The Regional Labor Court (LAG) of Baden-Württemberg, in its ruling of December 20, 2018 (Ref. 17 Sat 11/18), granted an employee a comprehensive right to information against his employer with regard to all personal data collected about his person. The right to information was explicitly confirmed in relation to personal data resulting from internal investigations and data from potential whistleblowers ...
The Regional Labor Court (LAG) of Baden-Württemberg, in its ruling of December 20, 2018 (Ref. 17 Sat 11/18), granted an employee a comprehensive right to information against his employer with regard to all personal data collected about his person. The right to information was explicitly confirmed in relation to personal data resulting from internal investigations and data from potential whistleblowers ...
Companies will need to take appropriate steps in the future to protect their secrets. The new law on the protection of trade secrets places greater demands on the sensitivity of secrets to this extent. Whistleblowers can also reveal trade secrets with impunity - one more reason to set up a whistleblower hotline. Reverse engineering will be a permissible way of acquiring a trade secret in the future ...
On 13 March 2019, the State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg (LfDI BaWü) published the latest version of his guidebook on employee data protection. In this brochure, the LfDI BaWü offers an insight into his work and explains his opinion regarding the various points of view surrounding employee data protection ...
In its decision from February 7, 2019, the Bundeskartellamt prohibited Facebook from the further processing of user data which it has generated from so-called third party sources. In order to make use of these personal data in future, Facebook will need the consent of the data subject as defined by the General Data Protection Regulation (GDPR). It remains to be seen whether this will be granted by the majority of users. 1 ...
The General Data Protection Regulation (GDPR) provides for a significant increase of the maximum possible fine for legal infringements compared to previous data protection legislation. Fines of up to 20 million euros or 4 percent of the worldwide annual turnover, whichever is higher, can be imposed (Art. 83 para. 5 GDPR). Yet, the first few months after the introduction of the GDPR in May 2018 were uneventful in this regard. That is now changing, however ...
The use of the Internet without the use of search engines, which list links to Internet pages after keywords have been entered, is almost unthinkable. In the context of the search results, however, websites may appear that contain personal data and thus fall within the scope of the GDPR ...
The Brexit Withdrawal Agreement negotiated between the European Union and the United Kingdom envisaged that during the United Kingdom's transitional period data protection legislation would have been treated in the same way as with the countries of the European Economic Area. This would have allowed a transfer of personal data from the European Union to the United Kingdom without additional measures to ensure adequate levels of data protection ...
The Court of Justice of the European Union (ECJ) must currently clarify whether and how website operators can legally integrate the so-called "Like" button of Facebook on their website (Case C-40/17). A German online retailer had integrated the "Facebook Like" button into their online shop. Due to the functionality of the "Facebook Like" button, personal information was transmitted to Facebook Ireland each time the website was visited, including the IP address ...
Under its Article 88(1), the GDPR allows Member States to draw up their own rules for the area of employee data protection. Germany has taken advantage of this option with Section 26 of the Federal Data Protection Act (BDSG). The first sentence of Section 26(1) already applies while the decision to establish an employment relationship is made and hence it needs to be taken into account early in the application process ...
The necessity of the contemplated Real Estate Transfer Tax Act amendments has been subject of intense discussions. The finance ministers of the German states reached agreement on introducing new tax provisions and on extending the scope of existing rules in June and November 2018 ...
Inland ports are of significant importance for handling of freight. Most inland ports are trimodal (road, railways and waterways) and have the necessary infrastructure to handle freight coming from all over the world. Recent State aid measures address the increasing importance of inland ports and allow subsidisation predominantly for constructing infrastructure ...
The ePrivacy Regulation was actually supposed to enter into force on May 25, 2018 jointly with the EU General Data Protection Regulation. Now it is expected to go into effect in 2019 at the earliest. It has new provisions in store, particularly for online marketing. The ePrivacy Regulation is intended to replace the current European ePrivacy Directive (2002/58/EC) and the Cookie Directive (2009/136/EC) ...
