Canadian Privacy Law Reform and the GDPR: Keeping up with the Johans*
//by Else Khoury// Since the introduction of the GDPR in 2018, countries around the world have scrambled to update their privacy laws. The obvious reason for doing so is to ensure that their own privacy laws are equivalent to the…
Agreement “in principle” on Trans-Atlantic Data Flows
by Matthias Horn// On March 25th the EU Commission and the United States announced an agreement “in principle” on a new Trans-Atlantic Data Privacy Framework. The agreement aims to foster – or rather maintain – Trans-Atlantic personal data flows the…
Data transfer to Russia and China in times of crisis
Peter Hense und Bettina Blawert// In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review its practices to…
Austrian DPA: Google Analytics not in line with Schrems II
by Gerald Trieb and Antonia Kühberger// The year 2022 is still young and yet we are already able to report on a groundbreaking decision by the Austrian Data Protection Authority (DPA; in German “Datenschutzbehörde”). The NGO NOYB published a decision…
Privacy, Democracy and World Order
In June 2021 the G7 in Cornwall (UK) mentioned Data Protection1 on the summit of the largest world economies the very first time.2 GDPR and additional new regional and national Data Protection Laws are showing the significant influence of Privacy3…
Preliminary questions on the GDPR referred to the European Court of Justice by Austrian supreme courts in 2021
by Gerald Trieb and Antonia Kühberger// As reported in a previous blog post, the Austrian Supreme Court (Oberster Gerichtshof, OGH) recently submitted a preliminary ruling request to the European Court of Justice (ECJ) to clarify whether Facebook unlawfully reinterpreted the…
The Clock is ticking for TikTok – How to protect underage EU citizens?
By Christina Etteldorf// The Irish Data Protection Commissioner (DPC) announced in early September that it had opened two own-volition inquiries against the popular social networking and video service TikTok.1 On the one hand, these proceedings are intended to assess TikTok’s…
PIMS: new approach to manage user consent?
by Klaus Meffert// The TTDSG is the new German law for regulating privacy issues, which inter alia will implement the EU ePrivacy directive and will take effect in December 2021. § 26 TTDSG introduces the personal information management system (PIMS)…
Too much information, too little competition: on the interplay of competition and privacy
Aline Blankertz // More and more investigations by competition and data protection authorities deal not only with one of privacy and competition, but both at a time. Experts argue that “the misuse of consumer data and harm to privacy is…
Riders’ personal data – Italian DPA fines Foodinho
Vincenzo Diego Cutugno // In the last few months, the Italian supervisory authority (“Garante per la protezione dei dati personali” or “Garante”) imposed some significant administrative fines on two major food delivery companies operating in Italy: Foodinho and Deliveroo. In…