On May 4, 2023, the Advocate General (“AG”) of the Court of Justice of the European Union (“CJEU”) issued its opinion in case C-683/21, which examines the GDPR concepts of “controller”, “joint controller”, and “processor”, as well as the GDPR’s liability system.
processor
German DSK Publishes Decision on the Data Protection Assessment of Access Possibilities of Third Country Public Authorities to Personal Data
By Lars Lensdorf & Lucia Franke on
On February 3, 2023, the German Data Protection Conference (“Datenschutzkonferenz”, “DSK”) published its decision, dated January 31, 2023, on the data protection assessment of access possibilities for third country public authorities to personal data processed by an EU/EEA-based subsidiary of a third country-based parent company pursuant to Article 28 of the General Data Protection…
The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure
On July 12, 2019, the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (“eHDSI”).
Background
The eHDSI system was established in the context of the eHealth Network. The…