Tax and Legal Newsletter

The European Data Protection Board (EDPB) has published Guidelines on the territorial scope of the General Data Protection Regulation (GDPR) (Guidelines)

One of the purposes of the BDAR was to extend the rules of the European Union (EU) data protection, however, there is a question on the application of it outside the EU.

The Guidelines take into account the interpretations of the Court of Justice of the European Union (CJEU) and state that GDPR shall be applied, if the data is processed in the EU or the website is accessible from the EU member states. Amongst other things, the Guidelines stipulate that the GDPR shall be applied, moreover, to persons travelling only in transit through the EU.

It should be noted that EDPB is an EU body in charge of the application of the GDPR as of 25 May 2018. This body is looking forward to receiving comments from interested parties on these Guidelines by 18 January 2019.

Guidelines are available here.

European Parliament (EP) adopted the resolution of 13 December 2018 on Blockchain: a forward-looking trade policy (Resolution)

EP noted in the Resolution that blockchain has the potential to support the TSD agenda by providing trust in the provenance of raw materials and goods, transparent production processes and supply chains, and in their compliance with international rules in the field of labour, social and environmental rights, considering the particular relevance to conflict minerals, illicit trade in cultural goods, exports control and corruption. Moreover, EP underlines that blockchain could contribute to the sustainability work of companies and promote responsible business conduct.

Furthermore, it is noted that digitisation will enable the exchange of information to be more efficient and transparent; considers that blockchain can enable producers, laboratories, logistics operators, regulators and consumers to have access to, and share, all necessary information regarding, for example, provenance, testing, certification and licensing.

EP believes that the adoption of blockchain technologies throughout the supply chain can increase the efficiency, speed and volume of global trade by limiting the costs associated with international transactions and assisting business to identify new trading partners, and can lead to increased consumer protection and confidence in digital trade.

Resolution is available here.

On 12 December 2018 the Supreme Court of Lithuania (LAT) ruled on interpretation and application of legal norms, regulating actions of unfair competition, derivative claim and the responsibility of the head of the company

The court of cassation ruled that transactions concluded by free will even in cases when they are economically ineffective for one of legal entities, are not considered to be one of the counterparties’ unfair competition actions within the scope of prohibited actions pursuant to Part 1 of Article 15 of the Law on Competition of the Republic of Lithuania.

LAT case law has clarified that prohibited actions under the established regulation of Part 1 of Article 15 of the Law on Competition of the Republic of Lithuania are linked to two cumulative conditions: (i) such actions shall contradict the fair practice of the economic activity and the good customs, and (ii) such actions may undermine the ability of another entity to compete.

LAT noted that the legislator has not specified the minimum number of shares that would allow the company to seek damage compensation from the head of the company and the members of the board in the court, therefore, a shareholder, holding at least one share of the company shall be deemed to have the right to file a derivative action to the head of the company and to the members of the board for damages caused to the company.

In addition, the court of cassation stated in this ruling that, in order to prevent the head from civil liability due to the business decision-making rule, the court shall establish that the head acted fairly with the interests of the company – did not violate the duty of care, i.e. properly investigated the information before concluding the dispute transactions, did not act ultra vires, etc., nor violated loyalty obligation.

LAT ruling is available here.

The Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania (Law) came into force on 1 January 2019

The Law imposes an obligation for legal persons to identify their ultimate beneficial owners and register information about them in the Information System of the Members of Legal Entities (JADIS). Legal persons will be able to fulfil their obligation to disclose the required information after JADIS adopts the amendments of relevant provisions of its regulations and adapts the Information System for registering of such data.

All legal persons established in the Republic of Lithuania, except for legal persons whose sole shareholder is the state or a municipality, shall obtain accurate information on their beneficial owners.

The beneficial owner is a natural person who ultimately owns or controls the customer and / or the natural person on whose behalf a transaction or activity is being conducted. The Law provides a list of individuals who are considered as final beneficial owners.

Non-compliance with the above-mentioned obligations imposed by the Law will result in a fine in the amount of EUR 500 up to EUR 1,800 for persons, and from EUR 2,000 up to EUR 3,500 for heads of legal entities.

Such offence committed repeatedly will incur a fine in the amount of EUR 1,500 up to EUR 5,200 for persons and a fine of EUR 3,500 up to EUR 5,800 for heads of legal entities.

The amendments of the Law are available here.

The Government approved the draft amendment to the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania (Draft of amended law) on 20 December 2018 and submitted it to the Parliament

The purpose of the Draft of amended law is to amend and supplement the provisions of Law according to the Directive (EU) 2018/843 OF THE European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (Directive), thus, improving legal regulation of money laundering and terrorist financing prevention.

The Draft of amended law includes the following changes: (i) the list of obliged entities is expanded; (ii) the enhanced customer due diligence procedure is applied to customers from high-risk third countries.

Moreover, the Draft of amended law lays down certain supervisory functions for money laundering and terrorist financing prevention measures for self-regulatory bodies and obligation for the Ministry of Justice of the Republic of Lithuania to provide a list of prominent public functions, which shall be updated at least once in 4 years. The Draft of amended law will fully transpose the aforementioned Directive.

The draft of amended Law is available here and here.

Half of the year after the entry into force of the GDPR: whether the business has succeeded in overcoming the challenges

Deloitte Legal has conducted a comprehensive report in the region of Central Europe, including Lithuania, to identify the main challenges that companies have faced with, applying the GDPR in practice in the first half of the year after its entry into force.

The report “GDPR: half of the year after the entry into force”, prepared by Deloitte Legal experts, reviews good practice, discusses national legislation, which complements GDPR regulation in different countries, the role of data protection authorities in assisting the application of the GDPR provisions.

According to the data, fines for personal data breach were not imposed in the investigated countries of the Central Europe during the first half of the year of the GDPR. Some national authorities, including Lithuanian ones, have carried out GDPR compliance checks, followed by binding instructions to the inspected organisations to eliminate discrepancies according to the GDPR.

More information about the report conducted by Deloitte Legal is available here.