In its judgment of January 20, 2022 (Case No. 3 O 17493/20), the Munich Regional Court ruled on the claims of a data subject against a website operator in relation to the integration of Google Fonts. The plaintiff was awarded a claim for damages in the amount of €100.00. The defendant was prohibited from using Google Fonts under § 823 para. 1 in conjunction with § 1004 BGB analogously. § 1004 of the German Civil Code (BGB), the defendant was prohibited from disclosing the plaintiff’s IP address to Google in the future.
During an audit of a company, deficiencies in the implementation of Art. 38 and Art. 39 GDPR were identified and a fine of 15,000 euros was imposed.
This is the result of a review of nearly 1000 websites by consumer centers and consumer associations. As reported by their federal association on 17.09.2021, several consumer centers and associations have checked the websites to see whether they use cookie banners in compliance with the law.
The General Data Protection Regulation sets out a whole series of conditions that must be met by an effective declaration of consent in accordance with Art. 6 Para.1 lit.a, 7 DSGVO. However, the fact that these requirements must also be observed in practice is now shown by the fine of 2 million euros imposed by the Austrian data protection supervisory authority.
Data subjects must tick the boxes for data protection consents themselves – this is what the GDPR wants, and this is how the ECJ and BGH decided: If those responsible want to process data on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR, the checkboxes must be ticked be set by those affected themselves. Actually, it has been clear for a long time that the pre-filling of the checkboxes does not constitute consent by the person concerned, which meets the requirements of Art. 4 No. 11 GDPR.
The Luxembourg National Data Protection Commission (CNPD) imposed a record fine of 746 million euros on Amazon Europe Core S.à r.l. based in Luxembourg. This emerges from the quarterly report of AMAZON.COM, Inc. dated June 30, 2021.
von Rainer Aigner
The use of the newsletter service Mailchimp, based in the USA, was declared illegal by the BayLDA in the case in question. Read here what impact this has on the use of Mailchimp and other US providers.
Violations of the GDPR can cost companies dearly. The first thing that usually comes to mind are the high regulatory fines that are widely reported in the press. But not only high fines from the supervisory authorities threaten defaulting companies with incorrect information – compensation for pain and suffering can also be due, as the judgment of the Düsseldorf Labor Court of March 5, 2020 showed (Az. 9 Ca 6557/18). The reasoning for the judgment contained some fundamental statements regarding immaterial damages in connection with the violation of the GDPR.
The Swedish fashion brand H&M is said to pay a fine of 35.3 million euros for spying on employees. Hundreds of employees at the service center in Nuremberg are said to have been monitored. The Hamburg commissioner for data protection, Johannes Caspar, justified the decree on Thursday. Read the blog article to learn more about the GDPR fine against H&M.
The so-called “Schrems2” judgment of the ECJ, with which the US-EU Privacy Shield was overturned, is currently stirring up data protection officers and companies. In the video you can find out everything you currently need to know about the EU-US Privacy Shield. We’ll also tell you what to look out for in the company!