Real Estate Company Fined € 14.5 Million in Germany for Violating GDPR Principle of Privacy By Design

By Lars Lensdorf and Ulrike Elteste on November 6, 2019 Posted in EU Data Protection, European Union

On October 30, 2019, the supervisory authority (“SA”) of Berlin issued a € 14.5 million fine against the real estate company Deutsche Wohnen SE for storing personal data of tenants without a legal basis (Art. 6 GDPR) and for not implementing the GDPR principle of privacy by design (Art. 5 and 25(1) GDPR) (press release … Continue Reading

European Data Protection Board Issues Opinion on U.S. CLOUD Act

By Kristof Van Quathem and Nicholas Shepherd on July 23, 2019 Posted in Data Privacy, European Union, International, United States

On July 10, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (“CLOUD Act”) on the legal framework for the protection of personal data in the EU. The EDPB is an independent body composed … Continue Reading

EDPB Begins Consultation on New Guidelines on Use of the “Performance of a Contract” GDPR Legal Basis by Online Services

By Inside Privacy on April 17, 2019 Posted in Advertising & Marketing, Data Privacy, EU Data Protection, European Union

On 9 April 2019, the European Data Protection Board (“EDPB”) adopted new guidelines “on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects.” In general, the GDPR requires that processing of personal data be justified under a legal basis in Article 6 GDPR. … Continue Reading