In its judgment of January 20, 2022 (Case No. 3 O 17493/20), the Munich Regional Court ruled on the claims of a data subject against a website operator in relation to the integration of Google Fonts. The plaintiff was awarded a claim for damages in the amount of €100.00. The defendant was prohibited from using Google Fonts under § 823 para. 1 in conjunction with § 1004 BGB analogously. § 1004 of the German Civil Code (BGB), the defendant was prohibited from disclosing the plaintiff’s IP address to Google in the future.
Read more … Damages due to unlawful integration of Google Fonts – Guide beyond the individual case
The Belgian Council of State ruled on August 19, 2021 (case number 251.378) that encryption of data during data export can be an appropriate measure to ensure an adequate level of data protection. Golem.de reported on this on Sept. 17, 2021, and gdprhub.eu also dealt with it. The Belgian ruling now confirms the view of many data protection experts that encryption can be used under certain conditions to export data to insecure third countries in compliance with the law. This question had been hotly debated since the ECJ’s Schrems II ruling.
Read more … Belgian court rules: Encryption as an additional measure when exporting data
The right to information according to Art. 15 GDPR – ruling of the Bundesarbeitsgericht does not bring clarity
Even in the context of an employment relationship or after its termination, an employee has the right to information about the processing of his or her data pursuant to Art. 15 GDPR. So far, so clear. As in many cases, the problems begin with a detailed examination.
Read more … The right to information according to Art. 15 GDPR – ruling of the Bundesarbeitsgericht does not bring clarity
Non-compliant publication of photos in brochure – employee receives compensation of € 5,000 for pain and suffering
Competent employees are a figurehead for successful companies. It is therefore standard practice for websites and other advertising materials to show photos of employees. As a ruling by the Münster Labor Court (Case No. 3 Ca 391/20) dated March 25, 2021 makes clear, data protection requirements must not be disregarded. The defendant employer was ordered to pay € 5,000 in damages for pain and suffering due to the publication of a photo of her employee without her written consent, Section 82 (1) of the GDPR, as it was a photo publication that did not comply with the GDPR. The defendant had used a picture of the plaintiff in a context related to her skin color in violation of the GDPR.
Read more … Non-compliant publication of photos in brochure – employee receives compensation of € 5,000 for pain and suffering
The judgment of the European Court of Justice, which determined the ineffectiveness of the Privacy Shield Agreement between the European Union and the USA (Schrems II), did not go unnoticed in the USA either. In response, the US Department of Commerce has now published a white paper on data protection risk analysis as part of data export to the USA.
Read more … Response to Schrems II judgment US Department of Commerce publishes white paper
The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!
Read more … The EU-US Privacy Shield – everything you need to know about the Schrems 2 judgment in the video!
von Rainer Aigner
It took a long time, but now it actually happened that the Austrian lawyer Max Schrems brought the data transfer to the USA before the ECJ again. He was right again. The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In our blog article and video you will find out everything you currently need to know about EU-US privacy. We’ll also tell you what to look out for in the company!
Read more … Data transfer to the USA: an endless story with a lot of risk – current! The US-EU Privacy Shield
von Rainer Aigner
The fact that the ECJ overturned the EU-US Privacy Shield with its judgment has far-reaching consequences, especially for data transfer to the USA:
Affected are e.g. all apps, software programs and service providers with storage location USA or remote maintenance from USA!
According to the General Data Protection Regulation, companies that are part of a group are not treated as uniformly responsible, but as independent group companies. There is therefore no group privilege. A separate justification is therefore required for each data transfer between the group companies, which must comply with the principles of the General Data Protection Regulation.
Read more … Legally compliant data transfer between group companies
The General Data Protection Regulation not only lays down obligations for data processing companies, but also addresses persons affected by data processing directly and grants them extensive rights. When it comes to the right to information, there are important points to consider for companies. In this blog article and the accompanying video you will find out what you have to consider when it comes to the right to information under Art. 15 GDPR.
Read more … The right to information according to Art. 15 GDPR – the fundamental right for data subjects