We get Privacy for work — Episode 7: What Is a WISP and Why Your Organization Must Have One
Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
Podcast - Regulating AI in Healthcare: The Road Ahead
No Password Required: Former Lead Attorney at U.S. Cyber Command, Cyber Law Strategist, and Appreciator of ‘Mad Men’ Hats
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
FCPA Compliance Report: Ethical Challenges in AI, Data Protection, and Sports with Andre Paris
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
No Password Required: From AOL to Award-Winning Cuisine to High-Stakes Hacking
Everything Compliance: Episode 156, To Document or Not Edition
AI on the Job: How to Stay Ahead of Employment and Data Privacy Risks
State AGs Unite: New Privacy Task Force Signals Shift in Regulatory Power Dynamics — Regulatory Oversight Podcast
Constangy Clips Ep. 10 - 3 Ways the GDPR Is Evolving with Today’s Tech Landscape
The Privacy Insider Podcast Episode 14: The Pig Around the Corner: Privacy and Trade with Constantine Karbaliotis of nNovation LLP
FCPA Compliance Report: AI, Data Compliance, and Ownership - A Conversation with Andrew Hopkins
A Less is More Strategy for Data Risk Mitigation
Weathering the 2025 Whirlwind: How to Keep Calm & Carry On
Approach to Responsible AI
Why Privacy Matters to Your Business and What's in Store for 2025
No Password Required Podcast: Senior Security Researcher at Nokia and Guardian of Secure AI Networks
Deepfakes (also known as digital replicas) are created when sophisticated AI technology generates or alters audio-visual content to misrepresent someone or something. Often a person's voice or appearance is digitally...more
To help organizations stay on top of the main developments in European digital compliance, Morrison Foerster’s European Digital Regulatory Compliance team reports on some of the main topical digital regulatory and compliance...more
Cloud-based HR systems have become standard for multinational businesses, driving efficiency but also increasing compliance and privacy risks. Indeed, a recent Workday case, which originated in Germany, has clarified the...more
On 17 June 2025, the German data protection authorities issued substantially revised guidance on technical and organizational measures for the development and operation of AI systems. Aimed at manufacturers and developers,...more
On May 8, 2025, the Federal Labor Court Bundesarbeitsgericht (“BAG”) issued a significant ruling concerning an employee’s claims for damages due to unlawful data transfers within a corporate group. The BAG ruled that works...more
Germany evaluates AI-specific legislation needs and actively engages in international initiatives. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, with the exception of minor references to AI in...more
On April 9, 2025, the coalition agreement of the future German Federal Government, consisting of the three German parties CDU, CSU and SPD, was published. The document entitled “Responsibility for Germany” contains several...more
In November 2024, the German Federal Court of Justice made its first decision within the new leading decision procedure, which is intended to simplify mass proceedings. Another new procedural tool is the redress action. In...more
If employers and works councils agree on ‘more specific rules’ in a works agreement regarding the processing of employees’ personal data in the employment context (Art. 88 (1) GDPR), these must take into account the general...more
In its judgement of November 18, 2024 (case number VI ZR 10/24) the German Federal Court of Justice (Bundesgerichtshof – “BGH”) clarified key legal issues regarding claims for damages under Article 82 GDPR in the event of a...more
On November 18, 2024, the German Federal Court of Justice (Bundesgerichtshof – “BGH”) made a (to date unpublished) judgment under the case number VI ZR 10/24 regarding claims for non-material damages pursuant to Art. 82 GDPR,...more
On October 17, 2024, the DPA of Baden-Wuerttemberg (LfDI) updated its discussion paper on the legal bases for processing personal data in relation to artificial intelligence (AI) (the Paper). The Paper emphasises the...more
The introduction of employee data protection legislation in Germany has been announced in many coalition agreements over the past decades—without ever being implemented. This makes it even more surprising that the issue of...more
In October 2024, a new draft for a German Employee Data Act (Beschäftigtendatengesetz) was published. The draft aims on a comprehensive regulation of the processing of employee data prior, during, and after the termination of...more
The German Federal Court of Justice (Bundesgerichtshof), tasked with resolving a conflict between two competing pharmacists, sought guidance from the Court of Justice of the European Union ("CJEU") on interpreting the General...more
The German Data Protection Conference (DSK) on September 11, 2024 published guidance on asset deals (the Guidelines) that distinguishes between various stages of a sale process and the relevant personal data that can be...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
Die Bundesregierung hat sich am 5. Juli 2024 unter dem Titel „Wachstumsinitiative – neue wirtschaftliche Dynamik für Deutschland“ auf ein Maßnahmenpaket verständigt, das der deutschen Volkswirtschaft umgehend mehr Dynamik...more
The 17 October 2024 deadline for the national implementation of the NIS2 Directive is fast approaching, leaving only little time for the German legislature to finalize the necessary legislative measures. As a much anticipated...more
LAG Düsseldorf: Hintergrund-Recherchen über Bewerber als Teil des üblichen Bewerbungsprozesses? Wie es in dem Zusammenhang zu einem Schadensersatzanspruch kommen kann. Ein Arbeitgeber muss einem Bewerber 1.000 EUR als...more
Private Nutzung von Internet und E-Mail am Arbeitsplatz: Endlich mehr Sicherheit für Arbeitgeber? Nach bisheriger Auffassung der deutschen Datenschutzbehörden ist der Arbeitgeber bei gestatteter Privatnutzung von...more
The German federal and state data protection authorities published guidelines for the implementation and use of AI in compliance with the European Union's regulation of personal data ("Guidelines")....more
Germany evaluates AI-specific legislation needs and actively engages in international initiatives. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, with the exception of minor references to AI...more
Warum ist das relevant? Bei Verstößen gegen das Datenschutzrecht drohen Unternehmen insbesondere zwei Konsequenzen: Maßnahmen der Datenschutzaufsichtsbehörden inkl. möglicher DSGVO-Geldbußen nach Art. 83 DSGVO sowie...more