Free tools and resources for Data Protection Officers!

Tag Archives for " Germany "

Germany may ban Facebook from third-party data sharing

Germany’s Federal Cartel Office intends to ban Facebook from collecting user data from third parties. This will also prohibit data sharing between WhatsApp and Instagram, which Facebook own.

Germany is concerned that Facebook users didn’t know they agreed to be tracked across the internet when they signed up for the firm’s offerings. If this sticks, it’s a serious problem for its ad-targeting strategy.

Full article: Facebook’s Privacy Problems Get Real in Germany – The Washington Post

Should cyber officials be required to tell victims of cyber crimes they’ve been hacked?

Since early December Germany’s Federal Office for IT Safety (BSI for its German initials) had been tracking a cyber attack targeting some of the country’s parliamentarians that ultimately led to the public release of their mobile phone numbers, credit card information and ID card details.

Only some MPs were informed by BSI about the attacks, while others learned about them only after the details were published in the media. MPs were outraged that BSI had failed to notify them that their personal data was being targeted, despite knowing about elements of the attack for up to four weeks.

Full article: Should cyber officials be required to tell victims of cyber crimes they’ve been hacked?

Germany: First court decision on claims for immaterial damages under GDPR

The Local Court ( Amtsgericht ) Diez (in a final decision dated 7 November 18, case number 8 C 130/18) was the first German court – and as far as we know the first court EU-wide – to decide on a claim for immaterial damages under Art. 82 (1) GDPR.

On 25 May 2018, the plaintiff received an email from the defendant requesting his consent to an email newsletter. In Germany, this is considered spam and also a GDPR violation. The plaintiff claimed compensation for immaterial damages to the amount of € 500.00 from the defendant pursuant to Art. 82 (1) GDPR.

Full article: Germany: First court decision on claims for immaterial damages under GDPR

Germany’s first fine under the GDPR offers enforcement insights

On Nov. 21 , the State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) imposed the first fine under the GDPR in Germany – on a social media company for a violation of its data security obligations.

This is not the first GDPR-related fine in Europe which has become publicly known: the Austrian DPA imposed a €4,800 fine for illegal video surveillance activities, and a €400,000 fine was imposed in Portugal on a hospital after staff members illicitly accessed patient data. However, the current example from Germany provides further insights into how DPAs intend to use their new, heightened fining powers under GDPR.

Full article: Germany’s first fine under the GDPR offers enforcement insights

First German data protection authority issues GDPR fine

The State Commissioner for Data Protection and Freedom of Information Baden-Wuerttemberg (LfDI) was the first German data protection authority to impose a fine under the GDPR. The fine of € 20,000 sanctions the violation by a social media company of its obligation to ensure data security of processing of personal data pursuant to Art. 32 (1) (a) GDPR (obligation to pseudonymise and encrypt personal data).

Full article: Germany: First data protection authority issues GDPR fine

German Lawyer Sanctioned Due to Incomplete GDPR Policy

An interim injunction has been issued by Würzburg Regional Court against a lawyer who displayed an unfinished Privacy Policy on her firm’s website which also included an unencrypted and unprotected contact form. Reaction to the ruling has been mixed as the sanction due to the unfinished GDPR policy was understandable but ruling regarding the unencrypted form was more confusing as this does not affect the transfer of information.

Source: German Lawyer Sanctioned Due to Incomplete GDPR Policy – Compliance Junction

German government pushing courts to submit data retention cases to CJEU

The German government is urging judges at the German Constitutional Court to submit a series of constitutional complaints filed against Germany’s data retention laws to the Court of Justice of the European Union (CJEU), threatening to delay the court’s verdict on the controversial data retention legislation by months or even years. If the cases are submitted to the ECJ, Germany’s constitutional court would have to wait for a ruling from the ECJ before issuing a verdict of its own.

Source: German government pushing courts to submit data retention cases to ECJ – Heise – Telecompaper

German data protection authorities establish new rules for whistleblowing hotlines

In light of the GDPR, the German data protection authorities (German DPAs) have issued new guidance regarding the implementation of whistleblowing hotlines. The new position of the German DPAs is so fundamentally different from their pre-GDPR position that German companies should review, and likely implement changes to, any existing whistleblowing hotlines offered to their employees.

Source: GDPR – German data protection authorities establish new rules for whistleblowing hotlines: Call for action

1 2 3 5
>