//by Else Khoury// Since the introduction of the GDPR in 2018, countries around the world have scrambled to update their privacy laws. The obvious reason for doing so is to ensure that their own privacy laws are equivalent to the…
Agreement “in principle” on Trans-Atlantic Data Flows
by Matthias Horn// On March 25th the EU Commission and the United States announced an agreement “in principle” on a new Trans-Atlantic Data Privacy Framework. The agreement aims to foster – or rather maintain – Trans-Atlantic personal data flows the…
Data transfer to Russia and China in times of crisis
Peter Hense und Bettina Blawert// In light of the “changed security policy situation” following Russia’s invasion of Ukraine, the Norwegian data protection regulator recently encouraged any company that exports personal data to Russia and Ukraine to review its practices to…
Austrian DPA: Google Analytics not in line with Schrems II
by Gerald Trieb and Antonia Kühberger// The year 2022 is still young and yet we are already able to report on a groundbreaking decision by the Austrian Data Protection Authority (DPA; in German “Datenschutzbehörde”). The NGO NOYB published a decision…
Preliminary questions on the GDPR referred to the European Court of Justice by Austrian supreme courts in 2021
by Gerald Trieb and Antonia Kühberger// As reported in a previous blog post, the Austrian Supreme Court (Oberster Gerichtshof, OGH) recently submitted a preliminary ruling request to the European Court of Justice (ECJ) to clarify whether Facebook unlawfully reinterpreted the…
The Clock is ticking for TikTok – How to protect underage EU citizens?
By Christina Etteldorf// The Irish Data Protection Commissioner (DPC) announced in early September that it had opened two own-volition inquiries against the popular social networking and video service TikTok.1 On the one hand, these proceedings are intended to assess TikTok’s…
Too much information, too little competition: on the interplay of competition and privacy
Aline Blankertz // More and more investigations by competition and data protection authorities deal not only with one of privacy and competition, but both at a time. Experts argue that “the misuse of consumer data and harm to privacy is…
Riders’ personal data – Italian DPA fines Foodinho
Vincenzo Diego Cutugno // In the last few months, the Italian supervisory authority (“Garante per la protezione dei dati personali” or “Garante”) imposed some significant administrative fines on two major food delivery companies operating in Italy: Foodinho and Deliveroo. In…
Schrems vs. Facebook – Austrian Supreme Court refers Preliminary Proceeding to EUCJ
by Gerald Trieb and Antonia Kühberger// In a long-standing civil case between Max Schrems and Facebook Ireland Inc., the Austrian Supreme Court (“Oberster Gerichtshof”, OGH) decided to refer a number of questions to the Court of Justice of the European…