Author

Julia Kaufmann

Browsing

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures.  Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals.  The Guidelines are currently open for public consultation. The Guidelines…

Happy Data Protection Day! The 28 January each year is celebrated as Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europe’s Convention 108. To mark Data Protection Day 2021, we have summarised some of the key trends and developments in the EU, UK and beyond from a data protection perspective and looking ahead to what to expect for 2021. You can jump to specific country…

In its “Schrems II” opinion issued July 16, the Court of Justice of the European Union did not reach any findings on the EU Commission’s decisions 2001/497/EC or 2004/915/EC, i.e., the standard contractual clauses for the transfer of personal data to controllers. However, the rationale behind the CJEU’s ruling on the controller-to-processor SCCs, as well as on the EU-U.S. Privacy Shield, suggests two things with respect to controller-to-controller SCCs: The additional measures for transfers under C2P SCCs…

The Digital-Supply-Act (Digitale-Versorgung-Gesetz, “DVG”), which aims to further promote digitization in the German health care system, entered into force on 19 December 2019 and regulates, inter alia, the prescription of Digital Health Apps by HCPs (including the cost bearing by statutory health insurance). Patients insured with statutory health funds are eligible for reimbursement of Digital Health Apps. As of this August, prescription for Digital Health Apps will be available, according to statements made by the…

The so-called Omnibus Directive 2019/2161[1] is part of the European Union’s ‘New Deal for Consumers’ initiative aimed at amending four legal acts, namely Council Directive 93/13/EEC (unfair contract terms), Directive 98/6/EC (price indications), Directive 2005/29/EC (unfair commercial practices) and Directive 2011/83/EU (consumer rights – “Consumer Rights Directive”) in order to improve and modernise consumer protection legislation and to strengthen their enforceability. The EU Member States must transpose the Omnibus Directive into national law by November…

It has been two years since the GDPR came into force on 25 May 2018 and during that time, we have seen more guidance published at an EU level as well as from data protection authorities in Member States which has impacted how organisations approach areas of GDPR compliance. We have also seen enforcement action from data protection authorities across the EU and UK. There have also been other significant developments, over the past two…

On 4 May 2020 the European Data Protection Board (“EDPB”) adopted updated guidelines on consent under the GDPR (the “New Guidelines”). The New Guidelines supersede the guidelines on consent originally adopted by the EDPB’s predecessor, the Article 29 Working Party, on 10 April 2018 (the “2018 Guidelines”), and subsequently endorsed by the EDPB. The New Guidelines clarify the EDPB’s position on two specific issues: Cookie Walls – consent is not valid if access to a…

The European Data Protection Board (EDPB) has published its draft guidelines on processing personal data in the context of connected vehicles for public consultation. The Guidelines have a wide reach and will apply to more than just vehicle manufacturers. We have summarised the key points and recommendations from the EDPB in the Guidelines below. The public can provide comments to the EDPB until March 20th, 2020. Thereafter, the EDPB will finalize and adopt the Guidelines,…

In this episode of Connect On Tech, your host ​Brian Hengesbaugh is joined by Julia Kaufmann, a partner at Baker McKenzie in Munich. In this episode, you will learn about: The Planet49 case and the ruling of the Court of Justice of the European Union Broader implications this case has beyond sweepstakes operators, how it will impact all website operators, and the huge elements of change in regards to cookies and affirmative consent Open questions…