TikTok is the most popular social media service for children. The Irish DPC provided a decision on the platform regarding the data processing of children’s data. The DPC imposed a fine of €345 million against TikTok and an order to…
Landmark of CJEU: any immaterial damage compensatable according to GDPR
The plaintiff has to demonstrate that he has suffered a material or an immaterial damage. A mere infringement of GDPR is not sufficient for granting a compensation. However, any immaterial damage is compensatabel. A certain threshold or seriousness of the…
5 years DPOblog.eu
“Turnig Point“ was the title of one of the first articles on DPOblog.eu at 25th April 20181: “With 25th of May 2018 we are reaching a turning point in data protection. The EU sets a worldwide standard which will generate…
Public Procurement and Schrems II: No public contract with US provider?
A Public Procurement Chamber excluded a tender from a Public Procurement procedure since the tenderer contracted an US provider processing personal data.1 The Chamber held a contractual clause, granting access to law enforcement agencies according to US law, is in…
Privacy, Democracy and World Order
In June 2021 the G7 in Cornwall (UK) mentioned Data Protection1 on the summit of the largest world economies the very first time.2 GDPR and additional new regional and national Data Protection Laws are showing the significant influence of Privacy3…
EDPB: No “Swapping“ of legal basis
The EDPB requires controller to specify the legal basis for the respective data processing. Whereas, the wording of Art. 6 GDPR leaves the option to refer to one or to several legal basis, the EDPB is more restrictive. According to…
ECJ: no unlimited access to communication data for security and intelligence agencies
The ECJ held that the access for security and intelligence agencies to communication data shall be restricted according to the principle of proportionality. That derives from the fact that an unlimited access to communication data by security and intelligence agencies…
Schrems II: approval of BCR invalid?
The ECJ requires in “Schrems II“ a level of data protection which is “essentially equivalent“ to the level within the EU, when data is being transferred outside the EU. This new requirement is equally applied to BCR1. Since the ECJ…
Schrems II: ECJ sets GDPR as a global standard for IT-business
In a landmark decision the ECJ declared the Privacy Shield as invalid. The data transfer from the EU to the US can no longer be based on this Agreement between the EU Commission and the US Government. The court held…
GDPR – not fit for corona?
Who of us has expected the coronavirus? In Europe, public life has been reduced to zero, we #stay-at-home, companies are going bankrupt, people are loosing their jobs, hospitals are overloaded and people are dying at the end of the day.…