On May 4, 2023, the Advocate General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued its opinion in case C-683/21, which examines the GDPR concepts of “controller”, “joint controller”, and “processor”, as well as the GDPR’s liability system.Continue Reading CJEU’s Advocate General Issues Opinion on Concept of Controller, Joint Controller, Processor, and Administrative Fines
processor
German DSK Publishes Decision on the Data Protection Assessment of Access Possibilities of Third Country Public Authorities to Personal Data
By Lars Lensdorf on
On February 3, 2023, the German Data Protection Conference (“Datenschutzkonferenz”, “DSK”) published its decision, dated January 31, 2023, on the data protection assessment of access possibilities for third country public authorities to personal data processed by an EU/EEA-based subsidiary of a third country-based parent company pursuant to Article 28…
Continue Reading German DSK Publishes Decision on the Data Protection Assessment of Access Possibilities of Third Country Public Authorities to Personal DataThe European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure
On July 12, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (“eHDSI”).
Background
The eHDSI system was established in the context…
Continue Reading The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure