The Summer 2023 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
This edition covers the following topics:
- New adequacy decision for EU-U.S. data transfers
- CJEU: Requirements for GDPR damage claims
- CJEU: Lawfulness of processing in case of Art. 26 and 30 GDPR violations
- CJEU: News on the right to be forgotten
- Advocate General: Objective criteria for determining joint controllership (Article 26 of the GDPR)
- General Court: Personal data or not? No real news in seemingly clarifying judgment
- CJEU: B2B terms and conditions can be incorporated into written contracts via links
- CJEU: Companies not entitled to compensation if they forget to inform about right of withdrawal from contract
- EU Commission proposes ‘GDPR Procedural Regulation’
- Cologne District Court: Button solution also applies to termination of transportation contracts by email
- Berlin Administrative Court: Data subjects must identify themselves where the controller has reasonable doubts
- Email marketing update
- Federal Labour Court: Use of video recording in dismissal protection proceedings despite data protection concerns
The newsletter also includes multiple recommendations for readings on the AI Act, DMA, DPO conflicts of interests, cookies, pay or accept models, sovereign clouds, targeting of political advertising, the European Health Data Space, new employee data protection provisions in Germany, and more. We also included an overview over the 2023 annual reports of the German data protection authorities.
We hope you enjoy reading it.