The German Higher Regional Court of Karlsruhe (OLG Karlsruhe) recently repealed the July 13, 2022, decision of the Procurement Chamber of the German state of Baden-Württemberg that had argued that the mere risk of access to...more
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany. ...more
A new contract type has been introduced in the German Civil Code for the supply of digital content or services by companies to consumers in Germany: The German Federal Parliament has added 22 new sections (337-327u) on the...more
The European Commission has finally approved two decisions on 28 June granting the United Kingdom the cherished status of having “adequate” data protection laws so that transfers of personal data from the European Union are...more
Importers of EU data will need to analyze each data transfer for compliance with the new Standard Contractual Clauses; solely relying on data subjects’ consents may not be sufficient. Since the European Court of Justice...more
6/15/2021
/ Corporate Counsel ,
Cybersecurity ,
Data Processors ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Council of the European Union (Council) released a new draft of the ePrivacy Regulation (Council doc. 5642/21) on January 5, 2021. Various versions of the ePrivacy Regulation have been under consideration in the Council...more
2/11/2021
/ Consent ,
Cookies ,
Cybersecurity ,
Data Protection ,
e-Privacy Directive ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Metadata ,
Personal Data ,
Regulatory Requirements
Schrems II may force companies obligated to produce EU personal data to the task of determining whether to comply with US discovery obligation rules that risk fines under the GDPR for illegal data transfers or to defy the US...more
8/24/2020
/ Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The Court of Justice of the European Union (ECJ) has finally issued its decision on the validity of standard contractual clauses (SCCs) in the Irish Data Protection Commissioner’s referral to the ECJ for an opinion on the...more
7/20/2020
/ Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Ireland ,
Personal Data ,
Personally Identifiable Information ,
Schrems I & Schrems II ,
Standard Contractual Clauses
The German Federal Court of Justice (BGH) ruled on May 28 that an opt-out for cookies settings is inadmissible under German law under Section 15(3) of the German Telemedia Act (TMG) in conformity with the ePrivacy Directive...more
A recent amendment to Germany’s foreign direct investment ordinance adds new businesses to the existing catalogue of critical infrastructures—in particular, in the health sector—that will be subject to foreign direct...more
The EU General Data Protection Regulation allows the temporary suspension of some data-protection rights in times of crisis, such as the outbreak of the 2019 Novel Coronavirus. This installment of The eData Guide to GDPR...more
3/10/2020
/ Best Practices ,
China ,
Coronavirus/COVID-19 ,
Crisis Management ,
Emergency Management Plans ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Italy ,
Personal Data ,
Policies and Procedures ,
Popular ,
Public Health ,
Risk Management
Following a legal challenge to the validity of data transfers from organizations in Europe to organizations in countries like the United States, the opinion of the Advocate General (AG) of the Court of Justice of the European...more
The German Federal Office for Information Security (BSI) has determined the suitability of an industry-specific security standard (B3S) with which hospitals can align their IT security measures. The B3S standard was developed...more
The EU Commission issued its report on the third annual review of the functioning of the EU-US Privacy Shield (Privacy Shield) on October 23. The annual review and corresponding report is required of the Commission by the its...more
A recent ruling by the Court of Justice of the European Union (CJEU) established that companies seeking to store “cookies” that are used to track online browsing behavior must obtain “active consent.” The ruling is likely to...more
The EU Council Presidency on September 18 put forward to member states an 88-page compromise proposal on the Eprivacy Regulation with considerable changes and amendments. There are several proposed changes to the provisions...more
The European Union (EU) has adopted an adequacy framework for the transfer of personal data between Japan and the European Union. This framework is a mutual arrangement that applies to both sides as of January 23, 2019....more
The European Court of Justice (ECJ) in Luxembourg rendered a judgment on July 12 that explains, among other things, what a (joint) data controller is. The judgment is on the “old” EU Data Protection Directive 95/46/EC, but...more
Based on the flood of updated privacy policies that have inundated email boxes throughout the world, it is clear that the European Union's General Data Protection Regulation (GDPR) is now in full effect. The EU's new European...more
Germany’s EU Data Protection Adaptation and Implementation Act addresses issues left open by the General Data Protection Regulation and implements the EU Directive 2016/680 on Data Protection for the Prevention and...more
On February 15, 2017, the European Parliament (EP) made a significant step toward reforming the EU Emission Trading System (ETS) post-2020, adopting a draft proposal that seeks middle ground with a tight vote of 379 for/263...more
The EU-US Privacy Shield became operational on August 1, 2016; a nine-month grace period for compliance with the onward transfer requirements applies for organizations that sign up to the Privacy Shield prior to October 1,...more
The reformed Renewable Energy Sources Act will create expanded market opportunities across the renewable energy sector and new investment opportunities in generation projects and smart grid operational technologies....more
European Commission may need to revise the draft proposal to meet the concerns expressed by the Article 29 Working Party.
As we reported in a previous LawFlash (European Commission Releases Details of New EU-US Privacy...more
The new EU-US Privacy Shield seeks to address the European Court of Justice’s criticisms in Schrems after the decision invalidated the Safe Harbor program for EU-US data transfers.
On February 29, the EU Commission...more
3/2/2016
/ Article 29 Working Party (WP29) ,
Binding Corporate Rules ,
Data Protection Authority ,
Dispute Resolution ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
Schrems I & Schrems II ,
US Department of State ,
US-EU Safe Harbor Framework