Archives: EU Data Protection

Subscribe to EU Data Protection RSS Feed

European Data Protection Board Issues Guidelines on Processing Personal Data for Scientific Research Related to COVID-19

On April 21, 2020, the European Data Protection Board (“Board”) issued guidelines on the processing of personal data for scientific research related to COVID-19.  The Board indicates that the GDPR takes into account the needs of scientific research and should not be a barrier to conduct such research, while at the same time, it helps … Continue Reading

French Supervisory Authority Launches Public Consultation on the Digital Rights of Minors

On April 21, 2020, the French Supervisory Authority (“CNIL”) launched a public consultation on the rights of minors in the digital services. The consultation is open until June 1, 2020.  The CNIL will use the contributions it receives to prepare recommendations in this area. Under the French Data Protection Law, minors over 15 years old … Continue Reading

EDPB Issues New Guidance on the Use of Location Data and Contact Tracing in the Context of the COVID-19 Outbreak

As we anticipated in a previous blog post, on April 22, 2020, the European Data Protection Board (“EDPB”) issued new guidelines on the use of location data and contact tracing apps in the context of the present COVID-19 pandemic. The EDPB’s new guidelines complement and build on similar guidance previously issued by the Board itself … Continue Reading

EU Commission Releases Guidance on COVID-19 Apps

On 8 April 2020, the European Commission adopted a recommendation on a common European Union toolbox for the use of technology and data to address the COVID-19 crisis (“Recommendation”).  The Recommendation responds to calls for a common EU approach to the use of mobile apps in combatting COVID-19—one that improves the efficacy of the technology … Continue Reading

New German Legislation Facilitates Scientific Research in the Health Sector

On March 28, 2020, the “Federal Act for the Protection of the Population against an Epidemic of National Significance” (Bevölkerungsschutzgesetz) went into effect.  The law forms part of an emergency legislative package introduced by the German government in response to COVID-19. The law amends the Social Code V (SGB V) by introducing a new provision … Continue Reading

COVID-19 Apps and Websites – The “Pan-European Privacy Preserving Proximity Tracing Initiative” and Guidance by Supervisory Authorities

Pan-European Privacy Preserving Proximity Tracing Initiative According to media sources, an EU consortium led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) will soon release software code that can be used to create apps that will help track transmission chains of COVID-19.  The Pan-European Privacy Preserving Proximity Tracing (“PEPP-PT”) project comprises more than 130 … Continue Reading

Dutch Supervisory Authority Investigates Connected Cars

On March 24, 2020, the Dutch Supervisory Authority (“SA”) announced the launch of a broad investigation into automobile manufacturers, to determine whether any violations of data protection laws have occurred in relation to connected cars. The Dutch SA sent a questionnaire to all Netherlands-based car and truck manufacturers, asking what types of personal data they … Continue Reading

COVID-19, Scientific Research and the GDPR – Some Basic Principles

As scientists work around the clock to gain insights into the Corona virus and how to fight it, public and private-sector stakeholders are in discussions to promote the rapid exchange of scientific data. During these discussions, the GDPR acronym inevitably rears its head and casts doubt over what is lawful. The GDPR and national data … Continue Reading

Italian Government and Trade Unions Sign Protocol on Fighting COVID-19 in the Workplace

On March 14, 2020, the Italian Government and several trade unions have signed a protocol, which establishes specific procedures for fighting COVID-19 in the workplace. The protocol also includes provisions on the processing of personal data of employees.  In particular, it provides that employers may subject their employees to pro-active body temperature controls before entering … Continue Reading

Procurement Tenders in the Health Sector: More Protection for Patient Data

On March 6, 2020, the Italian Data Protection Authority (“Garante”) reported on new measures designed to protect the health data of patients in the context of Government procurement efforts (calls for tender) to acquire medical equipment and devices. The new measures are the result of a collaboration between the Garante and Consip, a company wholly … Continue Reading

Key COVID-19 Issues for Privacy and Cybersecurity Professionals

Covington experts on issues as varied as supply chain and other commercial contracts, employment, and insurance are supporting companies on the commercial implications of Coronavirus COVID-19.  But this blog post provides a brief overview of some of the key issues that privacy and cybersecurity professionals should have top of mind in dealing with response efforts.  … Continue Reading

Advocate General delivers opinion on GDPR consent

On March 4, 2020, Advocate General Szpunar (“AG”) delivered his opinion in the case C-61/19 Orange România SA v Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP).  The AG concluded that a printed telecommunication contract stating that customers consent to the processing of a copy of their identification card does not meet … Continue Reading

