“Fashion ID”: ECJ opens door for class action against Facebook
The ECJ held a website embedding the “Like“ button is required to inform it users and to ask for their consent. Without user´s consent the transfer of personal data from the website (“Fashion ID“) to Facebook is not admissable.1 An…
Struggling with users’ consent: Economic approach to solve the issue of coupling
by Dr. Alexander Golland // Although it has always been discussed in jurisprudential literature, the so-called “prohibition of coupling” – making the provision of a service conditional on the user’s consent – has been lurking in the shadows under the…
Liability of private parties for data protection breaches
by Tobias Jacquemain//The data protection law provides those affected a right to compensation. In practice, however, this right rarely applies. Criteria for assessing damages are problem areas that can reduce the existing sanction deficit in data protection. I. Regulatory mechanisms…
Data breach: 72 hours period extended on weekend
GDPR requires companies to notify data breaches to the supervisory authority „…without undue delay and, where feasible, not later than 72 hours…“1 Insofar the notice period of 72 hours would include weekends companies were required to organise an urgency duty…
Consent to privacy policy – invalid
Many websites are asking their customers to consent to their privacy policy in the following way: “By using this website you are consenting to our privacy policy“. Usually without confirming the on a “ok-button“ the user may not be able…
There Shall be Order! A Proposal for More Structured Normativity on the Internet
by Matthias C. Kettemann Can you recall a time before the Internet? When you read newspapers, called your friends on the landline and watched what the TV offered. Like everyone else? Things have changed considerably in this age of instant…
The “one for all lawsuit”
by Dr Katarina Barley – former Federal Minister of Justice and Consumer Protection – Germany A faster, better and cheaper way of enforcing consumer rights Until recently, many consumers who had purchased a manipulated diesel car probably thought: “How is…
Joint Controllership within a group of entities*
by Jutta-Sonja Oberlin and Lukas Lezzi 1 Introduction It is crucial for compliance of intra-group[1] data processing activities under the GDPR (General Data Protection Regulation)[2] to answer the question as to whether such cooperation in data processing constitutes order processing…
Microsoft is driving its customers into non-compliance
Microsoft is secretly transferring data of user’s behaviour to the US for its own purpose. With this misuse of data Microsoft is driving its customers into non-compliance since the data transfer to Microsoft is lacking a legal basis. In addition,…
Threat of fines also applies to public-sector undertakings
by Lana Dachlauer-Baron The General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FDPA) have come into force since 25 May 2018. In the meantime, all German federal states have also adapted their data protection acts (LDSG)…