Germany

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CJEU Rules Consumer Associations Can File Data Infringement Class Actions Without a Consumer Mandate

CPW’s Scott Warren Joins Faculty

Article 80 (2) of the General Data Protection Regulation (GDPR) provides that Member States can entitle properly constituted not-for-profit bodies, organizations or associations that have statutory objectives which are in the public interest, and are active in the field of the protection of data subjects’ rights and freedoms, with the right to lodge complaints with

In a resolution as of 24 March 2022, the Conference of German Supervisory Authorities in Data Protection (Datenschutzkonferenz – “DSK”) provided guidance for data protection-compliant online trading of goods and services. The key message is that online customers must be given the option of a guest access for their orders. According to the DSK, online

Data Protection ShieldSince the Court of Justice of the EU (“CJEU”) decided in its Schrems II ruling that the Privacy Shield is no longer valid and that  EU Standard Contractual Clauses (SCC) can no longer be used without extra scrutiny and require the implementation of additional security measures by both the EU data exporter and the US data importer, companies are wondering on how they can transfer data to non EU countries. According to the CJEU, the SCCs are still valid, but a level of protection for personal data equivalent to that in the EU must be ensured, which would not be the case if public authorities, such as intelligence services, can access EU personal data without adequate judicial oversight or due process.
Continue Reading German DPA Issues Guidance on Schrems II and the Transfer of Personal Data to Non-EU Countries

Maintaining a positive and productive work environment helps retain valued employees and aids in recruiting new talent, ultimately saving costs and providing an advantage over competitors. To monitor employee satisfaction organizations are increasingly turning to conducting workplace surveys.

On June 16, 2020 at 4:00p CEST  Annette Demmel and Tarek Hajj-Khalil of our Data Privacy &

Digital ConceptOn February 10, 2020, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) initiated its first public consultation procedure on the anonymization of personal data, with a particular focus on providers of electronic communication services.  As the European Commission Communication in A European Strategy for Data recognized, anonymized data may be used for many purposes and bring enormous benefits to citizens, for example, by improving mobility and road safety.
Continue Reading Anonymization of Personal Data with Focus on Traffic Data:  First Public Consultation Procedure by the Federal German Data Protection Office

The revised EU’s Payment Services Directive (PSD2) and EU’s General Data Protection Regulation (GDPR) will both come in force in 2018. Seemingly unconnected, these two regulatory initiatives share a common goal– putting customers in control of their own personal data and keeping that personal data safe.

PSD2  is an update to the original Payment Service Directive, which was adopted in 2007.  The original Directive was implemented to make cross-border payments as easy, efficient and secure as national payments in the EU Member States.  The major changes of PSD2 are:
Continue Reading Compliance to PSD2 and GDPR – A New Challenge

While the GDUnited Nations newsPR compliance clock is ticking for companies, EU Member States have also been preparing for the implementation of the General Data Protection Regulation (“GDPR”) which will become enforceable on May 25, 2018.

The GDPR will be directly applicable in all EU Member States without the need for implementing national laws. However, apart from the need to establish the supervisory authority, the GDPR provides Member States with the possibility to introduce more specific rules in a number of. This includes the areas of employment, sensitive personal data such as health data and in relation to the role of data protection officers.

Below is a survey of the GDPR guidance by Data Protection Authorities (DPAs) in several key Member States.
Continue Reading Survey of the National GDPR Implementation Laws of Key Member States