In an injunction of July 10, 2021, published the following month, the Italian data protection authority (Garante per la protezione dei dati personali) has fined the Airport of Bologna € 40,000 for not having implemented adequate technical and organizational measures for a whistleblowing application. Further, the authority held that for that application, a data protection […]
Wiebke Kummer
About Wiebke Kummer
Posts by Wiebke Kummer:
The New California Privacy Rights Act (CPRA)
Not that long ago, in January 2020, the California Consumer Privacy Act (CCPA) entered into force. Shortly after that, a proposition was made to amend the CCPA, introducing a new privacy law in California, the CPRA. We reported here. Californians once more voted in favor of a new data protection law on November 3, 2020, […]
Portuguese Data Protection Authority Orders Suspension of Data Transfer to USA
The Portuguese Data Protection Commission (Comissão Nacional de Proteção de Dados – CNPD) has ordered the Portuguese office of national statistics (Instituto Nacional de Estatística – INE) to suspend within 12 hours the transfer of personal data from the Census 2021 survey to the USA or other so-called third countries without an adequate level of […]
Alle gedopt? Datenschutz vs Transparenz im Antidopingkampf
Die sind ja doch alle gedopt, war die Antwort eines befreundeten Radrennsportenthusiasten auf meine Frage, ob er sich die Tour de France anschaue. Daraus wird deutlich, wie die Reputation des Sports unter Dopingfällen leidet. Dies ist nicht nur für den Sport als solchen problematisch, sondern vor allem auch für die Athletinnen und Athleten, die sich […]
German Court Calls Alexa to the Stand
The Regensburg (Bavaria) Regional Court has sentenced a man to 10 years in prison for manslaughter based on evidence from voice recordings of an Alexa smart speaker. The Case The court found the perpetrator –reportedly a notorious stalker– guilty of manslaughter, as, to the persuasion of the court, the man had killed his ex-girlfriend by […]
New California Privacy Rights Act (CPRA) Secured Enough Signatures for Ballot
You may have heard of the California Consumer Protection Act (CCPA) which entered into effect at the beginning of this year. You can find more information here. In the state ballot in November 2020, Californians will be asked to decide the fate of another new privacy law, the California Privacy Rights Act (CPRA). The proposition […]
Europäischer Datenschutzausschuss kritisiert CLOUD Act Datenabkommen zwischen USA und Großbritannien
Das US-Gesetz CLOUD Act (Clarifying Lawful Overseas Use of Data Act) erlaubt US-Ermittlungsbehörden den Zugriff auf Daten von US-Unternehmen, auch, wenn diese sich auf Servern im Ausland befinden und ohne dass es eines vorherigen Rechtshilfegesuchs bedarf. Problematisch daran ist, dass Art. 48 der EU-Datenschutzgrundverordnung (DSGVO) vorsieht, dass eine Übermittlung personenbezogener Daten in ein Drittland nur […]
COVID-19 – New Guidelines on the processing of health data for scientific research
On 21st April 2020, the European Data Protection Board (EDPB) released new guidelines. As a preliminary remark, the EDPB sees that “there are currently great scientific research efforts in the fight against SARS-CoV-2”, which should lead to research results as soon as possible. At the same time, there are legal questions regarding the processing of […]
The California Consumer Privacy Act, or “Do Not Sell My Personal Information”
On January 1, 2020, the California Consumer Privacy Act (CCPA) has entered into effect, described by many as a landmark law and, according to the American Bar Association, the most comprehensive privacy legislation to be enacted in the United States of America. The CCPA was passed in 2018 and is aimed at providing consumers with […]
Totgesagte leben länger?
Die ePrivacy-Verordnung ist vorerst auf Eis gelegt Nachdem es vor einiger Zeit noch so schien, als würden die Verhandlungen zur geplanten e-Privacy-Verordnung möglicherweise wieder aufgenommen werden, ist die Verordnung nun erst einmal auf Eis gelegt. Auf dem Treffen des Telekommunikationsrates am 3. Dezember 2019 hat EU-Digitalkommissar Thierry Breton geäußert, dass ein komplett neuer Vorschlag zur […]
Data Protection Foundation Awards Journalist Prize
The year is coming to an end ever so rapidly – at least it feels like that for many of us. It is also the time of retrospection and of awards for this past year’s achievements. One such award is the Journalist Prize presented each year by Germany’s Data Protection Foundation, a private trust that […]
Swiss Hotel Booking Platform must comply with the GDPR
The Austrian Data Protection Authority has ordered a Swiss online hotel booking platform to comply with the requirements set forth in the EU General Data Protection Regulation (GDPR), in particular to provide the information according to Art. 13 GDPR to the data subject. The ordinance was based on the following facts: An Austrian citizen living […]
Datenschutz im Ehrenamt – Bericht vom DatenTag in Berlin
Am 13. November fand der von der Stiftung Datenschutz veranstaltete DatenTag zum Thema „Datenschutz im Ehrenamt“ in Berlin statt. Gleichzeitig wurde der Journalistenpreis 2019 der Stiftung Datenschutz verliehen. Durch die in den Räumlichkeiten der Stiftung Bethel stattgefundene Tagung führte Frederick Richter von der Stiftung Datenschutz. Der Teilnehmerkreis setzte sich u.a. aus Medienschaffenden, Datenschutzbeauftragten und Datenschutzjuristen […]
Hellenic DPA Fines PWC for Unlawful Processing of Employee Data
The Hellenic Data Protection Authority has fined PriceWaterhouseCoopers Business Solutions SA 150,000.00 € for unlawful processing of employee data, after the Authority had conducted an ex officio investigation in response to a complaint. The Authority also ordered a series of corrective measures and gave PWC three months’ time for their implementation. Reportedly, the company had […]
Portuguese Data Protection Authority Imposes 400,000 € Fine on Hospital
The Barreiro Hospital in Portugal was fined 400,000 € by the Portuguese Data Protection Authority CNPD (Comissão Nacional de Proteção de Dados) for incompliancy with the EU General Data Protection Regulation (GDPR) by not separating access rights to patents’ clinical data. The public sector hospital had granted access to patients’ clinical data via their system […]