//by Toshihiro Wada The European Commission adopted the adequacy decision on Japan pursuant to Article 45(3) GDPR on 23 January 2019.1 On the same day, the Japanese data protection authority, the Personal Information Protection Commission (PPC), judged that the EU…
The “Whitelist” and its Value during a Data Protection Impact Assessment
by Iheanyi Samuel Nwankwo // Background The EU General Data Protection Regulation (GDPR) solidifies the risk-based approach in data protection through several references that tie the obligation of data controllers to the risk exposure associated with their data processing. This…
Liability of private parties for data protection breaches
by Tobias Jacquemain//The data protection law provides those affected a right to compensation. In practice, however, this right rarely applies. Criteria for assessing damages are problem areas that can reduce the existing sanction deficit in data protection. I. Regulatory mechanisms…
Enforcing the law in the digital era – a key task for Europe
by Prof. Winfried Bausback Increasingly, the forthcoming European Parliament elections in May are being described as a battle to decide Europe’s destiny. This is partly because Europe is often no longer regarded as a great achievement; instead, there are forces…
There Shall be Order! A Proposal for More Structured Normativity on the Internet
by Matthias C. Kettemann Can you recall a time before the Internet? When you read newspapers, called your friends on the landline and watched what the TV offered. Like everyone else? Things have changed considerably in this age of instant…
The “one for all lawsuit”
by Dr Katarina Barley – former Federal Minister of Justice and Consumer Protection – Germany A faster, better and cheaper way of enforcing consumer rights Until recently, many consumers who had purchased a manipulated diesel car probably thought: “How is…
Joint Controllership within a group of entities*
by Jutta-Sonja Oberlin and Lukas Lezzi 1 Introduction It is crucial for compliance of intra-group[1] data processing activities under the GDPR (General Data Protection Regulation)[2] to answer the question as to whether such cooperation in data processing constitutes order processing…
Threat of fines also applies to public-sector undertakings
by Lana Dachlauer-Baron The General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (FDPA) have come into force since 25 May 2018. In the meantime, all German federal states have also adapted their data protection acts (LDSG)…
ECHR: Mass surveillance by British secret service violated European Convention on Human Rights
by Peter Schaar On 13 September 2018, the European Court of Human Rights (ECHR) in Strasbourg ruled that the mass surveillance of the British intelligence service GCHQ (Government Communications Headquarters) carried out in cooperation with the US National Security Agency…