fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " Germany "

Germany mulls giving end-to-end chat app encryption

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand.

Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, and Telegram to cough up plain-text records of people’s private enciphered chats to authorities that obtain a court order.

Source: Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works • The Register

German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches

German regional data protection authorities have imposed fines in 75 cases totalling EUR 449,0000 for breaches of the European General Data Protection Regulation (GDPR), since it came into effect in May 2018.

Fines have been imposed in six federal states. In Baden-Wurttemberg, for example, the data protection authorities imposed fined worth EUR 203,000 in seven cases, in Rhineland-Palatinate EUR 124,000 for nine cases, in Berlin EUR 105,600 for eighteen cases and in Hamburg, EUR 25,000 for two cases, the report added.

Source: German regional data protection authorities impose fines of EUR 449,000 for GDPR breaches – Telecompaper

Google opens German centre to improve data privacy

Google has revealed plans to open an engineering centre in Munich as part of the tech giant’s bid to take data privacy more seriously.

The popular search engine says the new privacy-focused hub, to be built in Munich, should help the company strengthen its data protection credentials as the global demand for higher data privacy standards continues to grow.

Source: Google opens German centre to improve data privacy

German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

On April 5, 2019, the association of German Supervisory Authorities for data protection (‘Datenschutzkonferenz’ or ‘DSK’) published a guideline regarding the applicability of the German Telemedia Act (‘TMG’) to telemedia services – including, for example, the use of website cookies for targeted advertising post-GDPR.

The guideline aims to “clarify and concretize” a previous statement on the topic released by the DSK in April 2018 and to serve as guidance for the implementation of data protection requirements when processing users’ data through telemedia services.

Full aticle: German DSK publishes guidance on the applicability of the German Telemedia Act to telemedia services

Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules

Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising.

Turns out: in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.

Source: Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules – netzpolitik.org

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

A mid-level German employment court recently had to consider the scope of subject access requests under the EU General Data Protection Regulation (GDPR) in the context of compliance and whistle-blowing regimes.

The Regional Labour Court ( Landesarbeitsgericht ) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but also to disclose information regarding internal investigations.

Source: German court ruled that protection of the whistle-blower confidentiality does not generally override the data subject access right

German Authorities Issue 41 GDPR Fines

A survey by Handelsblatt shows that 41 fines have been issued by German privacy authorities through mid-January of this year, according to an analysis by Mondaq.

The highest fine has been €80,000 — for an entity that allowed health-related data to be publicly seen, the report continues. In addition, a €20,000 penalty was imposed on the chat portal Knuddels.de by the State Data Protection and Freedom of Information Officer for Baden-Württemberg.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

Bavarian Data Protection Authority announces possible fines after website search

At the beginning of February, the Bavarian Data Protection Authority (DPA) participated in the Safer Internet Day (SID) 2019 and searched 40 websites of large companies based in Bavaria.

The DPA reviewed cyber security and user tracking practices with the finding that in the DPA’s view none of the 40 companies provided for GDPR-compliant practices on their websites. As a result, the DPA announced it is considering fines under the GDPR.

Source: Germany: Bavarian Data Protection Authority announces possible fines after sobering result of website search

German Authorities Issue 41 GDPR Fines

41 fines have been issued by German privacy authorities through mid-January of this year.

The fines are low compared to the EUR50 million meted out to Google by French authorities. The highest fine has been €80,000 – for an entity that allowed health-related data to be publicly seen. But this is an indication  that companies must maintain adequate data protection policies and practices.

Source: German Authorities Issue 41 GDPR Fines: Report 02/25/2019

>