Fox Rothschild LLP (JD Supra Germany)
-
German Transport Authority, Information Security Office Plan Cooperation On Autonomous Vehicles
The German Federal Motor Transport Authority (KBA) and the Federal Office for Information Security (BSI) recently signed an administrative agreement for cross-departmental cooperation to facilitate and accelerate the safe development of automated and networked driving...
-
EDPB Controller-Processor Guidelines: German State Offers FAQs
The Data Protection Authority for the German state of Baden-Württemberg has issued FAQs on the European Data Protection Board's (EDPB) Controller-Processor Guidelines. Legal Concepts- •Contractual clauses can represent who has a decision-making power with regard to the purposes and means of processing. However, a contract must not allow the parties to assign responsibility at their own...
-
COVID-19 Data Collection In Restaurants Done Right: Lessons From A German Regulator
The German state of North Rhine Westphalia has issued an audit checklist for compliant use of data collected in connection with COVID-19 tracing. This checklist will prove useful for U.S. states as similar requirements for collection of data for contact tracing purposes are imposed on public venues and in view of pending bills prohibiting the use of the data for non-COVID purposes...
-
German State’s Data Processing Authority Offers Strict Guidance On Post-Schrems II Data Transfers
The data protection authority of the German state of Baden-Wurttemberg issued a guidance for European Union data exporters in the wake of the Schrems II decision by the Court of Justice of the European Union (CJEU), which invalidated the EU-U.S. Privacy Shield and imposed conditions on the use of Standard Contractual Clauses...
-
German Data Protection Authorities Say Emails Must Be Encrypted
Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR)...
-
German Privacy Regulators Flooded With Google Analytics Complaints
Google Analytics is in the crossfire in Germany. The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.
-
German Court Rules Company Can Disclose Shareholder Information To Other Shareholders
GDPR does not prohibit a company from disclosing to one company shareholder, information identifying other shareholders in the same company, says the Higher Regional Court of Munich. The legal basis under GDPR is that the disclosure is necessary for the performance of the contractual relationship established by the articles of association.
-
German Court Rules Sweepstakes Participation Conditioned On Receiving Ads Amounts To Consent Under GDPR
If you condition participation in a sweepstakes on receiving advertising on a particular topic from the provider of the sweepstakes or from other third parties — this is still valid consent under GDPR, says the Higher Regional Court of Frankfurt, Germany.
-
Hamburg DPA Releases Guidelines For Google Voice Assistant
The Hamburg Data Protection Authority (DPA) laid out guidelines for Google regarding its voice assistant that may reveal what DPAs may be expecting for compliance with GDPR (and some parts may be applicable for CCPA too) : Specifically they require: consent as the legal basis for the recording.
-
German Court: Internal Recorded Statements And Notes Are Personal Data And Must Be Disclosed
The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access request.
-
German States Issue 41 Fines For GDPR Violations
A total of 41 fines have reportedly been issued for GDPR violations across the various German states. Violations included: A clinic accidentally handed over a copy of a severely handicapped person’s ID card to the wrong patient.