The EDPB 101 Task Force published a report summarizing its assessment on international data transfers in connection with the use of tracking and analytics cookies (Tracking Cookie). The report is available here. The 101 Task Force comprises of representatives of the supervisory authorities in the EU (SA) and was created back in 2020, in response to the 101 complaints filed by NYOB, a data privacy activism group, regarding data transfers in connection with the use of Tracking Cookies.

Sven Schonhofen
Get your update on IT & data protection law in our newsletter (Winter 2023 edition)
The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
Continue Reading Get your update on IT & data protection law in our newsletter (Winter 2023 edition)
Get your Update on IT & Data Protection Law in our Newsletter (Fall 2022 Edition)
The Fall 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
English version
Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Fall 2022 Edition)
Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)
The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)
Get your Update on IT & Data Protection Law in our Newsletter (Winter 2022 Edition)
The Winter 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
Continue Reading Get your Update on IT & Data Protection Law in our Newsletter (Winter 2022 Edition)
Get your update on IT and data protection law in our newsletter (Holiday 2021 edition)
The German Holiday 2021 edition of the quarterly IT and Data Protection Newsletter has just been released:
…
Continue Reading Get your update on IT and data protection law in our newsletter (Holiday 2021 edition)
German court prohibits U.S. data transfers in “Cookiebot” decision: Why this decision is special and should alert, but not upset your organization
On December 1, 2021, in a much-noted decision, the Administrative Court of Wiesbaden (AC Wiesbaden) handed down a preliminary injunction dealing with international data transfers (case 6 L 738/21.WI, available in German here). In the specific case, there was no data transfer mechanism in place and thus the court ordered the defendant to stop using a cookie consent management platform. Contrary to some reports, the court did not rule that U.S.-based consent management solutions or cookies cannot be used anymore. The injunction can still be appealed and could also be lifted in the main proceedings.
…
Continue Reading German court prohibits U.S. data transfers in “Cookiebot” decision: Why this decision is special and should alert, but not upset your organization
Get your Update on IT & Data Protection Law in our Newsletter (Summer 2021 Edition)
The Summer 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
In this edition we cover the following topics:
- Update on international data transfers
- State Labour Court of Baden-Württemberg: No claim for damages for transferring personal data to the United States on
…
When are Reach Measurement Cookies exempt from the consent requirement?
After Germany became the last EU member state to transpose Article 5(3) of the Directive 2002/58/EC, amended by Directive 2009/136/EC (ePrivacy Directive) into national law, the use of cookies in the EU must meet one of the following requirements:
- The user’s consent, or
- The cookie must be strictly necessary in order to provide the service explicitly requested by the user (Strictly Necessary Cookies).
The category of Strictly Necessary Cookies was previously interpreted rather narrowly. There must be a clear link between the strict necessity of the cookie and the delivery of the service. It is not sufficient that the cookie is merely necessary from an economic perspective to run a website. The Article 29 Working Party in WP194 regarded shopping cart, user authentication, security, load balancing, or multimedia player as use cases for Strictly Necessary Cookies.
The legal basis for so-called Reach Measurement Cookies has been heavily debated. Reach Measurement Cookies are statistical audience measurement tools for websites used to estimate the number of unique users, track the users’ interaction with the website and track down navigation issues. Typically, they have not been regarded as Strictly Necessary Cookies because websites can be provided to the users without measuring the users’ interactions with the websites. At the same time, Reach Measurement Cookies only provide useful findings if every users’ interactions with the websites are tracked.
In this context, the French data protection authority (CNIL) has provided guidelines (Guidelines) under which the Reach Measurement Cookies may be considered as Strictly Necessary Cookies and thus benefit from the consent exemption.…
Continue Reading When are Reach Measurement Cookies exempt from the consent requirement?
Get your Update on IT & Data Protection Law in our Newsletter (Spring 2021 Edition)
The Spring 2021 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:
In this edition we cover the following topics:
- New cookie rules in Germany will apply as of December 1, 2021
- German data protection authorities conduct coordinated audits on international data transfers
…