These days more and more use is being made of the Treaty rules on State aid. The European Commission is using the State aid rules in an innovative way to take over competence from the Member States in tax regulation by challenging the selectivity of national measures or rulings, which give preferable treatment to certain taxpayers ...
I. Introduction According to a Bitkom study from September 2018, German industry has incurred a total loss of 43 billion euros as a result of cyberattacks over the past two years. Seven out of ten industrial companies have been victims of such attacks during this period. At EU level, there has recently been a growing discussion on how to face this mounting danger ...
Since the GDPR has been in force, almost every company has, among other things, dealt with issues of the permissibility of direct marketing and other marketing activities under data protection law. At their data protection conference on Nov. 07-08, 2018, the German data protection supervisory authorities issued a new "orientation guide" on this topic (as of November 2018) ...
The large number of vague terms as well as provisions requiring interpretation in the GDPR create significant application issues for companies. However, it becomes even more of a challenge if companies not established in the EU want to review whether the GDPR is applicable to them. Generally speaking, the European legislator set themselves the goal of creating the most extensive territorial scope of the GDPR possible ...
When auditing annual financial statements, auditors are required to draw attention to risks that potentially threaten the company. Such risks can result for example from failure to implement the EU General Data Protection Regulation (GDPR) that has been in force since May 25, 2018. Given the substantial fines envisaged in the GDPR, these risks can result in high provisions, in the worst case in refusal on the part of the auditor to issue an unqualified audit opinion ...
It is now more than four months since the EU General Data Protection Regulation (GDPR) became law in all member states of the European Union. Time for an initial and brief interim assessment, and to outline the data protection challenges currently facing companies. Feared spamigation has not materialized To date, the widely feared mass sending of cease-and-desist letters (spamigation) has largely failed to materialize ...
Many companies are currently facing challenges in relation to the GDPR compliance of their video surveillance. Main issues in this respect are questions related to transparency requirements and information notices, the need for a data protection impact assessment as well as questions concerning retention requirements and retention periods. The German Federal Labor Court (BAG) has recently commented on the admissible storage duration of lawful video recordings ...
The General Data Protection Regulation (GDPR) also affects the working relationship between the employer and the works council. Among other things, it affects the use of works agreements as legal basis, the (possible) responsibility of the works council under data protection law, as well as the controlling authority of the company data protection officer over the works council. WORKS AGREEMENT AS INFORMATION PURSUANT TO ART ...
Photography by promoters and artists is an integral part of any kind of event. Since the General Data Protection Regulation (GDPR) came into effect, the legal requirements for videos and photos depicting people however have to be reassessed. In the past, most member states of the European Union had their own regulations regarding photos that show individual persons ...
Article 35 GDPR requires companies to carry out a so-called data protection impact assessment if based on the nature, scope, context and purposes of the processing, the processing is likely to result in a high risk to the rights and freedoms of natural persons, Art. 35 (1) Sentence 1 GDPR. The company must then document the processing procedure, identify the risks to the rights and freedoms of the natural persons, and explain what remedial measures the company is taking ...
Many companies use so-called tracking tools on their website to analyze the use of the website by their visitors, and possibly also to carry out advertising activities on the basis of user profiles created with the tracking tools. These tracking tools mainly use cookies, i.e. small files that can identify a user of a website and that are deposited on the respective user's computer ...
Under Art. 26 GDPR, "joint controllers" must find an agreement on the data protection obligations between themselves. If they do not do so, they risk a fine pursuant to Art. 83 (4) GDPR. However, the question of when Joint Controllership applies is still a matter of dispute. REQUIREMENTS FOR A JOINT CONTROLLERSHIP Under Art. 26 (1) GDPR, where two or more Controllers jointly determine the purposes and means of processing, they must be classified as "Joint Controllers" ...
