Arbeitsrecht. Weltweit.

Tagged: data protection


What personal data can organisations process in the fight against coronavirus?

Due to the outbreak of COVID-19, organisations are taking various preventive measures to prevent the spread of the virus. These range from questionnaires (about recent destinations, medical symptoms, etc.) to measuring body temperature (with a thermometer or even with thermal imaging cameras) and taking immunity tests. As part of these measures, in most cases employees’ and visitors’ personal data will be processed. How far can an organisation go in processing this data? Ganzen Artikel lesen


European Court of Justice – A ‘Like’ button on your website? Then you are a joint data controller with Facebook!

Website operators who feature a ‘Like’ button have been ruled to be joint controllers for data protection purposes in a recent European Court of Justice judgement. In a judgment of 29 July 2019 (Fashion ID GmbH & Co, C-40/17) the European Court of Justice ruled that operators of a website that features a ‘Like’ button are controllers jointly with Facebook.  Ganzen Artikel lesen


UK: No deal #Brexit and data protection

This article discusses the impact of a no deal Brexit on data protection issues for businesses transferring data to or from the UK and how they should prepare for this possibility. With the Brexit D-day of 29 March looming, organisations have asked us to help prepare a Brexit Data Response Plan in case of a potential no deal Brexit. Building on the UK Information Commissioner’s Office (ICO); and Department for Digital, Culture Media & Sport (DCMS) Guidance Notes, we provide below some data protection considerations and sensible actions to take to ensure that your organisation’s data governance is ready. Ganzen Artikel lesen


Europe: International data transfers – are model clauses now under threat?

UK 2017
Max Schrems, an Austrian law student successfully brought a case to the European Court of Justice in 2015 that resulted in the “safe harbour” – an agreement that allowed the transfer of EU citizens’ data to the US - being declared invalid. Since then, transfers outside the EU have largely been conducted based on previously approved ‘model clauses’. But Mr Schrems has now brought a case to the Irish High Court questioning the adequacy of those clauses and the Court has been given approval to ask the European Court of Justice whether transfers based on them are adequately protected. Ganzen Artikel lesen


Russia: double burden data protection

Datenschutz Betriebsvereinbarungen
The GDPR applies to the entities having establishments within the EU, as well as to those that do not have a physical presence in the EU where their processing activities, either as a data controller or processor, are related to the ofering of goods or services to data subjects in the EU, or to the monitoring of data subjects’ behaviour taking place within the EU. For this reason, Russian e-commerce companies and other online services are becoming concerned about the application of the GDPR and potential EU sanctions, which are much higher than the sanctions for breaches of Russian privacy laws.

Ganzen Artikel lesen


EU General Data Protection Regulation (GDPR) – countdown of one more year

Die EU-Datenschutz-Grundverordnung – noch ein Jahr bis zur Anwendbarkeit
- bi-lingual posting / zweisprachiger Beitrag -
The European General Data Protection Regulation (GDPR) will become applicable throughout the European Union on 25.05.2018, with additional national legislation. By then, companies need to be compliant. The German Bundesrat has recently passed the new Bundesdatenschutzgesetz, which will adapt the European Regulation into national German law. This means that now there is full clarity about the wording of the new law. Ganzen Artikel lesen


The right to be forgotten – ECJ ruling on Italian data protection case

The European Court of Justice (ECJ) recently ruled on an Italian case in which the director of a company, a Mr Manni, had brought an action against the Lecce Chamber of Commerce. He had built a tourist complex in Italy, but argued that the properties had failed to sell because it was apparent from the companies register that he had been involved in a company that had gone bankrupt in 1992 and was wound up in 2005. He believed he had a ‘right to be forgotten’ in relation to the data held about that company in the companies register. The ECJ disagreed. Ganzen Artikel lesen