European Commission Presents Strategies for Data and AI (Part 1 of 4)

On 19 February 2020, the European Commission presented its long-awaited strategies for data and AI.  These follow Commission President Ursula von der Leyen’s commitment upon taking office to put forward legislative proposals for a “coordinated European approach to the human and ethical implications of AI” within the new Commission’s first 100 days.  Although the papers … Continue Reading

German Federal Commissioner for Data Protection and Freedom of Information Launches Public Consultation on Anonymization

On February 10, 2020, Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI) launched its first public consultation procedure.  The consultation invites comments on a position paper of the BfDI which addresses the anonymization of personal data under the General Data Protection Regulation (GDPR), with a particular focus on the telecommunications sector (for … Continue Reading

Germany Publishes Draft Regulation on the Reimbursement of Digital Health Applications

Germany recently enacted a law that enables state health insurance schemes to reimburse costs related to the use of digital health applications (“health apps”), but the law requires the Federal Ministry of Health to first develop the reimbursement process for such apps.  Accordingly, on January 15, 2020, the German government published a draft regulation setting … Continue Reading

French Supervisory Authority Publishes Second Guidance on Cookies and Similar Technologies

On January 14, 2020, the French Supervisory Authority (“CNIL”) published a new draft guidance on the use of cookies and similar technologies on websites and applications (see here, in French).  The draft guidance is open for public consultation until February 25, 2020. In its nine articles, the guidance sets out how to properly inform users … Continue Reading

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here, in Dutch).  The Court was asked to decide on the scope of the right of access under the GDPR. The defendant in this case was a bailiff involved in the bankruptcy procedure.  The individual who was target of … Continue Reading

Belgian Supervisory Authority Imposes Cookie Fine

On December 17, 2019, the Belgian Supervisory Authority (“SA”) imposed a fine of € 15,000 on an SME operating a legal information website that welcomes approximately 35,000 unique visitors a month.  Interestingly, in the apparent absence of any actual complaints submitted to the SA, it carried out this enforcement action on its own initiative. In … Continue Reading

AG Publishes Opinion on the Validity of the EU Standard Contractual Clauses

On December 19, 2019, Advocate General (“AG”) Henrik Saugmandsgaard Øe handed down his Opinion in Case C-311/18, Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (“Schrems II”). The AG’s Opinion provides non-binding guidance to the Court of Justice of the EU (“CJEU”) on how to decide the case. In brief, the AG recommended that … Continue Reading

EDPB Publishes Article 28 Standard Clauses Adopted by Danish Supervisory Authority

On December 11, 2019, the European Data Protection Board (“EDPB”) published the final text of the standard clauses adopted by the Danish Supervisory Authority (Datatilsynet, hereafter “Danish SA”) pursuant to Article 28(8) of the General Data Protection Regulation (“GDPR”).  The Danish clauses are now accessible on the EDPB’s register of decisions taken by Supervisory Authorities.  … Continue Reading

German Telecommunications Company Fined 9.5 Million Euros for GDPR Violation

On December 9, 2019, the German Federal Data Protection Supervisory Authority (BfDI) imposed a 9.55 million Euro fine on the telecommunications company 1&1 Telecom GmbH.  The BfDI found that the authentication procedures used by 1&1’s customer helpline were insufficient and failed to satisfy the requirements of Art. 32 GDPR.  The company announced that it will … Continue Reading

German Supervisory Authorities Propose Changes to the GDPR

On December 2, 2019, the German Supervisory Authorities issued a report evaluating the implementation of the EU General Data Protection Regulation (“GDPR”) in Germany.  The report describes the Supervisory Authorities’ experience thus far in applying the GDPR and lists the provisions of the GDPR they see as problematic in practice.  For each of these provisions, … Continue Reading

New E-Privacy Proposal on the Horizon?

On December 3, 2019, the EU’s new Commissioner for the Internal Market, Thierry Breton, suggested a change of approach to the proposed e-Privacy Regulation may be necessary.  At a meeting of the Telecoms Council, Breton indicated that the Commission would likely develop a new proposal, following the Council’s rejection of a compromise text on November … Continue Reading

German Constitutional Court Reshapes “Right to be Forgotten” and Expands Its Oversight of Human Rights Violations

In two recent landmark decisions issued on November 6, 2019, the German Constitutional Court (“BVerfG”) presented its unique perspective on the “right to be forgotten” and announced that it will assume a greater role in safeguarding German residents’ fundamental rights from now on.… Continue Reading
LexBlog