Tag

Germany

Browsing

The German legislator has, in principle, adopted the Network Enforcement Act (NEA) (in German: “Netzwerkdurchsetzungsgesetz”) which will impose stringent new obligations on social media platform providers in relation to unlawful content. This an attempt to more effectively combat fake news and hate speech. Click here for our detailed client alert.Who will the NEA apply to?The NEA will apply to, and impose obligations on, providers of social media platforms that have at least two million registered…

Germany is one step closer to new data protection rules as the German Parliament and the Federal Council have both approved the draft of a new Federal Data Protection Act (Bundestag printing matter 18/11325). The purpose of the draft is to align German data protection law to the European General Data Protection Regulation (“GDPR”), which will be applicable as of May 25, 2018. The new law is intended to replace the existing Federal Data Protection…

As corporations continue to develop innovative business models and conduct field trials with Unmanned Aircraft Systems (“UAS”) or drones in the United Kingdom[1], France[2], and Germany[3], the regulatory framework must adapt to take into account the increased use of drones. On the one hand, the use of airspace by hobby pilots poses serious safety risks to air traffic, to persons on the ground, and data privacy. On the other hand, the innovative commercial use of…

German Data Protection Authority fined a company for having the IT manager appointed as Data Protection Officer – A greater risk under the European General Data Protection Regulation?According to the German Federal Data Protection Act (“FDPA”) companies must appoint a Data Protection Officer (“DPO”) if (inter alia) at least ten persons are involved in the automated processing of personal data. Companies may choose to appoint an employee of the company as an internal DPO or…

The Data Protection Authority (“DPA”) of Hamburg, one of 16 German State DPAs, has issued fines against three companies for failing to implement alternative data transfer mechanisms following the invalidation of the European Commission Safe Harbor adequacy decision in October 2015. The fines range from EUR 8,000 to EUR 11,000 for each company.This is the most high-profile example of a DPA taking action against companies for continuing to transfer personal data from Europe to the…

In March 2016, the Duesseldorfer Kreis, an association of the German data protection authorities, issued guidance on obtaining consent from data subjects (“Guidance”). The Guidance provides helpful instructions and recommendations for drafting consent forms when obtaining consent in written or electronic form and is available here (in German language). Businesses subject to German data protection law would be well advised to review and revise their consent forms in light of the Guidance. BackgroundIn many cases the…

On 24 February 2016, an amendment to the German Act on Injunctive Relief came into force entitling eligible associations to bring cease and desist actions against companies for violations of certain data protection provisions. So far, in Germany, only affected individuals and data protection authorities (and in some very limited circumstances competitors and consumer associations) had standing to sue companies for data protection infringements. Large technology companies (including non-EU companies) targeting data subjects in Germany…

On February 5, 2016 the German data protection authorities, issued guidance (available in German) for private sector organisations explaining when and how an employer may monitor its employees’ work email account and Internet usage (“Guidance”). German employers would be wise to structure their monitoring activities to comply with the Guidance. 1. Threshold QuestionThe applicable legal framework, which determines whether and how an employer may monitor its employees’ work email accounts and Internet usage, depends on…

Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data. Data is everywhere, and everyone is working to maximize its organizational value, while avoiding wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout. This is the result, in large part, of new legislation, heightened regulatory scrutiny and marketplace expectations, and increased dependence on service providers for core…

On November 6, 2015, the German “Bundesrat” (the legislative body representing the 16 German states) approved a bill introducing a new national Data Retention Act (“DRA”). The bill had previously been approved by the German Parliament and now awaits the Federal President’s signature as a last step before it will likely enter into force before the end of 2015.What Does The DRA Prescribe?The DRA introduces data retention obligations for providers of publicly available telecommunications services…