von Jan Schwemler

Noyb announced that it had filed official complaints with the relevant data protection supervisory authorities against 422 companies because of their cookie banners. Noyb stands for “None of your business” and is an association that is committed to enforcing data protection. One of the founding members of the association is the well-known data protection activist Max Schrems. This became known, among other things, through the proceedings he initiated, which led to the groundbreaking decisions of the ECJ that overturned both Safe Harbor and the EU-US Privacy Shield.

Read more …

von Jan Schwemler

The widespread Microsoft Exchange mail server has again been targeted by cyber criminals. Last week, security researcher Orange Tsai presented a new attack method called ProxyShell on said software at the BlackHat security conference. This now prompts criminals to actively look for this loophole and exploit it, as the evaluations of various honeypots show. In computer security, a honeypot is, for example, a server that simulates the network services of a computer, an entire computer network. Honeypots are used to obtain information about attack patterns and attacker behavior. Due to the information obtained in this way, this situation is to be regarded as very critical, especially if the Microsoft Exchange Server can be reached via the Internet, which is currently the case with over 400,000 servers.

Read more …

von Jan Schwemler

The Luxembourg National Data Protection Commission (CNPD) imposed a record fine of 746 million euros on Amazon Europe Core S.à r.l. based in Luxembourg. This emerges from the quarterly report of AMAZON.COM, Inc. dated June 30, 2021.

Read more …

von Nadja-Maria Becke

Position of the data protection officer

Articles 38 and 39 of the General Data Protection Regulation provide legal guidelines for the cooperation between the controller and the data protection officer. In practice, there are some differences between the appointment of an internal and an external data protection officer. However, the following points in particular are mandatory in all cases:

Read more …

von Ramona Höfler

Video surveillance is used by many companies. This has, for example, economic reasons, as video surveillance is more cost-efficient than a guard service. At the same time, companies have to deal with the permissibility of the video surveillance used. Within the scope of our activities, as external data protection officers, we support companies in all data protection issues. This also includes the topic of “video surveillance and data protection”. In this blog post, we explain which requirements must be met in order to operate a video surveillance system in compliance with data protection law.

Read more …

von Nadja-Maria Becke

It happens in the best companies that employees are suspected of misconduct. This becomes particularly relevant as soon as there is a suspicion of a criminal offense or other serious misconduct in the employment relationship.

There is then no doubt that the company has a justifiable interest in clarifying the suspicion internally and, if the suspicion is substantiated, also in initiating appropriate (labor law) measures.

Read more …

von Franziska Kössl

Anyone who regularly surfs the Internet knows that cookie consent banners come in many different shapes, colors and designs. Basically, all of them should pursue the same goal: to inform the site visitor which cookies are used and to request consent for the associated data processing.

The well-known cookie banner with an “Ok” button is now becoming increasingly rare, but has still not completely disappeared. Many site operators have already upgraded to the extended cookie banner to comply with the requirements of the GDPR.

But even the extended banners, with purpose-dependent consent option contain some pitfalls that can lead to data protection problems. Learn more about cookies and data protection below.

Read more …

von Nadja-Maria Becke

The Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar (Hamburg data protection supervisory authority) has issued an order against Facebook to process data from WhatsApp for its own purposes and ordered immediate enforceability for this.

Read more …

von Nadja-Maria Becke

Even in the context of an employment relationship or after its termination, an employee has the right to information about the processing of his or her data pursuant to Art. 15 GDPR. So far, so clear. As in many cases, the problems begin with a detailed examination.

Read more …

von Das Team der aigner business solutions GmbH

On 28. June 2021, the European Commission issued the expected adequacy decision for the United Kingdom. This means that the UK is considered a safe third country and data transfers can take place from 01. July 2021 in accordance with Art. 46 GDPR on the basis of this adequacy decision.

Read more …