Under the Radar: DOJ's Data Security Rules and Their Impact on Payments Companies — Payments Pros – The Payments Law Podcast
We get Privacy for work – Episode 6: The Potential Privacy Risks Inherent to Mergers and Acquisitions
We get Privacy for work: The Privacy Pitfalls of a Remote Workforce
Facial Recognition and Legal Boundaries: The Clearview AI Case Study — Regulatory Oversight Podcast
The Privacy Insider Podcast Episode 13: Preserving Privacy and Social Connection with Christine Rosen of the American Enterprise Institute
"Monsters Inc." y el tratamiento de los datos
The Privacy Insider Podcast Ep. 8: Privacy Over Party: Peter Swire
No Password Required: Founder of Cybersafe Foundation and an Obama Foundation Africa Leaders Fellow, Who Is Comfortable in the API Kitchen
The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
[Webinar] You Are Here: First Steps in Data Mapping
Fintech Focus Podcast | What Does AI Safety Mean For Fintechs?
The FTC's Health Privacy Enforcement Actions
The FTC and DOJ Act Against Amazon to Protect Privacy
Law Brief®: Rich Schoenstein and Annmarie Giblin Discuss Cyber Law
Biometric Litigation
Podcast - The FTC Agenda & Data Privacy
Webinar Recording – The Colorado Privacy Act and Draft Rules
Cloud-based HR systems have become standard for multinational businesses, driving efficiency but also increasing compliance and privacy risks. Indeed, a recent Workday case, which originated in Germany, has clarified the...more
If employers and works councils agree on ‘more specific rules’ in a works agreement regarding the processing of employees’ personal data in the employment context (Art. 88 (1) GDPR), these must take into account the general...more
In its judgement of November 18, 2024 (case number VI ZR 10/24) the German Federal Court of Justice (Bundesgerichtshof – “BGH”) clarified key legal issues regarding claims for damages under Article 82 GDPR in the event of a...more
On November 18, 2024, the German Federal Court of Justice (Bundesgerichtshof – “BGH”) made a (to date unpublished) judgment under the case number VI ZR 10/24 regarding claims for non-material damages pursuant to Art. 82 GDPR,...more
The German Data Protection Conference (DSK) on September 11, 2024 published guidance on asset deals (the Guidelines) that distinguishes between various stages of a sale process and the relevant personal data that can be...more
Summary - In its judgement of 11 July 2024 (C-757/22), the European Court of Justice (‘ECJ’) ruled that the violation of a controller’s information obligations under Art. 12 and 13 GDPR, can be subject to a representative...more
The German federal and state data protection authorities published guidelines for the implementation and use of AI in compliance with the European Union's regulation of personal data ("Guidelines")....more
Are test questions and answers personal data that needs to be provided pursuant to an access request? A German court recently weighed in, providing some good insight regarding both GDPR and U.S. state data privacy laws....more
In joined Cases C‑26/22 and C‑64/22, related to the German Credit Reference Agency Schufa (see A&O blog on the automated decision making case), the CJEU considered the retention of personal data regarding individuals who had...more
Der Europäische Gerichtshof („EuGH“) legt die Anforderungen für Schadensersatz nach Art. 82 EU Datenschutz-Grundverordnung („DSGVO“) in einem neuen Urteil weit aus (Urteil vom 4. Mai 2023, C-300/21). Zwar trifft der EuGH...more
Der Europäische Gerichtshof (EuGH) wird bald darüber entscheiden, ob europäische Datenschutzbehörden künftig leichter Bußgelder nach Art. 83 DSGVO gegen Unternehmen verhängen können. Diese Entscheidung kann großen Einfluss...more
The German Data Protection Conference of supervisory authorities (DSK) issued a decision on how to evaluate the risk of personal data being accessed by non-EEA public authorities, or by a parent company, when processed by a...more
Das Umfeld für datenschutzrechtliche Sammelklagen wird seit Jahren immer klägerfreundlicher. Gerade die Geltendmachung von immateriellen Schadensersatzansprüchen nach Art. 82 DSGVO hat sich zu einem beliebten Geschäftsfeld...more
On 13 July 2022, the Public Procurement Chamber of the German state of Baden-Württemberg (the Public Procurement Chamber) issued a decision confirming that personal data processed by an EU subsidiary of a parent entity...more
Der EuGH hat Ende April die Klagebefugnisse von Verbraucherschutzverbänden gestärkt, weitere richtungsweisende Entscheidungen stehen bevor. Seit dem Inkrafttreten der europäischen Datenschutz-Grundverordnung (DSGVO)...more
The German Conference of DPAs (the DSK) has released new (legally non-binding) detailed Guidelines dated February 18, 2022 with respect to direct marketing in Germany. ...more
In a recent judgment, the District Court Munich I granted a data subject compensation under Article 82 GDPR for non-material damages suffered as a result of an unauthorized third-party access to the subject's personal data....more
If you use a U.S.-based sub processor (even for data processed in the EU), you lose, the German administrative court of Wiesbaden said in an interim decision. No transfer. No worries. TIA anyway...more
Immer mehr Kläger fordern immateriellen Schadensersatz von Unternehmen, die ihre personenbezogenen Daten verarbeiten. Dementsprechend kommen auch immer mehr Fälle vor Gericht....more
Das Landesarbeitsgericht Hamm (Urt. v. 11.5.2021 – 6 Sa 1260/20) hat ein Unternehmen dazu verurteilt, einer ehemaligen Mitarbeiterin 1.000 Euro Schadensersatz nach Art. 82 DSGVO zu zahlen. Damit reiht sich die Entscheidung...more
According to a press release of the data protection authority (DPA) of Lower Saxony earlier this month, nine German DPAs will participate in a coordinated audit of companies in Germany regarding their transfers of personal...more
Employees may have a claim against their employers for access to information about all personal data processed by the employers pursuant to Article 15 (3), Sentence 1, of Regulation (EU) 2016/679 (General Data Protection...more
The CJEU’s decision is likely to have significant implications for ongoing and future proceedings for damages claims under Art. 82 GDPR. On April 15, 2021, the Austrian Supreme Court (OGH) referred key questions...more
Das Landesarbeitsgericht Baden-Württemberg hat sich mit Urteil vom 25. Februar 2020 (Az. 17 Sa 37/20) u.a. zu Betriebsvereinbarungen als Erlaubnistatbestand für nicht erforderliche Verarbeitungen personenbezogener Daten...more
The Bavarian Data Protection Authority recently prohibited a European company from using U.S. newsletter provider Mailchimp in a first-of-its-kind decision. Since the Schrems II decision of the Court of Justice of the...more