fbpx

Download free GDPR compliance checklist!

Tag Archives for " Germany "

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

German Constitutional Court to hold hearing on surveillance powers of the “German NSA”, the BND

The Federal Constitutional Court will hold a hearing on the BND Act on January 14th and 15th, 2020.

Plaintiffs expect a fundamental ruling defining the limits of intelligence gathering abroad. An alliance of six media organisations and the Gesellschaft für Freiheitsrechte (GFF) had filed a constitutional complaint against the BND Act, which gives broad surveillance powers to the Federal Intelligence Service (BND).

Source: German Constitutional Court to hold hearing on surveillance powers of the “German NSA”, the BND – GFF – Gesellschaft für Freiheitsrechte e.V.

German Supervisory Authorities Propose Changes to the GDPR

On December 2, 2019, the German Supervisory Authorities issued a report evaluating the implementation of the EU General Data Protection Regulation (“GDPR”) in Germany.

The report describes the Supervisory Authorities’ experience thus far in applying the GDPR and lists the provisions of the GDPR they see as problematic in practice.  For each of these provisions, the report discusses the perceived problem and proposes a solution.

Source: German Supervisory Authorities Propose Changes to the GDPR | Inside Privacy

German Constitutional Court Reshapes “Right to be Forgotten” and Expands Its Oversight of Human Rights Violations

In two recent landmark decisions issued on November 6, 2019, the German Constitutional Court presented its unique perspective on the “right to be forgotten” and announced that it will assume a greater role in safeguarding German residents’ fundamental rights from now on.

In first case the court held that since media nad privacy rights are not fully harmonized by EU law, the fundamental rights guaranteed by the German Basic Law (Grundgesetz) applied. The court stressed that in areas where the law is not fully harmonized, the application of fundamental rights granted by national constitutions can lead to different outcomes in the Member States.

In second case the court followed the Google Spain decision with respect to the general principles, in particular by confirming that the right at stake was the right to privacy. However, in the end, Google prevailed and the court did not order the takedown of the links at issue.

Full article: German Constitutional Court Reshapes “Right to be Forgotten” and Expands Its Oversight of Human Rights Violations

German Privacy Regulators Flooded with Google Analytics Complaints

The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.

At issue is whether deploying Google Analytics is possible without acquiring the consent of the end user prior to deploying the Google Analytics cookie on the end user’s device.

Source: German Privacy Regulators Flooded with Google Analytics Complaints

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”

German publishers wrestle with Firefox’s latest anti-tracking changes

German publishers have been hit hard by Mozilla Firefox’s latest anti-tracking update, which blocks third-party cookies by default.

Publishers have experienced a detrimental drop in programmatic ad revenues since the changes three weeks ago.

In a way, the fact Germany has been hit harder by the Firefox changes is unsurprising. That’s because, in Germany, where privacy is far more deep-rooted culturally than it is in the U.S. and U.K., the non-profit Firefox browser has always been especially popular.

Source: German publishers wrestle with Firefox’s latest anti-tracking changes – Digiday

Police in North Rhine-Westphalia can no longer publish photos of protests

The judge says it could discourage protesters from joining in and thus infringe on the fundamental right to assembly. The higher administrative court in Münster announced the decision on Tuesday.

Sharing photos of demonstrations on police media channels could infringe on the right of assembly guaranteed by German law, because it could affect protesters’ behavior and make them shy or scared to participate.

The ruling asked a federal court to review the decision, yet to be considered on a national level.

The ruling does not apply to photographs, audio, and video taken in cases of violence and for police records or investigations. The police can still use stock photos and text on their media channels.

Source: Police in North Rhine-Westphalia can no longer publish photos of protests, a court rules | News | DW | 17.09.2019

New Calculation Model for Data Protection Fines in Germany

In June, the conference of the German Data Protection Authorities (Datenschutzkonferenz) approved a concept for the calculation of GDPR fines.

“In a first step, the fine is calculated in daily rates derived from the worldwide company turnover of the previous year. The daily rate is multiplied by a factor which depends on the seriousness of the breach and is determined by the application of a scoring system. The sum is then reduced or increased depending on the degree of fault and on whether there have been any previous breaches. Three or more previous breaches can lead to a surcharge of 300 per cent. Mitigating factors will also be taken into account.”

Source: New Calculation Model for Data Protection Fines in Germany | Inside Privacy

Bavarian DPA investigates Blood Donation Service for website tracking

The Bavarian Data Protection Authority (BayLDA) is currently scrutinising the website of the blood donation service of the Bavarian Red Cross as part of a focused data protection review.

The reason for this was the use of tracking tools on the website of the blood donation service. In particular, the BayLDA will look at whether sensitive data about the users’ health has been used by Facebook.

If tracking tools are used, quite a number of data protection requirements must be observed. This is not as simple as merely informing the user about the tracking tools in simple terms; the website operator must also ensure that they legally integrate the tracking tools, i.e. that a legal basis allows the integration or that the users have given their consent in advance.

Source: Blood Donation Service under high scrutiny

1 2 3 8
>