On 17 December 2015, the German Parliament (Deutscher Bundestag) passed a bill on the improvement of enforcement of data protection provisions protecting consumers (Entwurf eines Gesetzes zur Verbesserung der zivilrechtlichen Durchsetzung von verbraucherschützenden Vorschriften des Datenschutzrechts). Under the new law, registered consumer associations will have the right to sue companies for violations of data protection laws (“class actions”). To this aim, certain amendments will be made to the German Injunction Act (Unterlassungsklagengesetz). The bill is subject to signing by the Federal President and announcement in the Federal Law Gazette (Bundesgesetzblatt). The new law will enter into force one day after announcement in the Federal Law Gazette.
Continue Reading Germany to expand consumer associations’ right to sue companies for breach of data protection laws
The French CNIL officially requires the use of EU Model Clauses as a quick fix for businesses impacted by the recent Safe Harbor ruling of CJEU – Companies must be compliant as of end January 2016
On 19 November, the CNIL released an article in order to provide companies impacted by the recent CJEU ruling on invalidation of Safe Harbor with guidance on the next steps. The article was published at the same time the CNIL sent a mailing to all data controllers relying on Safe Harbor to fix the issue.
Safe Harbor update: European Commission issues communication following Safe Harbor invalidation – Safe Harbor 2.0 in three months?
On 6 November, the European Commission released a communication on the implications of the Court of Justice of the European Union’s decision invalidating the Safe Harbor framework.
The key message, which echoes previous announcements by data protection authorities and the Article 29 Working Party, is that data exporters are ultimately responsible for ensuring that transfers
Round-up of Safe Harbor guidance issued by EU Data Protection Authorities
October has been a busy month for Data Protection Authorities in the EU. Following the Court of Justice of the European Union’s judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14) on 6 October, uncertainty ruled. Businesses and DPAs alike struggled to come to terms with the implications of the invalidation of Safe Harbor. This
Apps and Data Privacy – New Guidelines from the German DPAs
Under the auspices of the Bavarian state data protection authority, the so-called Düsseldorfer Kreis (an association of all German data privacy regulators for the private sector) on June 23 published guidelines for developers and providers of mobile apps. Since mobile applications increasingly become the focus of regulators, the guide points to data privacy and technical