The strong legal position of the DPO, which is provided by the GDPR, does not prevent the DPO1 in practice of the risk of either being sued or being fired by the controller. Role of DPO according to GDPR The…
Data breach: 72 hours period extended on weekend
GDPR requires companies to notify data breaches to the supervisory authority „…without undue delay and, where feasible, not later than 72 hours…“1 Insofar the notice period of 72 hours would include weekends companies were required to organise an urgency duty…
In the face – of Facebook
Landmark decision of German Anti-trust Authority In a landmark decision the Bundeskartellamt (German Antitrust Authority) is prohibiting Facebook from combining user data from different sources – of its subsidiaries like Whatsapp and of other third parties.1 The decision of the…
Microsoft is driving its customers into non-compliance
Microsoft is secretly transferring data of user’s behaviour to the US for its own purpose. With this misuse of data Microsoft is driving its customers into non-compliance since the data transfer to Microsoft is lacking a legal basis. In addition,…
Facebook-hack: stress test for Irish DPA
Facebook has reported a hack of 3 million European users personal data to the Irish DPA.[1] The Irish DPA is under pressure to answer to the key question of GDPR: do national DPAs have the power to force multinationals like…
IT maintenance is ‘data processing on behalf’ according to German DPAs
With the application of the GDPR the question how to qualify IT maintenance in terms of data protection arises. This aspect is of great relevance while any software contains personal data. E.g. Microsoft, Oracle and SAP process personal data of…
Google is tracking location of users without consent
Associated Press (AP) has reported that Google is tracking the location of Android-users without their consent.[1] Adroid provided an option to activate the location setting to its users. Although users did not activate the location setting Google tracked the location…