Publications
Global Data Protection: Strategy Instead of Compliance?
For many corporate managers, data protection law has so far largely been merely a marginal issue in which lawmakers have more or less imposed burdensome regulations on companies. But companies overlook the strategic relevance of data protection regulations.
Germany's Reluctance To Accept European Commission Decisions Concerning The Adequacy Of The Level Of Data Protection In Non-EU/EEA Countries
It is one of the basic mechanisms of the German Federal Data Protection Act (‘‘FDPA’’) to require a statutory permission or a declaration of consent for the collection, processing (which includes storing and transferring) and use of personal data. No permission is needed, however, for exchanging personal data with a data processor in Germany, the European Union or the European Economic Area (‘‘EU/EEA’’) and for having it carry out processing operations, it being understood that the parent company, a company of the same group of companies or an external service provider can be used as data processors. Should such a data processor be located outside the EU/EEA, the FDPA qualifies the exchange of personal data with the processor as a ‘‘normal’’ data transfer and the aforementioned rule applies again.
Data protection: Who can be a Data Protection Officer?
If a company has to appoint a company Data Protection Officer, then the question becomes who will be suitable to carry out the office? Apart from the question of whether an Internal Data Protection Officer or an External Data Protection Officer is more suitable for the company, this article will explain which employees in the company can perform the tasks of the Data Protection Officer and when difficulties may arise when determining the officer.
German privacy laws – a case of hyperdontia?
International groups of companies need international employee data transfers. The principles of the European Data Protection Directive of October 24, 1995 (95/46/EC) as implemented in the various Member States’ privacy acts, such as the German Federal Data Protection Act (“FDPA”), require that any data transfer must pass a two-step test.
Privacy and social networking
In June 2009 the Article 29 Data Protection Working Party, an independent European advisory body on data protection and privacy set up under Article 29 of Directive 95/46/EC (“WP-29”), rendered an opinion on privacy law implications of social networking (“WP-163”). In its WP-163, the WP-29 defines a social network service as “online communication platform which enables individuals to join or create networks of like-minded users” and categorises them as being information society services, as defined in Article 1 paragraph 2 of Directive 98/34/EC as amended by Directive 98/48/EC. The WP-163 stresses that the key phenomenon of social networks lies in the fact that users are asked to provide sufficient information about themselves in order to create a thorough personality profile or description and that moreover such information can easily be distributed to others.
- Privacy law requirements for ranking lists
- Decision 2 BvR 902/06 of the German Constitutional Court: the end of email screening in the workplace?
- IT-security as a management obligation
- U.S. Data Protection According to Safe Harbor: Changes after Decision by German Regulators
- Safe Harbor and Free trade agreement in the wake of the data privacy scandal