In its judgment of January 20, 2022 (Case No. 3 O 17493/20), the Munich Regional Court ruled on the claims of a data subject against a website operator in relation to the integration of Google Fonts. The plaintiff was awarded a claim for damages in the amount of €100.00. The defendant was prohibited from using Google Fonts under § 823 para. 1 in conjunction with § 1004 BGB analogously. § 1004 of the German Civil Code (BGB), the defendant was prohibited from disclosing the plaintiff’s IP address to Google in the future.
This is the result of a review of nearly 1000 websites by consumer centers and consumer associations. As reported by their federal association on 17.09.2021, several consumer centers and associations have checked the websites to see whether they use cookie banners in compliance with the law.
Data subjects must tick the boxes for data protection consents themselves – this is what the GDPR wants, and this is how the ECJ and BGH decided: If those responsible want to process data on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR, the checkboxes must be ticked be set by those affected themselves. Actually, it has been clear for a long time that the pre-filling of the checkboxes does not constitute consent by the person concerned, which meets the requirements of Art. 4 No. 11 GDPR.
In modern companies it is almost inconceivable to handle business processes without the support of software. So it’s hardly surprising that new software is constantly coming onto the market. In addition, existing systems must be continuously adapted to the increasingly complex business processes.
Noyb announced that it had filed official complaints with the relevant data protection supervisory authorities against 422 companies because of their cookie banners. Noyb stands for “None of your business” and is an association that is committed to enforcing data protection. One of the founding members of the association is the well-known data protection activist Max Schrems. This became known, among other things, through the proceedings he initiated, which led to the groundbreaking decisions of the ECJ that overturned both Safe Harbor and the EU-US Privacy Shield.
Articles 38 and 39 of the General Data Protection Regulation provide legal guidelines for the cooperation between the controller and the data protection officer. In practice, there are some differences between the appointment of an internal and an external data protection officer. However, the following points in particular are mandatory in all cases:
Video surveillance is used by many companies. This has, for example, economic reasons, as video surveillance is more cost-efficient than a guard service. At the same time, companies have to deal with the permissibility of the video surveillance used. Within the scope of our activities, as external data protection officers, we support companies in all data protection issues. This also includes the topic of “video surveillance and data protection”. In this blog post, we explain which requirements must be met in order to operate a video surveillance system in compliance with data protection law.
Anyone who regularly surfs the Internet knows that cookie consent banners come in many different shapes, colors and designs. Basically, all of them should pursue the same goal: to inform the site visitor which cookies are used and to request consent for the associated data processing.
The well-known cookie banner with an “Ok” button is now becoming increasingly rare, but has still not completely disappeared. Many site operators have already upgraded to the extended cookie banner to comply with the requirements of the GDPR.
But even the extended banners, with purpose-dependent consent option contain some pitfalls that can lead to data protection problems. Learn more about cookies and data protection below.
The more detailed data processing operations are considered in corporate practice, the more data protection problems seem to arise. How does it look e.g. with the use of personalized contact details that have been sent to my company by business partners and are assigned to the employees of the business partner?
Data storage is increasingly moving to the clouds, away from local servers. What many companies are not aware of: Although it is practical to hardly have to worry about anything, you still have to ensure data protection and information security yourself.