Photo of Annette Demmel

Annette Demmel

On July 10, the European Commission formally adopted the EU-U.S. Data Privacy Framework (DPF). The Commission’s adequacy decision (and the documentation package accompanying it, including the FAQ) brings welcome news: for certified DPF participants, personal data can flow between the European Economic Area (EEA) and the United States (U.S.

Legislatures, regulators, and enforcement agencies across the United States and in Germany have turned up the heat on subscription plans within the past year by updating their automatic renewal law (ARL). California and Germany have new ARL requirements starting July 1, 2022. Generally, an automatic renewal or negative option is a paid subscription plan that

In a resolution as of 24 March 2022, the Conference of German Supervisory Authorities in Data Protection (Datenschutzkonferenz – “DSK”) provided guidance for data protection-compliant online trading of goods and services. The key message is that online customers must be given the option of a guest access for their orders. According to the DSK, online

Data Protection ShieldSince the Court of Justice of the EU (“CJEU”) decided in its Schrems II ruling that the Privacy Shield is no longer valid and that  EU Standard Contractual Clauses (SCC) can no longer be used without extra scrutiny and require the implementation of additional security measures by both the EU data exporter and the US data importer, companies are wondering on how they can transfer data to non EU countries. According to the CJEU, the SCCs are still valid, but a level of protection for personal data equivalent to that in the EU must be ensured, which would not be the case if public authorities, such as intelligence services, can access EU personal data without adequate judicial oversight or due process.
Continue Reading German DPA Issues Guidance on Schrems II and the Transfer of Personal Data to Non-EU Countries

Digital ConceptOn February 10, 2020, the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) initiated its first public consultation procedure on the anonymization of personal data, with a particular focus on providers of electronic communication services.  As the European Commission Communication in A European Strategy for Data recognized, anonymized data may be used for many purposes and bring enormous benefits to citizens, for example, by improving mobility and road safety.
Continue Reading Anonymization of Personal Data with Focus on Traffic Data:  First Public Consultation Procedure by the Federal German Data Protection Office

Germany FlagOn June 30, 2017, Germany passed its new Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU), the Act. The Act implements the European General Data Protection Regulation (GDPR) and will enter into force on 25 May 2018. It will replace the former German Data Protection Act (BDSG), which has been in force for nearly four decades. Although the Act is only a supplement to the GDPR, it includes various additional provisions that need to be followed.
Continue Reading Germany Passes New Federal Data Protection Act (Datenschutz-Anpassungs- und -Umsetzungsgesetz EU)