DPOblog

  • Home
  • EDITORIAL
  • ARTICLE
  • AUTHORS
  • ABOUT
  • SEARCH

Public Procurement and Schrems II: No public contract with US provider?

A Public Procurement Chamber excluded a tender from a Public Procurement procedure since the tenderer contracted an US provider processing personal data.1 The Chamber held a contractual clause, granting access to law enforcement agencies according to US law, is in…

By Thomas Kahler | August 2, 2022 | Article |
Read more

Privacy, Democracy and World Order

In June 2021 the G7 in Cornwall (UK) mentioned Data Protection1 on the summit of the largest world economies the very first time.2 GDPR and additional new regional and national Data Protection Laws are showing the significant influence of Privacy3…

By Thomas Kahler | January 2, 2022 | Article |
Read more

EDPB: No “Swapping“ of legal basis

The EDPB requires controller to specify the legal basis for the respective data processing. Whereas, the wording of Art. 6 GDPR leaves the option to refer to one or to several legal basis, the EDPB is more restrictive. According to…

By Thomas Kahler | February 28, 2021 | Article |
Read more

ECJ: no unlimited access to communication data for security and intelligence agencies

The ECJ held that the access for security and intelligence agencies to communication data shall be restricted according to the principle of proportionality. That derives from the fact that an unlimited access to communication data by security and intelligence agencies…

By Thomas Kahler | October 31, 2020 | Article |
Read more

Schrems II: approval of BCR invalid?

The ECJ requires in “Schrems II“ a level of data protection which is “essentially equivalent“ to the level within the EU, when data is being transferred outside the EU. This new requirement is equally applied to BCR1. Since the ECJ…

By Thomas Kahler | September 30, 2020 | Article |
Read more

Schrems II: ECJ sets GDPR as a global standard for IT-business

In a landmark decision the ECJ declared the Privacy Shield as invalid. The data transfer from the EU to the US can no longer be based on this Agreement between the EU Commission and the US Government. The court held…

By Thomas Kahler | July 31, 2020 | Article |
Read more

GDPR – not fit for corona?

Who of us has expected the coronavirus? In Europe, public life has been reduced to zero, we #stay-at-home, companies are going bankrupt, people are loosing their jobs, hospitals are overloaded and people are dying at the end of the day.…

By Thomas Kahler | April 25, 2020 | Article |
Read more

Internal Audit, DPO and the adjustment of Three-Lines-of-Defense-Modell

Internal audit usually follows the Three-Lines-of-Defense-Modell (T-LoD).1 Within this modell the 1LoD is the business line – like sales and marketing. The 2LoD is checking whether the 1LoD adheres to internal policies, external law and adequatly manages the risk. Risk…

By Thomas Kahler | February 29, 2020 | Article |
Read more

Irish DPC: liability for failure to act against Facebook

The divergence between strict legal requirements and poor implementation of the GDPR is significant. One key finding is the reluctance of the Irish DPC1 to take any action against global players like Facebook. Allthogh the Irish DPC has a discretion…

By Thomas Kahler | January 12, 2020 | Article |
Read more

Planet 49 (ECJ): most consents for cookies invalid

The ECJ held a consent requires an opt-in of the user.1 A consent is only valid insofar the user consents in an active and unambiguous manner. It follows, cookies consent is invalid if a controller is using a pre-ticked checkbox.…

By Thomas Kahler | October 1, 2019 | Article |
Read more
  • « Previous

about

DPOblog provides DPOs within the EU with information about the GDPR. DPOblog seeks to initiate a debate with all relevant stakeholders to reach a European understanding of the Right to Data Protection.

Contact

  • CONTACT
  • DATA PROTECTION
  • IMPRINT
  • Schrems II: approval of BCR invalid?

SEARCH

Copyright ©2023 DPOblog | Theme by: Theme Horse | Powered by: WordPress