Free tools and resources for Data Protection Officers!

Tag Archives for " Germany "

New Calculation Model for Data Protection Fines in Germany

In June, the conference of the German Data Protection Authorities (Datenschutzkonferenz) approved a concept for the calculation of GDPR fines.

“In a first step, the fine is calculated in daily rates derived from the worldwide company turnover of the previous year. The daily rate is multiplied by a factor which depends on the seriousness of the breach and is determined by the application of a scoring system. The sum is then reduced or increased depending on the degree of fault and on whether there have been any previous breaches. Three or more previous breaches can lead to a surcharge of 300 per cent. Mitigating factors will also be taken into account.”

Source: New Calculation Model for Data Protection Fines in Germany | Inside Privacy

Bavarian DPA investigates Blood Donation Service for website tracking

The Bavarian Data Protection Authority (BayLDA) is currently scrutinising the website of the blood donation service of the Bavarian Red Cross as part of a focused data protection review.

The reason for this was the use of tracking tools on the website of the blood donation service. In particular, the BayLDA will look at whether sensitive data about the users’ health has been used by Facebook.

If tracking tools are used, quite a number of data protection requirements must be observed. This is not as simple as merely informing the user about the tracking tools in simple terms; the website operator must also ensure that they legally integrate the tracking tools, i.e. that a legal basis allows the integration or that the users have given their consent in advance.

Source: Blood Donation Service under high scrutiny

German court decides that GDPR consent can be tied to receiving advertising

On June 27, 2019, the High Court of Frankfurt decided that a consent for data processing tied to a consent for receiving advertising can be considered as freely given under the GDPR.

The claimant’s consent had been obtained in connection with his participation in a sweepstakes contest. The court decided that bundling consent for advertising with the participation in a sweepstakes contest does not prevent it from being “freely given”. According to the court, “freely given” consent is a consent that is given without “coercion” or “pressure”.

Source: Participation in a raffle of consent to future e-mail advertising

German court ruling: no claims for damages for minor GDPR violations

In its recent decision of 11 June 2019, the Dresden Court of Appeals had to decide on claims for damages under Article 82 GDPR with regard to minor violations of the GDPR.

The Court of Appeals ruled that Article 82 (1) GDPR should not be interpreted in a manner that claims for damages are already triggered where the person affected only subjectively perceives inconvenience without suffering any serious impairment of their self-image or reputation. Otherwise, unconditional claims for damages would be created.

Source: German court ruling: no claims for damages under Article 82 GDPR for minor GDPR violations | Technology Law Dispatch

Facebook succeeds in blocking German FCO’s order against combining user data

Facebook has succeeded in blocking the order by Germany’s Federal Cartel Office earlier this year that would have banned it from combining data on users across its own suite of social platforms — Facebook, Instagram and WhatsApp — without their consent.

Facebook appealed, delaying application of the order, and ruling by the Dusseldorf court grants a suspension. The FCO has a month to lodge an appeal.

Source: Facebook succeeds in blocking German FCO’s privacy-minded order against combining user data | TechCrunch

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

Germany investigates Google speech assistance systems

Based on recordings from whistleblowers, the media recently reported that Google’s Home Speech Assistant was used to evaluate acoustic recordings by employees in order to optimize the speech recognition process.

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has initiated an administrative procedure to prohibit Google from carrying out corresponding evaluations by employees or third parties for the period of three months. This is intended to provisionally protect the rights of privacy of data subjects for the time being.

Source: Speech assistance systems put to the test – Data protection
authority opens administrative proceedings against Google

German schools ban Office 365 due to privacy concerns

The German state of Hesse has ruled it’s illegal for its schools to use Office 365 after years of debate over whether the country’s schools and institutions should use Microsoft tools at all.

The Hesse Office for Data Protection and Information Freedom says the standard configuration in Office 365 could potentially make students’ and teachers’ personal data available to US officials. In addition to the information that users provide when they’re working in Office 365, the platform sends telemetry data back to the US.

Source: German Schools Ban Office 365, Cite Privacy Concerns

Germany fines Facebook for under-reporting complaints

German authorities have fined Facebook 2 million euros for under-reporting complaints about illegal content on its social media platform in breach of the country’s law on internet transparency.

Germany’s Federal Office of Justice said that by tallying only certain categories of complaints, the web giant had created a skewed picture of the extent of violations on its platform.

Source: Germany fines Facebook for under-reporting complaints – Reuters

German Bundestag approves 2nd German Data Protection Adaptation Act

On 28 June 2019, the German Bundestag passed the 2nd German Data Protection Act (“2nd DSAnpUG”) which will amongst other things further adapt the German Federal Data Protection Act („BDSG“), the German Federal Registration Act (“BMG”), the German Act on the Federal Office for Security in Information Technology (“BSI-Act”) and the Act on the Establishment of a Federal Institute for Digital Radio of Authorities and Organizations with Security Responsibilities (“BDBOS-Act”) to the provisions of the General Data Protection Regulation („GDPR“).

Full article: German Bundestag approves 2nd German Data Protection Adaptation Act (“2nd DSAnpUG”): Summary of significant changes for German data protection laws.

1 2 3 8