Orrick - Trust Anchor (JD Supra Germany)
German Supervisory Authority Publishes First Substantive Guidance on International Data Transfers in the Post Schrems 2.0
On 16 July, 2020 the European Court of Justice (“CJEU”) published its decision invalidating the EU-U.S. Privacy Shield and setting out enhanced requirements for using the so-called Standard Contractual Clauses for Processors (Decision 2016/1250 – “SCCs”) (judgement C-311/18 – “Schrems II”). See our previous blog on the Schrems II decision for further details. Shortly thereafter, the European Data
A Survival Guide for GDPR Enforcement Actions from a German Perspective – How to Assess and Mitigate Fines for GDPR Violations
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should an enforcement action be initiated against them. Here we will give a high-level overview on risks and strategies in enforcement actions.
German regulator issues record fine for keeping personal data too long
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s second largest housing company Deutsche Wohnen SE (“DW”) for retaining personal data without legal justification.
New law decreases the number of companies required to designate a Data Protection Officer in Germany
On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of criminal proceedings, the new legislation makes an important change for small companies by increasing the threshold to designate a Data Protection Officer (“DPO”).
Bavarian Data Protection Supervisory Authority Concludes After “Safer Internet Day Raid” that Investigated Companies Fail to Obtain Appropriate Cookie Consent
The Bavarian Data Protection Authority (“BDPA”) took the “safer internet day” in February 2019 as an opportunity to conduct privacy checks on website operators.
10 German Data Privacy Supervisory Authorities Investigating Potential Unlawful International Data Transfers
According to a press release of the Data Protection Supervisory Authority in the Land Mecklenburg Vorpommern of November 3, German supervisory authorities have randomly selected 500 companies in Germany and sent them requests for information on their international data transfers. The German supervisory authorities are undertaking this coordinated action in order to increase awareness among...
First Privacy Shield Guidelines for Companies published by German DPA
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the Privacy Shield. Although the guidance is primarily directed at German companies that engage U.S. providers (any third party service providers), U.S. providers should understand...
Germany Issues Privacy Guidelines for Employer Access to Employee Email and Internet Use
Can employers look at the company email accounts of employees, such as when they do not show up to work? Can employers monitor employee Internet use during working hours? Can employers read employee emails if they use the company email account for personal purposes?
Data transfers in limbo – U.S. companies face fines by German data protection authorities
While EU regulators determine whether to adopt a new agreement for transfers of personal data from Europe to the United States to replace the invalid EU-U.S. Safe Harbor Framework, German data protection authorities have not been idly twirling their thumbs.
Requirements for valid consent – Why opting-in should not be optional
The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of personal data under the relevant German data protection provisions, the Federal Data Protection Act (Bundesdatenschutzgesetz) (“BDSG”) and the Telemedia Act (Telemediengesetz).
More Guidelines on Data Privacy Compliant Use and Monitoring of Internet and Emails in the Workplace in Germany
Recently, the Berlin-Brandenburg Regional Labor Court ruled on the rights of an employer to check browsing history without the employee’s consent. Orrick’s German employment team published a client newsletter about this judgment. According to this newsletter entry, two issues that employers have been struggling with are now eased...