by Klaus Meffert// The TTDSG is the new German law for regulating privacy issues, which inter alia will implement the EU ePrivacy directive and will take effect in December 2021. § 26 TTDSG introduces the personal information management system (PIMS)…
Too much information, too little competition: on the interplay of competition and privacy
Aline Blankertz // More and more investigations by competition and data protection authorities deal not only with one of privacy and competition, but both at a time. Experts argue that “the misuse of consumer data and harm to privacy is…
Riders’ personal data – Italian DPA fines Foodinho
Vincenzo Diego Cutugno // In the last few months, the Italian supervisory authority (“Garante per la protezione dei dati personali” or “Garante”) imposed some significant administrative fines on two major food delivery companies operating in Italy: Foodinho and Deliveroo. In…
Schrems vs. Facebook – Austrian Supreme Court refers Preliminary Proceeding to EUCJ
by Gerald Trieb and Antonia Kühberger// In a long-standing civil case between Max Schrems and Facebook Ireland Inc., the Austrian Supreme Court (“Oberster Gerichtshof”, OGH) decided to refer a number of questions to the Court of Justice of the European…
Chinese Personal Information Protection Law – A brief overview
//by Takaya Terakawa// China has been actively updating its data protection legislations since 2017. Due to the limited English information, many privacy professionals outside of China are in trouble with understanding the overview of data protection related legislations in China.…
Goodbye cookies? – How online tracking will change
//by Kristin Benedikt// For years, the EU has been struggling to find a new legal framework for the Internet. It is not just a question of the confidentiality of electronic communication or data security. The key issue is still the…
The Artificial Intelligence Act (AIA) – a brief overview
//by Behrang Raji// The European Commission published its draft on the regulation of AI on 21.04.2021. It is an extensive work with 89 recitals, 85 articles and further annexes. Throughout, it becomes clear that the draft attempts a very difficult…
Dark Patterns – did they just trick you with a “don’t not opt out”
//Aprajita Tyagi// We have all heard about the TurboTax fiasco1 where the company hid the U.S. government-mandated free tax-file program for low-income users. They hid this option on their website to get these users to use their paid program. But…
Virginia Follows California with a Comprehensive State Privacy Law
By Michael Shapiro// On March 2, 2021, Virginia became the second U.S. state, after California, to enact a comprehensive consumer privacy legislation. Inspired by the GDPR and the California Consumer Privacy Act, the Virginia Consumer Data Protection Act (VCDPA)1 introduces…
EDPB: No “Swapping“ of legal basis
The EDPB requires controller to specify the legal basis for the respective data processing. Whereas, the wording of Art. 6 GDPR leaves the option to refer to one or to several legal basis, the EDPB is more restrictive. According to…