Download free GDPR compliance checklist!

Tag Archives for " Germany "

Police in North Rhine-Westphalia can no longer publish photos of protests

The judge says it could discourage protesters from joining in and thus infringe on the fundamental right to assembly. The higher administrative court in Münster announced the decision on Tuesday.

Sharing photos of demonstrations on police media channels could infringe on the right of assembly guaranteed by German law, because it could affect protesters’ behavior and make them shy or scared to participate.

The ruling asked a federal court to review the decision, yet to be considered on a national level.

The ruling does not apply to photographs, audio, and video taken in cases of violence and for police records or investigations. The police can still use stock photos and text on their media channels.

Source: Police in North Rhine-Westphalia can no longer publish photos of protests, a court rules | News | DW | 17.09.2019

New Calculation Model for Data Protection Fines in Germany

In June, the conference of the German Data Protection Authorities (Datenschutzkonferenz) approved a concept for the calculation of GDPR fines.

“In a first step, the fine is calculated in daily rates derived from the worldwide company turnover of the previous year. The daily rate is multiplied by a factor which depends on the seriousness of the breach and is determined by the application of a scoring system. The sum is then reduced or increased depending on the degree of fault and on whether there have been any previous breaches. Three or more previous breaches can lead to a surcharge of 300 per cent. Mitigating factors will also be taken into account.”

Source: New Calculation Model for Data Protection Fines in Germany | Inside Privacy

Bavarian DPA investigates Blood Donation Service for website tracking

The Bavarian Data Protection Authority (BayLDA) is currently scrutinising the website of the blood donation service of the Bavarian Red Cross as part of a focused data protection review.

The reason for this was the use of tracking tools on the website of the blood donation service. In particular, the BayLDA will look at whether sensitive data about the users’ health has been used by Facebook.

If tracking tools are used, quite a number of data protection requirements must be observed. This is not as simple as merely informing the user about the tracking tools in simple terms; the website operator must also ensure that they legally integrate the tracking tools, i.e. that a legal basis allows the integration or that the users have given their consent in advance.

Source: Blood Donation Service under high scrutiny

German court decides that GDPR consent can be tied to receiving advertising

On June 27, 2019, the High Court of Frankfurt decided that a consent for data processing tied to a consent for receiving advertising can be considered as freely given under the GDPR.

The claimant’s consent had been obtained in connection with his participation in a sweepstakes contest. The court decided that bundling consent for advertising with the participation in a sweepstakes contest does not prevent it from being “freely given”. According to the court, “freely given” consent is a consent that is given without “coercion” or “pressure”.

Source: Participation in a raffle of consent to future e-mail advertising

German court ruling: no claims for damages for minor GDPR violations

In its recent decision of 11 June 2019, the Dresden Court of Appeals had to decide on claims for damages under Article 82 GDPR with regard to minor violations of the GDPR.

The Court of Appeals ruled that Article 82 (1) GDPR should not be interpreted in a manner that claims for damages are already triggered where the person affected only subjectively perceives inconvenience without suffering any serious impairment of their self-image or reputation. Otherwise, unconditional claims for damages would be created.

Source: German court ruling: no claims for damages under Article 82 GDPR for minor GDPR violations | Technology Law Dispatch

Facebook succeeds in blocking German FCO’s order against combining user data

Facebook has succeeded in blocking the order by Germany’s Federal Cartel Office earlier this year that would have banned it from combining data on users across its own suite of social platforms — Facebook, Instagram and WhatsApp — without their consent.

Facebook appealed, delaying application of the order, and ruling by the Dusseldorf court grants a suspension. The FCO has a month to lodge an appeal.

Source: Facebook succeeds in blocking German FCO’s privacy-minded order against combining user data | TechCrunch

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

Germany investigates Google speech assistance systems

Based on recordings from whistleblowers, the media recently reported that Google’s Home Speech Assistant was used to evaluate acoustic recordings by employees in order to optimize the speech recognition process.

The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has initiated an administrative procedure to prohibit Google from carrying out corresponding evaluations by employees or third parties for the period of three months. This is intended to provisionally protect the rights of privacy of data subjects for the time being.

Source: Speech assistance systems put to the test – Data protection
authority opens administrative proceedings against Google

German schools ban Office 365 due to privacy concerns

The German state of Hesse has ruled it’s illegal for its schools to use Office 365 after years of debate over whether the country’s schools and institutions should use Microsoft tools at all.

The Hesse Office for Data Protection and Information Freedom says the standard configuration in Office 365 could potentially make students’ and teachers’ personal data available to US officials. In addition to the information that users provide when they’re working in Office 365, the platform sends telemetry data back to the US.

Source: German Schools Ban Office 365, Cite Privacy Concerns

Germany fines Facebook for under-reporting complaints

German authorities have fined Facebook 2 million euros for under-reporting complaints about illegal content on its social media platform in breach of the country’s law on internet transparency.

Germany’s Federal Office of Justice said that by tallying only certain categories of complaints, the web giant had created a skewed picture of the extent of violations on its platform.

Source: Germany fines Facebook for under-reporting complaints – Reuters