Anyone who regularly surfs the Internet knows that cookie consent banners come in many different shapes, colors and designs. Basically, all of them should pursue the same goal: to inform the site visitor which cookies are used and to request consent for the associated data processing.

The well-known cookie banner with an “Ok” button is now becoming increasingly rare, but has still not completely disappeared. Many site operators have already upgraded to the extended cookie banner to comply with the requirements of the GDPR.

But even the extended banners, with purpose-dependent consent option contain some pitfalls that can lead to data protection problems. Learn more about cookies and data protection below.

Read more …

von Nadja-Maria

The Hamburg Commissioner for Data Protection and Freedom of Information Johannes Caspar (Hamburg data protection supervisory authority) has issued an order against Facebook to process data from WhatsApp for its own purposes and ordered immediate enforceability for this.

Read more …

von Nadja-Maria

Even in the context of an employment relationship or after its termination, an employee has the right to information about the processing of his or her data pursuant to Art. 15 GDPR. So far, so clear. As in many cases, the problems begin with a detailed examination.

Read more …

von Das Team der aigner business solutions GmbH

On 28. June 2021, the European Commission issued the expected adequacy decision for the United Kingdom. This means that the UK is considered a safe third country and data transfers can take place from 01. July 2021 in accordance with Art. 46 GDPR on the basis of this adequacy decision.

Read more …

In many companies, so-called sanctions list checks or embargo list checks are carried out. The fact that this is a topic relevant to data protection law is often forgotten. However, since personal data is processed in the course of these audits, the scope of application of the GDPR is opened and the requirements must be complied with.

Read more …

In its decision of February 16, 2021 (Case No.: 2 A 355/19), the Higher Administrative Court of Saarland determined that consent under data protection law to advertising approaches by telephone cannot be proven by the so-called “double opt-in procedure” in connection with an “Internet sweepstake”. The telephone advertising can then also not be based on a legitimate interest according to Art. 6 (1) lit. f DSGVO, as there is an anti-competitive processing.

Read more …

On 4th June 2021, the European Commission adopted the new standard contractual clauses for the transfer of personal data to third countries in accordance with the GDPR.

The new standard contractual clauses, the GDPR speaks of standard data protection clauses (Art. 46 para. 2 lit. c) GDPR), will enter into force at the end of June 2021 and will replace the existing contracts for controllers and for processors.

Read more …

von Nadja-Maria

The right to object – Art. 21 GDPR under the The right to object under Art. 21 GDPR is certainly not as prominent as, for example, the right to data erasure (right to be forgotten) under Art. 17 GDPR. Nevertheless, there are some data protection law subtleties to consider here, which we will highlight in this article.

Read more …

von Nadja-Maria

The General Data Protection Regulation is the central legal standard for the processing of personal data. However, when it comes to its application, one key step is often ignored: Which types of data processing are subject to the General Data Protection Regulation at all?

Read more …

von Rainer Aigner

The use of the newsletter service Mailchimp, based in the USA, was declared illegal by the BayLDA in the case in question. Read here what impact this has on the use of Mailchimp and other US providers.

Read more …