On June 28, 2025 the Accessibility Improvement Act (Barrierefreiheitsstärkungsgesetz ("BFSG")), Germany's implementing act of the European Accessibility Act ("EAA"), will come into force, imposing a whole range of new...more
On May 8, 2025, the Federal Labor Court Bundesarbeitsgericht (“BAG”) issued a significant ruling concerning an employee’s claims for damages due to unlawful data transfers within a corporate group. The BAG ruled that works...more
Schnell ist es passiert. Ein Angriff auf die IT-Infrastruktur trifft Unternehmen fast immer zur Unzeit. Hacking und andere Infiltrationen der Unternehmenssysteme können binnen kürzester Zeit erhebliche Schadensketten in Gang...more
On May 12, 2022, the European Data Protection Board (EDPB) published its long-awaited Guidelines 04/2022 on the calculation of fines under the General Data Protection Regulation (GDPR). After many data protection authorities...more
From 1 January, 2022, contracts governed by French or German law for the sale of digital content and services, and goods with digital elements, will be subject to harmonised European rules that grant additional legal...more
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
3/17/2020
/ China ,
Coronavirus/COVID-19 ,
Corporate Counsel ,
Crisis Management ,
Cybersecurity ,
Data Management ,
Data Processors ,
Data Protection ,
Denmark ,
Employee Privacy Rights ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Germany ,
Infectious Diseases ,
International Data Transfers ,
Ireland ,
Italy ,
Luxembourg ,
New Guidance ,
Norway ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Poland ,
Public Health ,
Risk Management ,
Spain ,
UK
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
12/16/2019
/ Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
Data Processors ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Data Protection Board (EDPB) ,
Failure to Comply ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Treaty on the Functioning of the European Union (TFEU)
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s...more
11/6/2019
/ Corporate Counsel ,
Data Collection ,
Data Protection ,
Enforcement Actions ,
EU ,
EU Data Protection Laws ,
European Supervisory Authorities (ESAs) ,
Fines ,
General Data Protection Regulation (GDPR) ,
Germany ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Violations
On June 28, 2019, the German parliament (Bundestag) passed new legislation imposing several changes to the current German Federal Data Protection Act (“BDSG”). Although many of the changes addressed privacy aspects of...more
7/3/2019
/ Cybersecurity ,
Data Protection ,
Data Protection Officers (DPOs) ,
Data Security ,
Deregulation ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
New Legislation ,
Personal Data ,
Policies and Procedures ,
Regulatory Requirements
The Bavarian Data Protection Authority (“BDPA”) took the “safer internet day” in February 2019 as an opportunity to conduct privacy checks on website operators....more
3/22/2019
/ Cookies ,
Cybersecurity ,
Data Protection ,
Enforcement Authority ,
Germany ,
Internet ,
Investigations ,
Popular ,
Regulatory Standards ,
Transparency ,
Vulnerability Assessments ,
Web Tracking ,
Websites
Mit Schreiben vom 27. Oktober 2017 hat sich die deutsche Bundesfinanzverwaltung zur steuerlichen Beurteilung grenzüberschreitender Software- und Datenbanküberlassung geäußert. Die Thematik war bislang von erheblicher...more
The German Federal Ministry of Finance has issued guidance on the tax treatment of the cross-border provision of software and databases on 27 October 2017. ...more
In a time of ever-shorter innovation cycles and the increased digitalization of many value-added chains, established businesses need to constantly evolve and reinvent themselves – even going so far as to rethink their core...more
In a time of ever-shorter innovation cycles and the increased digitalization of many value-added chains, established businesses need to constantly evolve and reinvent themselves – even going so far as to rethink their core...more
Companies required to appoint a data protection officer (“DPO” ) in Europe should carefully consider which candidate is best to select for the job. A company established in Bavaria, Germany, was recently fined by the Bavarian...more
According to a press release of the Data Protection Supervisory Authority in the Land Mecklenburg Vorpommern of November 3, German supervisory authorities have randomly selected 500 companies in Germany and sent them requests...more
On September 12, 2016, the Data Protection Authority of the German Federal State of North Rhine-Westphalia (“DPA NRW”) became one of the first EU data protection authorities to issue guidance on the implementation of the...more
Can employers look at the company email accounts of employees, such as when they do not show up to work? Can employers monitor employee Internet use during working hours? Can employers read employee emails if they use the...more
While EU regulators determine whether to adopt a new agreement for transfers of personal data from Europe to the United States to replace the invalid EU-U.S. Safe Harbor Framework, German data protection authorities have not...more
5/11/2016
/ Corporate Counsel ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
EU-US Privacy Shield ,
European Commission ,
Germany ,
International Data Transfers ,
Personal Data ,
Popular ,
US-EU Safe Harbor Framework
Germany is not only known as one of the best countries for enjoying beer and bratwurst, but it is also known as a country with some of the strictest data privacy laws on the planet. Within this environment, should companies...more
The Düsseldorfer Kreis, a committee made up of representatives of German data protection authorities, recently published guidance on the requirements for obtaining valid consent to the collection, processing and use of...more
5/4/2016
/ Consent ,
Data Collection ,
Data Protection Authority ,
Disclosure Requirements ,
EU ,
General Data Protection Regulation (GDPR) ,
Germany ,
International Data Transfers ,
New Guidance ,
Opt-In ,
Opt-Outs ,
Personal Data
Recently, the Berlin-Brandenburg Regional Labor Court ruled on the rights of an employer to check browsing history without the employee’s consent.
Orrick’s German employment team published a client newsletter about this...more
On December 17, 2015, the German Parliament passed a new act which permits consumer protection associations, industry and commerce chambers or other approved business associations to file privacy class actions. The law is...more
On December 7, 2015, more than two and a half years after the first draft, the European Union Council finally reached an important, informal agreement with the Parliament on important network and information security rules...more
Yesterday, German federal and state (Länder) data protection authorities ("DPAs") issued a Position Paper following the recent Court of Justice of the European Union ("CJEU") ruling that struck down the EU-US Safe Harbor...more
10/27/2015
/ Article 29 Working Group ,
Binding Corporate Rules ,
Cloud Computing ,
Cybersecurity ,
Data Privacy ,
Data Protection Authority ,
European Commission ,
European Court of Justice (ECJ) ,
Germany ,
International Data Transfers ,
Personal Data ,
Privacy Laws ,
Right to Privacy ,
Safe Harbors ,
US-EU Safe Harbor Framework