The Privacy Blog
-
In case of targeted search for infringements, warning notice due to transfer of IP address to the USA inadmissible
In case of targeted search for infringements, warning notice due to transfer of IP address to the USA inadmissible. Baden-Baden Regional Court, judgement of 16 January 2023 – 3 O 277/22. In this judgement, the court had to decide whether a warning notice in connection with the payment of damages for pain and suffering due…
-
Unfounded, time-barred or excessive requests for information
Unfounded, time-barred or excessive requests for information. In its judgment of 15.12.2022 – 8 U 165/22, the OLG Celle dealt, among other things, with the question of the extent to which a request for information under data protection law can be rejected pursuant to Article 15 of the GDPR due to unfoundedness, statute of limitations…
-
The interplay between trade secrets law and data protection
The interplay between trade secrets law and data protection. The interplay between the Trade Secrets Act and data protectionThe Trade Secrets Act came into force on 18 April 2019. It replaces the existing regulations on the handling of information worthy of secrecy from the Unfair Competition Act and thereby transposes EU Directive 2016/943 into German…
-
Unlawful publication of personal data by employees can be an important reason for dismissal
Unlawful publication of personal data by employees can be an important reason for dismissal. In its judgement of 04.08.2021 – 25 Ca 1048/19, the ArbG Stuttgart dealt, among other things, with the question of whether unlawful data processing by the employee in the employment relationship can constitute an important reason for dismissal. The court found,…
-
ECJ declares EU/US Privacy Shield invalid
ECJ declares EU/US Privacy Shield invalid. According to Article 44 of the EU General Data Protection Regulation (GDPR), any transfer of personal data to a third country is only permitted if the controller and processor ensure an adequate level of protection for the transferring data. Until now, the transfer of personal data to the US…
-
According to the BGH, tracking cookies are now only permitted with effective consent
According to the BGH, tracking cookies are now only permitted with effective consent. On its website, the defendant had used pre-set checkboxes to ask for consent to a web analytics service that uses cookies to enable the evaluation of browsing and usage behaviour on websites of advertising partners and thus interest-based advertising. The ECJ had…
-
Recommendation on data processing in the home office
Recommendation on data processing in the home office. If employees also process personal data of data subjects in their home office in the course of their professional activities, this data processing entails high risks for the personal rights of the data subjects, as data misuse or unauthorised interference by third parties is easier due to…
-
ECJ judgments C-40/17 and C-673/17 on the use of social media plugins and cookies
ECJ judgments C-40/17 and C-673/17 on the use of social media plugins and cookies. The European Court of Justice (ECJ) has ruled on the use of social media plugins and cookies in two recent decisions. Both decisions have implications for the use of online marketing technologies on websites. In decision C-40/17 of 29 July 2019,…
-
Image and sound recordings of persons in medical institutions are health data
Image and sound recordings of persons in medical institutions are health data. Image and sound recordings of persons accommodated in a medical facility are health data and thus special categories of personal data within the meaning of Article 9(1) of the GDPR, the processing of which is only permitted under certain conditions. Already the making…
-
Impact of a “hard Brexit” on the transfer of personal data between the EU and the UK
Impact of a “hard Brexit” on the transfer of personal data between the EU and the UK. Following the failed attempts to pass the UK-EU withdrawal agreement in the House of Commons and the search for a new leader of the Conservative Party, there is a possibility that the UK will leave the EU on…
-
Supervisory authorities enforce requirements of the GDPR in 2019
Supervisory authorities enforce requirements of the GDPR in 2019. In 2019, the supervisory authorities of the federal states want to increase their monitoring of data security in companies. Failure to comply with data protection obligations can be expensive. Those who have not yet implemented the requirements of the GDPR should take action to avoid a…
-
EuGH Judgment C-210/16 on Facebook Fan Pages
EuGH Judgment C-210/16 on Facebook Fan Pages. The European Court of Justice (ECJ) rules in a preliminary ruling on the joint responsibility of the operator of a Facebook fan page with the Facebook group. The implementation of the ruling means extensive information for data subjects on their rights with regard to data processing according to…
-
German Bundestag passes EU Data Protection Amendment and Implementation Act to implement the EU GDPR
German Bundestag passes EU Data Protection Amendment and Implementation Act to implement the EU GDPR. The German Bundestag, with the consent of the Bundesrat, has passed the Data Protection Amendment and Implementation Act EU (DSAnpUG-EU). This law is intended to adapt German data protection law to the EU Regulation 2016/679 (DS-GVO) and to implement Directive…
-
LG Düsseldorf of 19.01.2017 – 12 O 151/15 – Data protection compliant use of social media plugins
LG Düsseldorf of 19.01.2017 – 12 O 151/15 – Data protection compliant use of social media plugins. In May 2015, several companies were warned by the NRW consumer advice centre because they had integrated the Facebook Like button on their website. In one of these cases, the Regional Court (LG) of Düsseldorf ruled on 9…
-
EU General Data Protection Regulation adopted by the EU Parliament
EU General Data Protection Regulation adopted by the EU Parliament. The EU General Data Protection Regulation (GDPR) was adopted by the EU Parliament on 14 April 2016. As an EU regulation, it has direct legal character throughout Europe and thus replaces the Federal Data Protection Act almost entirely. The GDPR was published in the Official…
-
EuGH ruling C-362/14 declares U.S.-EU Safe Harbor Arrangement invalid
EuGH ruling C-362/14 declares U.S.-EU Safe Harbor Arrangement invalid. The U.S.-EU Safe Harbor Arrangement was declared invalid in the ECJ ruling C-362/14 of 6 October 2015. After a period of negotiation, the U.S. Department of Commerce and the European Commission agreed on a new EU-U.S. Privacy Shield Framework that became effective in August 2016. The…