Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”). As we explained in recent posts (here and here), publication of an … Continue Reading
Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here). This 14-point position paper follows a meeting that these authorities held last week. Key points include: following the Safe Harbor judgment of the … Continue Reading
In May 2015, reports about the German government’s plans to establish federal German cloud infrastructure (the “Bundes-Cloud”) raised concerns about the possible introduction of data localization requirements (preventing the storage and processing of data outside Germany). The criteria for the use of cloud services by Germany’s federal administration, which have recently been published, now give … Continue Reading
Whilst the discussions on the proposed Network and Information Security (NIS) Directive at European level are still ongoing (see Update on the Cybersecurity Directive − over to Luxembourg?, InsidePrivacy, June 12, 2015), less has been said about Germany new national Act to Increase the Security of Information Technology Systems (the “IT Security Law”). The IT Security Law … Continue Reading
Pursuant to a press release of April 8, 2014, the Hamburg data protection authority (the “Hamburg DPA”) essentially upheld its order of September 2014, in which it found that certain of Google’s data processing operations explained in its 2012 privacy policy violated German data protection law. More in particular, the Hamburg DPA established that Google’s … Continue Reading
In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy. Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings. Yesterday’s Resolution on … Continue Reading
Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies. In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation. As the below examples from France and Germany show, some courts or … Continue Reading
Pursuant to a press release of the German Federal Ministry for Justice and Consumer Protection, the German Government approved a draft law to strengthen the private enforcement of certain data protection law provisions that aim to protect consumers. In particular, the draft law empowers consumers and other qualified associations to send cease-and-desist letters and to … Continue Reading
The German Federal Ministry of the Interior recently published its revamped proposal for an “IT Security” Law. A similar proposal had already been adopted by the previous German Government in March last year (see InsidePrivacy, German Government Proposes Cybersecurity Law, March 22, 2014). However, that proposal ultimately failed to clear the legislative process in time … Continue Reading
On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv). The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy. In Germany, consumer associations have a … Continue Reading
Only a few days after the leading parliamentary committee waved through the proposed amendments to the European Commission’s legislative proposal for a General Data Protection Regulation (see here and here), the EU Member States’ governments have decided to postpone the adoption of the Regulation to 2015. Germany and the UK, in particular, supported the delay, albeit … Continue Reading
Germany has passed a law which amends several existing laws, including the Telecommunications Act, clarifying in particular the obligations of telecommunications providers to disclose customer data to law enforcement authorities. The existing disclosure obligations relate to “customer data”, which is data of subscribers collected for the purpose of establishing, regulating the contents of, modifying or … Continue Reading
The data protection authority in Hamburg, Germany, issued an administrative fine in the amount of € 145,000 against Google for its illegal WiFi data collection activities. This fine fell just short of the maximum amount for such fines under German data protection law, which is € 150,000 (in cases of negligence). Between 2008 and 2010, … Continue Reading
Following the German Government’s adoption of a cybersecurity strategy back in February 2011, and only a couple of weeks after the publication of the European Commission’s CyberSecurity Strategy and proposal for a Directive on Network and Information Security (see InsidePrivacy EU Adopts CyberSecurity Strategy and Proposes Network and Information Security Directive, February 7, 2013), Germany … Continue Reading
By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks. Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading
