The Hamburg Commissioner for Data Protection and Freedom of Information (“Hamburg DPA”) imposed a 35.5 million Euro fine on a global fashion company’s subsidiary in Germany for violations of the GDPR. This million Euro fine is the highest fine known in Germany so far.
On October 1, 2019 the Court of Justice of the European Union (“CJEU”) decided that a pre-ticked checkbox does not constitute valid consent for cookies – irrespective of whether the information stored in the cookie contains personal data or not. The CJEU further ruled that the information on cookies must…
The Data Protection Supervisory Authorities (“DPAs”) for the German states of Lower Saxony and Bavaria recently announced (related information can be found here and here) that they will carry out random audits to check compliance with the GDPR. In July 2018, the DPA for Lower Saxony reached out to about…
In light of the implementation of the General Data Protection Regulation, the German data protection authorities have changed their position on how employees submit whistleblowing reports anonymously. The German data protection authorities have issued guidelines in this regard.
In order to help businesses to include the EU General Data Protection Regulation in their data protection practices, Baker McKenzie has updated the 2018 edition of its GDPR National Legislation Survey.
Under the European General Data Protection Regulation many companies will be required to appoint a Data Protection Officer. Violating the requirements relating to the appointment of a DPO can be sanctioned with fines of up to EUR 10 million or up to 2 percent of the total worldwide annual turnover, whichever is higher. So, who do you appoint as your DPO?
Information obtained via a keylogger software secretly installed on an employee’s computer cannot be used as evidence in court – some exceptions apply.
The German Parliament approved the draft of a new Federal Data Protection Act in order to align the German data protection law with the requirements of the European General Data Protection Regulation and to make use of the opening clauses of the GDPR.
On January 25, 2017, the U.S. President signed an Executive Order on “Enhancing Public Safety in the Interior of the United States” containing rules for government privacy policies pertaining to foreigners. This caused concerns in Europe, but should not affect the EU-U.S. Privacy Shield.
An attorneys’ data privacy initiative brought an action against the Adequacy Decision in the CJEU claiming that the Adequacy Decision of the European Commission is null and void.