Open source technologies and cybersecurity related risks – Polish and international markets

What is Open Source?

Open Source is nothing else than free, unpaid software made available by programmers who create it. The idea comes from the end of XX century. By assumption, the Open Source software was to be created by cooperating programmers as a counterbalance for Closed Source software by distributing the base in the form of basic code free of charge for development in the sphere of science, education, law, production and many others. Open Source software products are designed to provide relatively inexpensive, user-friendly software that can be easily adapted to ones needs. Among the advantages of Open Source products are low initial costs, legality of such software, freedom to use and modify it according to user’s needs, development by a large community and faster detection and patching of vulnerabilities, free updates and faster software development. However, some of these advantages can turn into disadvantages. Development by a large community of programmers and a lack of vetting can result in people working on the program who want to introduce malware into the code. This means that Open Source software, on the one hand, is safe because of the large group of programmers working on it, but on the other hand, it can be dangerous for users for the same reason. Another disadvantage is the long-term costs of using Open Source software. These arise from situations where an immediate response to changes in the software is required and the need to call in a specialist in this area. In addition, the implementation of such software may entail the need to train employees in its use, which can also generate costs.

Vulnerability in Apache Log4

In mid-December 2021, a significant vulnerability was discovered in the security features of the Open Source Apache Log4 library, which was rated 10 on a 10-point criticality scale. Apache Log4 is a library for recording event logs by Java applications. It contains a mechanism allowing to search for requests using a special syntax without verification. The vulnerability is serious enough to allow cybercriminals to take control of a system very easily. It has already been exploited for attacks using malicious software to ‘mine’ cryptocurrencies. However, it is estimated that this vulnerability has been or will be exploited to attack the system by more malicious programs.

How to protect oneself from attacks targeting Open Source?


The European Data Protection Board criteria of territorial competence of supervisory authorities to enforce Article 5(3) of the ePrivacy Directive

On 18 June 2021, the EDPB adopted internal document No. 04/2021 on the criteria for the territorial competence of supervisory authorities for the enforcement of Article 5(3) of the ePrivacy Directive.

Problem of territorial application

In view of recent decisions adopted by some SAs that are competent to enforce Article 5(3)
of the ePrivacy Directive[1], the EDPB has issued an Opinion aimed at establishing a uniform interpretation regulations of the territorial jurisdiction of SAs responsible for the enforcement of Article 5(3). Decisions adopted by SAs have shown that the territorial scope of application of the Directive may vary between different SAs, particularly where the controller/service provider is established in several Member States. Uncertainties on this issue could jeopardize decisions adopted by SAs across the Union.

Jurisprudence of the CJEU


False Internet product reviews – Polish and EU law

Consumer opinions on a given product or service are a significant influence on sales on the Internet. Therefore, they should be as true and reliable as possible. This is to be helped by a new EU directive which expressly prohibits the posting of false opinions and paying for them, as well as misleading mechanisms for verifying the veracity of opinions.

UK Competition Authority (CMA)

In early January 2020, the CMA announced that as a result of the ongoing investigation, Facebook and eBay had formally committed to tackling the widespread trade in false and misleading product reviews on these platforms. In response to the authority’s concerns, the platforms have removed hundreds of such profiles and committed to putting in place mechanisms to prevent the offering and sale of such services. This should be considered a half success. The trade in fake product reviews is a symptom of a much more serious problem with the unfair manipulation of consumer buying behaviour. [1]

Directive on better enforcement and modernisation of EU consumer protection rules


KIELTYKA GLADKOWSKI KG LEGAL participated in the training devoted to “Polish National Electronic Invoicing System” – obligatory system for entrepreneurs in Poland from 2023, voluntary in 2022

The workshop devoted to the new Polish system of electronic invoicing took place on 27 January 2022, it was organized by the Business Trends Academy, a joint project of Soneta LLC, software developer ENOVA 365, Microsoft and Intel.

About the Polish National e-Invoice System (KSeF)

The Polish National e-Invoice System (KSeF) is operated by the Polish Head of the National Fiscal Administration, who is the administrator of all data in the National e-Invoice System.

Functionality of the Polish National e-Invoice System:

  • granting, modifying and withdrawing permissions and notification of possession or withdrawal of permissions
  • verification of permissions at login attempt
  • issuing, accessing, receiving, storing and assigning identification numbers to structured invoices
  • verification of the compliance of the sent invoice with the template (scheme).
  • notification of temporary non-functioning of the system and of attempted login by an unauthorised person.

Who can use the Polish National e-Invoice System:

  • Taxpayer
  • Entities designated by the taxpayer (e.g. an accounting office)
  • Enforcement bodies, bailiffs
  • Natural persons designated by the above-mentioned entities.

Important note: The Polish National e-Invoice System does not exclude foreign contractors, so they can also receive structured invoices, although they may wish to receive it in the traditional way.


Screening algorithms used by Facebook – 2% of effectiveness. Is it an open legal problem?

So far, users have uploaded an enormous amount of 350 billion photos, and nearly 35 million people update their status every day on Facebook platform. With such numbers, it is very difficult to verify the content posted on the platform, which in a considerable number of cases violates community standards. In order to stop this dangerous process, the company had to undertake more technologically demanding solutions, so that it operates in accordance with legal and ethical standards.

Facebook Community Standards

The aforementioned Community Standards are the key for fighting with abuses on the platform. They are simply guidelines developed by Facebook’s employees, which list what is allowed and what is forbidden. They are based on user feedback and expert advice in areas such as technology, public safety and human rights. They apply to all users, are valid worldwide, and apply to all types of content. They have been divided into categories concerning: violence and illegal behaviour, security, objectionable content, integrity and authenticity, and even protection of intellectual property. Each of them describes specific behaviours/content that are strictly prohibited, and the catalogue itself grows with emerging socials problems. The most significant and widespread problem with violations of these standards is hate speech.

Classifiers – screening algorithms