In 2021, media reports raised serious questions about how Facebook was dealing with the collected personal data of around 530 million Facebook users. Between 2018 and 2019, these datasets, which also included the email addresses and mobile phone numbers of Facebook users, were exposed on the internet. Following the media reports of these serious data […]
Internationaler Datenschutz
Internationaler_Datenschutz
Das neue Schweizer Datenschutzgesetz
Das erste Bundesgesetz über den Datenschutz in der Schweiz (DSG) vom 19.06.1992 trat 1993 in Kraft. Seit dem Inkrafttreten des DSG gab es vielfältigste technologische Entwicklungen, die in der bestehenden Form – logischerweise – nicht im Gesetz aus 1992 berücksichtigt werden konnten. In 2008 erfolgte bereits eine Teilrevision des Schweizer DSG mit dem Ziel, die […]
Google and the U.S.: A multi-state historic privacy settlement
Google, the giant U.S. tech company, will pay a total of $391.5 million to 40 U.S. states, which is the largest multi-state privacy settlement with state Attorneys General in the U.S. history. The main reason behind the fine is that the online search engine platform has engaged in deceptive and unfair actions in violation of […]
„Old“ Standard Contractual Clauses to be Invalid as of the End of December (27.12.2022)
The European Commission decided on new Standard Contractual Clauses (SCCs) in June 2021. After 27 December 2022, only these „new“ SCCs may be used without exception. What does that mean for companies and organizations? If personal data is transferred to processors (or their sub-processors) or to controllers in a country outside the EU or the […]
One Step Closer to a EU-U.S. Adequacy Decision
On October 7, 2022, U.S. President Biden signed the long-awaited Executive Order (EO) on ‘Enhancing Safeguards for United States Signals Intelligence Activities‘. Some would say it is merely a memorandum on how the US will continue to spy on individuals. Others would say it is an effort to control the intelligence system in place without […]
„Alte“ Standardvertragsklauseln ab Ende Dezember ungültig
Wenn Sie bzw. Ihr Unternehmen personenbezogene Daten in Drittstaaten übermitteln, dann ist bis zum 27.12.2022 eine Überprüfung dieser Drittland-Datenübermittlungen erforderlich. Rechtlicher Hintergrund Erfolgt bei der Zusammenarbeit mit Auftragsverarbeitern (bzw. dessen Unterauftragsverarbeitern) oder Verantwortlichen eine Übermittlung personenbezogener Daten in ein Land außerhalb der EU bzw. des EWR, für das kein Angemessenheitsbeschluss der EU-Kommission besteht, wird regelmäßig […]
Spanish Supreme Court: Data subjects can submit their complaint directly to a supervisory authority
According to a decision of the Spanish Supreme Court (Tribunal Supremo) of July 2022, filing a request to exercise the data subject rights with the data controller is not a prerequisite for filing a complaint to the relevant Supervisory Authority for an alleged breach of the GDPR. The decision was issued after a complaint of […]
Will the American Data Privacy and Protection Act Become Law Eventually?
While some U.S. states have data privacy laws, amongst them California, known to have the strictest privacy law, to date, the United States do not have a federal data protection act. In June this year, a first draft of the American Data Privacy and Protection Act (ADPPA) was proposed. The draft bill received bipartisan support and […]
UK GDPR Reform
In September 2021, the government launched its consultation here to draw proposals to make substantial changes in the UK Data Protection Laws which were less stringent than the EU GDPR but still covered all the important data protection rights. The UK government has expressed that the focus of this reform is to make a trusted […]
Meldung von Datenschutzverletzungen nach dem brasilianischen Datenschutzgesetz (LGPD)
Dieser Artikel erläutert, wie Unternehmen, die geschäftlich in Brasilien tätig sind, die brasilianische Datenschutzbehörde („ANPD“) über Datenschutzverletzungen in Kenntnis setzen sollten, die zu einem Risiko für die Rechte und Freiheiten natürlicher Personen führen. Der Schutz von geschäftlichen und persönlichen Daten vor unbefugtem Zugriff ist aus Sicht der Informationssicherheit seit jeher ein wichtiges Anliegen. Im Zeitalter […]
Fines by the Spanish Data Protection Authority on cookies and the measures to verify customers’ identities.
In April 2022, the Spanish data protection supervisory authority – Agencia Española de Protección de Datos (AEPD) – issued several fines and in this article, we will review four decisions totaling 178,000 euros. What and why is the AEPD issuing fines? Unlawful use of cookies and outdated policies In Decisions 482, 483, and 603, the […]
We will record this call for contract proving purposes
The French data protection supervisory authority, Commission Nationale de l’Informatique et des Libertés (CNIL), recently published a Guide (25.04.2022) about call recording to prove the formation of a contract. When to record? The rule of thumb is to record calls that are necessary because there are no other means of proving that the data subject has […]
Was der Entwurf zum EU-Data-Act mit Sex-Toys zu tun hat
Vor einiger Zeit berichteten wir über We-Vibe, ein Sex Toy des Herstellers QIUI. Dabei ging es vor allem um Sicherheitsdefizite. Solche Geräte, die Daten sammeln und mit dem Internet vernetzt sind, sind Gegenstand des geplanten EU Data Acts, dessen Entwurf die EU-Kommission im Februar vorlegte. Der EU Data Act soll für Verbraucher und Unternehmen regeln, […]
Amazon Road Transport Spain Fined 2 Million EUR by Spanish Regulator for Requesting Certificates of Good Conduct from Drivers
The Spanish data protection supervisory authority, Agencia Española de Protección de Datos (AEPD), has issued a fined of 2 million EUR against Amazon Road Transport Spain, S. L., a logistics company that manages deliveries for US-based online-merchant Amazon (see here). Backgound, or: How to Become a Delivery Driver Amazon Road Transport works with formally self-employed […]
Will the Trans-Atlantic Data Privacy Framework Bloom this Summer?
Spring has sprung, but we are still waiting for the flowers to appear. As I wrote in a blog article dated, March 23, 2022, it was anticipated that this spring the EU and the U.S. would come to an agreement with regards to the EU-U.S. Privacy Shield. On March 25, 2022, a joint announcement was […]