Should I pay or should I not?
by Barbara Schmitz // The economic significance of data-driven business models is obvious. The European Data Strategy estimates that the data economy will be worth EUR 829 billion in 2025. This would mean that the value would have almost tripled…
DMA and GDPR: A Boost for Enforcement or Incoming Conflicts?
by Christina Etteldorf// With the publication of the text reflecting the final agreement between the EU legislative bodies on the Digital Markets Act (DMA)1, we now have a pretty clear picture of what the regulation of so-called gatekeepers to protect…
Public Procurement and Schrems II: No public contract with US provider?
A Public Procurement Chamber excluded a tender from a Public Procurement procedure since the tenderer contracted an US provider processing personal data.1 The Chamber held a contractual clause, granting access to law enforcement agencies according to US law, is in…
EDPB: Guidelines on the calculation of fines
by Gerald Trieb und Roman Haller// The European Data Protection Board (EDPB) has recently issued guidelines on the calculation of administrative fines under the GDPR for public consultation. Therein, a five-step process is presented, according to which the calculation of…
Cookie Policy: To what extent are Spanish Public Entities obliged?
//by Xavier Seguí López// In regard to the January 2022 resolution of the EDPS against the European Parliament about the use of third-party analytical Cookies (Google Analytics) on its website about Covid-19 (https://europarl.ecocare.center/), I am going to discuss the current…
Canadian Privacy Law Reform and the GDPR: Keeping up with the Johans*
//by Else Khoury// Since the introduction of the GDPR in 2018, countries around the world have scrambled to update their privacy laws. The obvious reason for doing so is to ensure that their own privacy laws are equivalent to the…
Agreement “in principle” on Trans-Atlantic Data Flows
by Matthias Horn// On March 25th the EU Commission and the United States announced an agreement “in principle” on a new Trans-Atlantic Data Privacy Framework. The agreement aims to foster – or rather maintain – Trans-Atlantic personal data flows the…
Data transfer to Russia and China in times of crisis
Peter Hense und Bettina Blawert// In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review its practices to…
Austrian DPA: Google Analytics not in line with Schrems II
by Gerald Trieb and Antonia Kühberger// The year 2022 is still young and yet we are already able to report on a groundbreaking decision by the Austrian Data Protection Authority (DPA; in German “Datenschutzbehörde”). The NGO NOYB published a decision…
Privacy, Democracy and World Order
In June 2021 the G7 in Cornwall (UK) mentioned Data Protection1 on the summit of the largest world economies the very first time.2 GDPR and additional new regional and national Data Protection Laws are showing the significant influence of Privacy3…