Alston & Bird (JD Supra Germany)
-
German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs
On August 24, 2020, the data protection authority of the German state of Baden-Württemberg (the “DPA”) published guidance (the “Guidance”) on international transfers of personal data following the Schrems II judgment.
-
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users.
-
German DPA Announces GDPR Compliance Survey of Large Companies – Translation Provided
Following a two-year grace period, EU General Data Protection Regulation (GDPR) entered into force on May 25, 2018. For many companies, preparing for the GDPR was a multi-year project involving multiple teams and input or assistance from across the organization.
-
German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy.
-
German DPAs Publish Model GDPR Processing Records – Translations Provided
In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their processing activities.
-
Alston & Bird Publishes Five-Part Series on Germany’s GDPR Implementation Statute
Last year, Germany became the first EU member state to pass legislation implementing the EU’s General Data Protection Regulation (GDPR). For companies, national GDPR implementing legislation can be significant.
-
An English-Language Primer on Germany’s GDPR Implementation Statute: Part 5 of 5
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG,...
-
An English-Language Primer on Germany’s GDPR Implementation Statute: Part 4 of 5
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG,...
-
An English-Language Primer on Germany’s GDPR Implementation Statute: Part 3 of 5
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG,...
-
An English-Language Primer on Germany’s New GDPR Implementation Statute Part 2: Individual Rights, DPA Oversight and Enforcement, and Litigation
This is Part 2 of a two-part English-language overview of Germany’s recently passed new version of the Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG)—the BDSG-New, which implements the EU General Data Protection Regulation (GDPR). Part 1 focused on internal-facing compliance provisions. This part focuses on individual rights, privacy regulator oversight, and litigation. ...
-
An English-Language Primer on Germany’s GDPR Implementation Statute: Part 1 of 5
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR). On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act.
-
German Justice Department Publishes Bill Requiring Social Networks to Implement Takedown Procedures for Illegal Content, Work with Law Enforcement – Subject to € 50 Million Fines
Recent media reports indicated that Germany was considering legislation that would fine social networks for failing to combat fake news and hate speech. Today, German Justice Minister Heiko Maas introduced a “Draft Law to Improve Law Enforcement in Social Networks” (abbreviated as the Network Enforcement Act (Netzwerkdurchsetzungsgesetz), or “NetzDG”).
-
German DPAs to Survey Transfers in 500 Companies – with English Translation of DPA Questionnaire
Late last week, 10 of Germany’s 17 Data Protection Authorities (DPAs) announced they are planning to send written questionnaires to approximately 500 different companies regarding international data transfers. The following provides a brief overview of the situation, as well as an English translation of the questionnaire, for companies who are potentially affected.
-
German DPA Publishes First Privacy Shield Guidelines, Requires German-Law Contracts for Transfers
On June 7, 2016, the European Commission adopted the US-EU Privacy Shield. Companies that self-certify under Privacy Shield with the US Department of Commerce – dubbed “Privacy Shield organizations” – are thus officially recognized by the EU as providing an adequate level of protection for data transferred from the EU. As a result, Privacy Shield organizations may in principle freely receive...
-
German DPAs Will Not Be Able to Challenge Privacy Shield This Year
Even before the ECJ’s Schrems decision invalidated Safe Harbor, the European Commission had begun working closely with US negotiators to craft what has become the U.S.-EU Privacy Shield. While EU privacy leaders have noted that Privacy Shield represents important improvements in data protection, some German DPAs have voiced a desire to challenge Privacy Shield in court. This desire is not...
-
Cyber Alert: Global Cybersecurity Spotlight: Germany
Following nearly two years of negotiations, the European Parliament and European Council finally reached agreement on the Network and Information Security Directive (“NIS Directive”) in December 2015.1 The Directive will require certain operators of “essential services” and “digital services providers” (e.g., online marketplaces, search engines and cloud computing services) to implement...
-
Germany’s Christmas Present: Data-Protection Class Actions
Following the European Court of Justice’s Schrems decision invalidating the Safe Harbor mechanism, much attention has focused on how the Data Protection Authorities (DPAs) of EU member states would interpret and enforce Schrems.