You’ll find a german version here. The Council of Europe announced through a press release on the 7th of October 2019 that it had formally adopted new rules for the protection of whistle-blowers. With the adoption of the “Whistle-blower Directive” across the EU, European private and public organisations have an obligation to make available safe […]
English Posts
B2B Marketing Days in Würzburg – Data Protection meets Marketing
The two-day conference “B2B Marketing Days” by marconomy took place in Würzburg from October 15-16 2019. The conference is a specialist’s conference for medium-sized companies discussing B2B specific marketing challenges, facilitate knowledge and Best Practice exchange via interactive formats and seeks to support cross-company networking activities. Around 350 participants and workshop lecturers have joined the […]
How Will the German Data Protection Authorities Determine Fines For Companies? – The DSK Publishes a New Concept.
On October 14, 2019, the German Conference of Data Protection Authorities (DSK) published a concept for determining fines in accordance with the GDPR. In some regards, this concept resembles the model of the Berlin Data Protection Authority which was presented in June of this year (we reported in German), but some aspects remain less concrete. […]
News on data protection law
Dear Readers, This is to update you on the latest news and developments in matters of data protection law. If you would like to be provided with more details, you may contact us via the commentary function. We will also link to our blog posts if we have already reported on this topic. What has […]
Hellenic DPA fines for violations of data protection by design and default
The Hellenic Data Protection Authority (“Authority”) issued two decisions on 7 October 2019 based on which it imposed two administrative fines amounting to 200,000 euros each to the Hellenic Telecommunications Provider, “OTE”. According to the decisions, the following violations were identified: breach of the principle of accuracy (Art. 5 (1) c GDPR) and data protection […]
The Effectiveness of Cookie Banners
On October 1st, the European Court of Justice handed down a ruling that could have a major impact on the design of the “cookie banners” widely used on the Internet. Although the European Court of Justice was not actually considering the classic “cookie banner”, the ruling nevertheless makes statements which are significant to their practical […]
Hellenic DPA Fines PWC for Unlawful Processing of Employee Data
The Hellenic Data Protection Authority has fined PriceWaterhouseCoopers Business Solutions SA 150,000.00 € for unlawful processing of employee data, after the Authority had conducted an ex officio investigation in response to a complaint. The Authority also ordered a series of corrective measures and gave PWC three months’ time for their implementation. Reportedly, the company had […]
Forum shopping between data protection authorities?
The data protection authority (DPA) of the German federal state of Hamburg recently opened administrative proceedings against Google. It relates to Google’s “Google Assistant” System, the natural language assistant behind the “Google Home” speaker, and transcripts from it. The Belgian public broadcaster VRT NWS recently revealed that recordings from “Google Assistant” were systematically listened to […]
The Spanish Data Protection Agency fined “La Liga” with 250,000 Euros
The Spanish Association of Football Clubs, “La Liga” has been the first organization to receive an exemplary fine for non-compliance with the General Data Protection Regulation (GDPR) in Spain. The mobile application, subject to the complaint and subsequent fine, used the users’ microphones and their GPS location in order to capture illegal transmissions of football […]
Annual Report of the Finish Data Protection Authority
The Finnish data protection authority (the Office of the Data Protection Ombudsman) has recently published its annual reports on May 17th 2019.[1] This short article summarizes the most interesting fact regarding the English summary report. Major Focus Points of the Finnish Data Protection Authority The authority plans to focus until 2020 on the data subject’s […]
GUIDELINES ON THE PROCESSING OF PERSONAL DATA UNDER ARTICLE 6(1) (B) GDPR: EDPB BEGINS PUBLIC CONSULTATION
As anticipated under the provision of Article 70(4) of the GDPR, the European Data Protection Board (EDPB), on the 12th April 2019 began a public consultation on the Guidelines 2/2019 on the processing of personal data under Article 6(1) (b) GDPR in the context of the provision of online services to data subjects (the Guidelines), with the […]
News on data protection law
Dear Readers, This is to update you on the latest news and developments in matters of data protection law. If you would like to be provided with more details, don’t hesitate to contact us via the commentary function. We will also link to our blog posts (mostly in German), if we have already reported on […]
Processing Personal Data in the Context of the Clinical Trial Regulation (CTR), and the General Data Protection Regulation (GDPR)
The European Data Protection Board (EDPB) has provided a clear guidance on the legal basis for processing personal data when conducting clinical trials. Although the opinion refers specifically to the interaction between the GDPR and the Clinical Trial Regulation (CTR), in this article we summarize the premises applicable for the processing of personal data in […]
THE NIGERIAN DATA PROTECTION REGULATION 2019: OVERVIEW, EFFECTS AND LIMITS
It would appear that the wind of data protection reform that has recently blown across the world has finally found its way to Nigeria with the passing of the Nigerian Data Protection Regulation (the Regulation) by the Nigerian Information Technology Development Agency (NITDA) on the 25th January 2019. From the preamble of the Regulation, one […]
One for All and All for One…How the Supervisory Authorities are Working Together
The GDPR was created in such a manner to provide the same data privacy rights to data subjects throughout the EEA. The European Data Protection Board (EDPB) has provided a report on how this is working so far, “First overview on the implementation of the GDPR and the roles and means of the national supervisory […]