensitive personal data. What is biometry? What are its types? What about the data that it holds? Who is responsible for possible system failures? Finally, what legal regulations can apply to it?



Legal basis: Legal Act of 26/01/2018 about the amendment to the Act on the National Court Register and some other acts (Journal of Laws 2018, item 398).

From 15th March 2018 the submissions of financial statement documents are possible only in electronic form, and the mode of submitting these documents differs depending on whether the persons authorized to represent the entity are natural persons with the affixed PESEL numbers (Polish Personal Identity Numbers).


General Data Protection Regulation (GDPR) implemented in Poland

The General Data Protection Regulation entered into force on May 24, 2016, but its validity in Poland will not start until May 25, 2018. The GDPR introduces definitions of principles for the processing, storage and use of personal data. The new regulation introduces new liability rules, possible financial sanctions and imposes new obligations on the entities dealing with the processing and use of data.

The GDPR, introduced in Poland as a part of the unification process for the entire EU in respect of regulating the principles of personal data processing, provides for general principles, which the entrepreneurs in Poland will be required to comply with. Accordingly, the companies will be required to analyse the data they already have in their storage, the procedure of sharing and storing.


New Polish Act on Electromobility and Alternative Fuels

The Act provides for a system of incentives in Poland, including abolition of excise tax on electric cars and plug-in hybrids (PHEV), exemption from parking fees, larger depreciation write-offs for companies. It also includes building a base infrastructure network for alternative fuels in agglomerations, densely populated areas, and along trans-European road transport corridors, which will allow free movement of vehicles powered by these fuels. It is planned that by the end of 2020, there will be created 6,000 electricity charging points with normal power and 400 high power charging points as well as 70 CNG refuelling points in Poland.

The Act is intended to improve Poland’s energy security, while the choice of electromobility is a strategic choice that will reduce dependence on oil imports.


General Data Protection Regulation in Poland

Currently, work is underway to adapt Polish law to the General Data Protection Regulation. Regardless of the progress of the work of the Polish legislator, the regulation in the Member States will take effect from May 25, 2018.

The new regulation applies to every entity that processes personal data of individuals in the European Union. The regulation therefore applies to any enterprise that employs or offers products or services to EU citizens. GDPR imposes a whole series of new obligations on companies and institutions and strengthens those already in force. The most important of them include: the requirement to properly secure stored personal data, changes in the information policy or new users’ rights.

Due to the specificity of this Act, it will mainly cover two areas of the company’s work: human resources, as well as sales and marketing. The new regulation will be an important step towards strengthening citizens’ rights in the digital era and simplifying business activities by harmonizing rules for market administrators in all EU member states.