by Gerald Trieb und Roman Haller// The European Data Protection Board (EDPB) has recently issued guidelines on the calculation of administrative fines under the GDPR for public consultation. Therein, a five-step process is presented, according to which the calculation of…
Cookie Policy: To what extent are Spanish Public Entities obliged?
//by Xavier Seguí López// In regard to the January 2022 resolution of the EDPS against the European Parliament about the use of third-party analytical Cookies (Google Analytics) on its website about Covid-19 (https://europarl.ecocare.center/), I am going to discuss the current…
Canadian Privacy Law Reform and the GDPR: Keeping up with the Johans*
//by Else Khoury// Since the introduction of the GDPR in 2018, countries around the world have scrambled to update their privacy laws. The obvious reason for doing so is to ensure that their own privacy laws are equivalent to the…
Agreement “in principle” on Trans-Atlantic Data Flows
by Matthias Horn// On March 25th the EU Commission and the United States announced an agreement “in principle” on a new Trans-Atlantic Data Privacy Framework. The agreement aims to foster – or rather maintain – Trans-Atlantic personal data flows the…
Data transfer to Russia and China in times of crisis
Peter Hense und Bettina Blawert// In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review its practices to…
Austrian DPA: Google Analytics not in line with Schrems II
by Gerald Trieb and Antonia Kühberger// The year 2022 is still young and yet we are already able to report on a groundbreaking decision by the Austrian Data Protection Authority (DPA; in German “Datenschutzbehörde”). The NGO NOYB published a decision…
Preliminary questions on the GDPR referred to the European Court of Justice by Austrian supreme courts in 2021
by Gerald Trieb and Antonia Kühberger// As reported in a previous blog post, the Austrian Supreme Court (Oberster Gerichtshof, OGH) recently submitted a preliminary ruling request to the European Court of Justice (ECJ) to clarify whether Facebook unlawfully reinterpreted the…
The Clock is ticking for TikTok – How to protect underage EU citizens?
By Christina Etteldorf// The Irish Data Protection Commissioner (DPC) announced in early September that it had opened two own-volition inquiries against the popular social networking and video service TikTok.1 On the one hand, these proceedings are intended to assess TikTok’s…
Too much information, too little competition: on the interplay of competition and privacy
Aline Blankertz // More and more investigations by competition and data protection authorities deal not only with one of privacy and competition, but both at a time. Experts argue that “the misuse of consumer data and harm to privacy is…