fbpx

Download free GDPR compliance checklist!

Tag Archives for " Germany "

Apple hit with privacy complaints over iPhone tracking tool

A privacy group Noyb has filed complaints with the German and Spanish data protection authorities under the EU’s Cookie Law against Apple over a tool in iOS 14 that allegedly tracks iPhone user behaviour without consent.

The group claims that Apple’s Identifier for Advertisers (IDFA) activates when a user sets up an iPhone without offering a chance to consent or even notifying them of its existence.

Source: Apple hit with privacy complaints over iPhone tracking tool | IT PRO

German lawsuit accuses Amazon of breaking EU privacy law

Amazon faces a lawsuit in Germany over claims it has continued to transfer data to the United States using an invalidated transfer mechanism known as Privacy Shield.

The move comes after the EU’s top court struck down Privacy Shield in July over fears of U.S. snooping, throwing billions of euros in transatlantic digital trade into a legal limbo.

According to the lawsuit, which is due to be filed in a Munich court on Friday, Amazon continues to use Privacy Shield as a legal basis to send data to the U.S. in violation of the July ruling.

Source: German lawsuit accuses Amazon of breaking EU privacy law – POLITICO

No GDPR damages after data breach, says German court

In a civil action following a personal data breach affecting a credit card bonus programme, the Regional Court (Landgericht) Frankfurt am Main rejected claims by a data subject who was affected by the breach for a cease-and-desist injunction and for compensation for non-material damage under Article 82(1) GDPR.

The decision is in line with the majority of similar restrictive interpretations of Article 82(1) GDPR by other German courts, requiring evidence of objective harm. Nevertheless, there are also a few more “generous” court decisions favoring a subjective test for proof of non-material damage.

Source: Germany: No GDPR damages after data breach – Privacy Matters

Woman dies during a ransomware attack on a German hospital

It could be the first death directly linked to a cybersecurity attack. Experts have been warning for years that this would happen.

A woman in Germany died during a ransomware attack on the Duesseldorf University Hospital, in what may be the first death directly linked to a cyberattack on a hospital. The hospital couldn’t accept emergency patients because of the attack, and the woman was sent to a health care facility around 20 miles away.

The cyberattack was not intended for the hospital. he ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital.

Source: Woman dies during a ransomware attack on a German hospital – The Verge

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

Government ordered to rewrite German telecom act due to privacy concerns

Germany’s Constitutional Court has told the government to revise the Telecommunications Act by the end of next year as it violates the right of citizens to phone and internet privacy.

The law at present is unconstitutional because authorities have too much access to people’s data and the privacy of Germans should be better protected, the court ruled.

Source: Government ordered to rewrite German telecom act due to privacy concerns – PrivSec Report

Germany Prepares New Law for Patient Data Protection

On 3 July 2020, the German parliament passed a draft bill for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020.

One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.

Source: Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes

1 Google victory in German top court over right to be forgotten

A German court has sided with Google and rejected requests to wipe entries from search results. The cases hinged on whether the right to be forgotten outweighed the public’s right to know.

The court ruled that whether links to critical articles have to be removed from the search list always depends on a comprehensive consideration of fundamental rights in the individual case.

Source: Google victory in German top court over right to be forgotten | Germany| News and in-depth reporting from Berlin and beyond | DW | 27.07.2020

Germans hand police too much data, court rules

German authorities have too much access to people’s internet and mobile phone data and laws must be rewritten as they are unconstitutional, a court says.

The federal Constitutional Court in Karlsruhe has ruled that the privacy of Germans should be better protected. Police investigating crimes or trying to prevent terror attacks are currently allowed to access names, addresses, birth dates and IP addresses.

Source: Germans hand police too much data, court rules – BBC News

CJEU to decide on right of consumer protection associations and competitors to sue under GDPR

The Federal Court of Justice (BGH) has submitted to the Court of Justice of the European Union (CJEU) the question whether consumer protection associations or competitors are authorised to initiate a civil action in case of infringements of the General Data Protection Regulation (GDPR).

In this preliminary ruling procedure, the CJEU will have to decide whether, among other provisions, Art. 80 GDPR is in conflict with member state law which allows consumer protection associations and competitors to take action against infringements of the GDPR irrespective of the violation of subjective rights of individuals and without a mandate from the data subject.

Source: GERMANY: Right of consumer protection associations and competitors to initiate civil actions under GDPR will be case for CJEU

1 2 3 10
>