The Belgian Council of State ruled on August 19, 2021 (case number 251.378) that encryption of data during data export can be an appropriate measure to ensure an adequate level of data protection. Golem.de reported on this on Sept. 17, 2021, and gdprhub.eu also dealt with it. The Belgian ruling now confirms the view of many data protection experts that encryption can be used under certain conditions to export data to insecure third countries in compliance with the law. This question had been hotly debated since the ECJ’s Schrems II ruling.

Read more …

This is the result of a review of nearly 1000 websites by consumer centers and consumer associations. As reported by their federal association on 17.09.2021, several consumer centers and associations have checked the websites to see whether they use cookie banners in compliance with the law.

Read more …

The General Data Protection Regulation sets out a whole series of conditions that must be met by an effective declaration of consent in accordance with Art. 6 Para.1 lit.a, 7 DSGVO. However, the fact that these requirements must also be observed in practice is now shown by the fine of 2 million euros imposed by the Austrian data protection supervisory authority.

Read more …

“Knowledge is power” and knowledge about potential prospects and customers is of enormous value. Data trading has therefore been a flourishing industry for years.

Read more …

Data subjects must tick the boxes for data protection consents themselves – this is what the GDPR wants, and this is how the ECJ and BGH decided: If those responsible want to process data on the basis of consent in accordance with Art. 6 Para. 1 lit. a GDPR, the checkboxes must be ticked be set by those affected themselves. Actually, it has been clear for a long time that the pre-filling of the checkboxes does not constitute consent by the person concerned, which meets the requirements of Art. 4 No. 11 GDPR.

Read more …

The data processing operations, which are becoming more and more complex as a result of globalization, are a challenge for many companies, not least in terms of data protection law. The fact that data processing does not take place centrally, but often takes place internationally scattered in a transmission chain, requires a close look at the possibilities for legitimation. It is therefore necessary to take a closer look at the new standard contractual clauses and what options they offer. In the following article, the topic of the so-called onward transfer of personal data between processors outside the EU is to be examined. In contrast to transmission, further transmission means the transfer of data from one processor to another processor.

Read more …

In modern companies it is almost inconceivable to handle business processes without the support of software. So it’s hardly surprising that new software is constantly coming onto the market. In addition, existing systems must be continuously adapted to the increasingly complex business processes.

Read more …

The Bavarian State Office for Data Protection Supervision (BayLDA) presented its tenth activity report for 2020 in July 2021. The activity report is drawn up on the basis of Art. 59 GDPR and provides information on the priorities and working conditions of the BayLDA as well as the data protection assessment of various case constellations.

Read more …

Noyb announced that it had filed official complaints with the relevant data protection supervisory authorities against 422 companies because of their cookie banners. Noyb stands for “None of your business” and is an association that is committed to enforcing data protection. One of the founding members of the association is the well-known data protection activist Max Schrems. This became known, among other things, through the proceedings he initiated, which led to the groundbreaking decisions of the ECJ that overturned both Safe Harbor and the EU-US Privacy Shield.

Read more …

von Nadja-Maria

Position of the data protection officer

Articles 38 and 39 of the General Data Protection Regulation provide legal guidelines for the cooperation between the controller and the data protection officer. In practice, there are some differences between the appointment of an internal and an external data protection officer. However, the following points in particular are mandatory in all cases:

Read more …