by Andreas Rohner, Gerald Trieb// The Austrian Federal Administrative Court (“AFAC”)1 held2 a data subject has the right to be fully informed which specific personal data has been disclosed or will be disclosed to a recipient by the data controller.3…
GDPR: 90% reduction of fines by German Court
//by Jonas Puchelt and Sandra Brechtel The Regional Court Bonn reduced fines of EUR 9.55 million imposed by the German SA on the telecommunications company 1&1 to “only” EUR 900,000.00. Is the reduction of the fines by more than 90%…
The long road
By Prof Ulrich Kelber, German Federal Commissioner for Data Protection and Freedom of Information (BfDI)// Recently the General Data Protection Regulation (GDPR) celebrated its second birthday. Nobody expected a wild party even before the Corona pandemic. Instead there were appropriate…
Data: The key role in fighting against the Coronavirus pandemic (Opportunities and risks of the contact tracing Apps)
By Jutta Sonja Oberlin// Recently, developers from all over the world including Google and Apple1 have been working on pseudonymous contact tracing apps. These so-called Corona Apps could play a vital role in the fight against the virus, but they…
Video surveillance: The supervisory authorities’ view and recent case law
By Dr Alexander Golland and Dr. Jan-Peter Ohrtmann// With the growing popularity of smartphones, dashcams and video surveillance for access control, cameras are increasingly becoming a part of daily life. In particular, video surveillance conducted by private companies – to…
Junk mail from a dating portal (decision of Austrian DPA)
by Andreas Rohner, Gerald Trieb// The Austrian Data Protection Authority (DPA)1 ruled that the absence of a ”double opt-in” procedure can, in some cases, constitutes a breach of Article 32 GDPR.2 Double opt-in In a ”double opt-in” procedure, a user gives his…
Google Analytics: Injunctive relief, information requests and damages
Peter Hense // Dresden Regional Court on Google Analytics1 Irrespective of the GDPR, claims for injunctive relief against the disclosure of personal data can also be based on German tort law according to a decision of the Regional Court of…
Data Protection in Japan
//by Toshihiro Wada The European Commission adopted the adequacy decision on Japan pursuant to Article 45(3) GDPR on 23 January 2019.1 On the same day, the Japanese data protection authority, the Personal Information Protection Commission (PPC), judged that the EU…
The “Whitelist” and its Value during a Data Protection Impact Assessment
by Iheanyi Samuel Nwankwo // Background The EU General Data Protection Regulation (GDPR) solidifies the risk-based approach in data protection through several references that tie the obligation of data controllers to the risk exposure associated with their data processing. This…