Die Cybersecurity and Infrastructure Security Agency (CISA) als Teil des Ministeriums für innere Sicherheit der USA (DHS) und das National Cyber Security Centre (NCSC) des Vereinigten Königreichs haben am 26.11.2023 gemeinsam Richtlinien für die sichere Entwicklung von KI-Systemen veröffentlicht. Beteiligt waren insgesamt 23 Cybersicherheitsbehörden aus insgesamt 18 Ländern – darunter auch das deutsche Bundesamt für […]
Internationaler Datenschutz
Internationaler_Datenschutz
What does the Data Privacy Framework Self-Certification mean for your company?
Let’s take a closer look at what the decision to self-certify under the DPF means for your company. In terms of costs, other then the applicable fees, you need to consider administrative and organizational costs aimed at ensuring accountability while implementing mechanisms to allow data subjects the exercise of their rights. We are providing you […]
Does your Company Need a Data Privacy Framework Certification?
Well, it depends. Let me begin by providing an overview of the Data Privacy Framework as adopted on July 11th 2023 and follow by providing my opinion on whether and for which companies a certification under the new framework would add value. The EU-US Data Privacy Framework in the Big Picture of the Adequacy Decisions […]
Access to employee emails: A delicate balance between business needs and privacy rights
In the landscape of corporate operations, accessing employee emails may sometimes feel like a necessity for companies. Whether to investigate suspected misconduct of current employees, facilitate operational management during an employee’s prolonged absence, or streamline the transition after an employee departs, the reasons can be varied. However, this task is not straightforward as there are […]
Datenschutz-Folgenabschätzungen nach dem revidierten Schweizer Datenschutzgesetz
Für Verantwortliche in der Europäischen Union, die Datenverarbeitungen mit einem hohen Risiko für die Rechte und Freiheiten der betroffenen Personen vornehmen, ist das Thema „Datenschutz-Folgenabschätzung“ (DSFA) bereits seit Jahren geläufig. Mittels der DSFA sollen datenschutzrechtliche Risiken erkannt, bewertet und durch Festlegung geeigneter Maßnahmen abgesenkt werden. Mit dem revidierten Schweizer Datenschutzgesetz gilt die Pflicht zur Durchführung […]
New Data Protection Law in Saudi Arabia
Individual privacy in Saudi Arabia and the protection of personal data have long fallen under the general provisions of Saudi law and not under the specific provisions on „data protection“ or „data security“. In the absence of specific laws, Islamic law generally applies in Saudi Arabia. Thus, Saudi courts dealt with data protection issues according […]
Meta’s Court Defeat in Norway and the Europe-wide Repercussions
An exciting case was decided in Oslo at the beginning of September. In July, the Norwegian Data Protection Authority Datatilsynet had banned Meta Ireland and Facebook Norway (hereinafter referred to as Meta) from displaying personalised advertising via its platforms in Norway. Meta had appealed against this and as a result lost before an Oslo district […]
WhatsApp switches its legal basis to „Legitimate Interest“ due to severe sanctions
It is by far not the first time that Meta and its platforms had to face scrutiny in terms of their privacy policy. This time around, the Irish Data Protection Commission (DPC) sanctioned WhatsApp with a fine of 5.5 million Euros due to the lack of a legitimate legal basis for processing personal data in […]
Roadmap to the Development of a Deletion Framework
A data deletion framework refers to a structured set of guidelines and procedures governing an organization’s adherence to deletion obligations according to data protection and statutory laws, as well as its processes for managing and executing the deletion of personal data. Essentially, a data deletion framework entails the systematic classification of personal data along with […]
India’s new Digital Personal Data Protection Act
On August 11, 2023, the President of India gave his assent to the Digital Personal Data Protection Act, 2023 (DPDP Act). India, as a tech-savvy nation with a booming digital economy, recognized the need for a structured data protection framework. It shall come into force on such date as the Central Government may notify in […]
The Long-Awaited U.S. Adequacy Decision Has Been Issued By The European Commission
Last year in Spring I mentioned in my article, Will Spring Bring a New EU-U.S. Privacy Shield Agreement?, how the EU and the U.S. were working to bring about an easier way to transfer data across the Atlantic. It was stated by Sean Heather, senior vice president of regulatory affairs for the U.S. Chamber of […]
Mehr Rechtssicherheit beim Datentransfer in die USA – Erfreuliche Nachrichten für den Datenschutz
Am 10. Juli 2023 hat die EU-Kommission den Angemessenheitsbeschluss zum EU-US Data Privacy Framework (EU-US DPF) veröffentlicht. Damit gilt ab sofort, dass für Daten, die an ein nach dem EU-US DPF zertifiziertes US-Unternehmen übermittelt werden, ein in den USA ein angemessenes Datenschutzniveau besteht. Die Vorgänger des EU-US DPF – das Safe Harbor-Abkommen und das Privacy […]
Vertreterregelung nach dem neuen Schweizer Datenschutzgesetz
Zum 01. September 2023 ändert sich für Unternehmen und öffentliche Stellen in der Schweiz so einiges in Sachen Datenschutz: Das neue Schweizer Datenschutzgesetz tritt in Kraft (wir berichteten). Das neue Gesetz verspricht vor allem eine Angleichung der datenschutzrechtlichen Regelungen in der Schweiz an das durch die DSGVO in der EU vereinheitlichte Datenschutzrecht. Heute werfen wir […]
Meta Platforms Faced with Largest Fine in GDPR History for Unlawful Personal Data Transfer to the United States
In a remarkable development that has sent shockwaves across the digital domain, Ireland’s Data Protection Commission (DPC) has imposed a €1.2 billion fine to conclude its long-term investigation into Meta Platforms Ireland Limited – formerly Facebook Ireland – over its data transfers from the EU/EEA to the United States. Let us take a look at […]
“Decreto Trasparenza”: Italian businesses to comply with new obligations for automated processing of employee data
In August 2022, Italy implemented the EU Directive No. 2019/1152 of the European Parliament and of the Council of 20 June 2019 on transparent and predictable working conditions in the European Union by adopting the new Legislative Decree 2022/104 (so called “Decreto Trasparenza”, meaning the “Transparency Decree”). What areas does the Decree cover? The new […]