The Summer 2023 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version
German versionContinue Reading Get your Update on IT & Data Protection Law in our Germany Newsletter (Summer 2023 Edition)

The Court of Justice of the European Union (“CJEU”) issued a judgment on the 9th of February 2023 (docket no. C-453/21), which addresses the question of the dismissal of a Data Protection Officer (“DPO”) and the interpretation of Article 38 of the EU GDPR.Continue Reading CJEU rules on DPO conflicts of interest under the GDPR

The winter 2023 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German versionContinue Reading Get your update on IT & data protection law in our newsletter (Winter 2023 edition)

On 6 October 2022, the Advocate General (Campos Sánchez-Bordona) issued his opinion in UI v Österreichische Post AG on the interpretation of the rules on civil liability under the GDPR .

He concluded that a data subject must have suffered harm in order to claim compensation, and that breach of the GDPR alone was not sufficient.  There is also a distinction to be drawn between mere upset (which does not give rise to a right for compensation) and non-material damage (which does).Continue Reading ‘Mere upset’ insufficient for compensation under the GDPR

The Summer 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German versionContinue Reading Get your Update on IT & Data Protection Law in our Newsletter (Summer 2022 Edition)

The Winter 2022 Edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released:

English version

German versionContinue Reading Get your Update on IT & Data Protection Law in our Newsletter (Winter 2022 Edition)

Two Chinese information security laws, the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”), are creating difficulties for parties involved in litigation in the United States seeking discovery materials stored in China.

Both the DSL and the PIPL require data processors to obtain approval from the Chinese government before transferring any data stored in China to a foreign court or law enforcement authority, or otherwise face significant penalties such as fines in the millions of dollars.

Litigants in the U.S. should be aware that the DSL and PIPL may impose significant costs and delays in the discovery process, and may be used to avoid turning over certain materials.Continue Reading Chinese data security laws increasingly create roadblocks for litigants seeking discovery in U.S. courts

In a recent decision of December 19, 2021, case no. 1 BvR 1073/20 (published with an official press release dated February 2, 2022), the German Federal Constitutional Court (Bundesverfassungsgericht – BVerfG) set aside several judgments of the Berlin civil courts. The Berlin civil courts had denied the plaintiff, who alleges she was exposed to hate speech on a social network, the right to demand from the operator of the social network access to customer data, i.e., the full names of the users who had posted the content that the plaintiff considered to be hate speech. In the view of the BVerfG, the Berlin courts had failed to properly balance the parties’ interests and thereby had violated the plaintiff’s fundamental rights.
Continue Reading Germany’s Federal Constitutional Court provides guidance for assessing claims against hate speech on social media

In a judgment handed down by the UK Court of Appeal on 21 December 2021 ([2021] EWCA Civ 1952, available here), Walter Soriano, the claimant, was granted his cross-appeal, giving him permission to serve Forensic News LLC and four other defendants in the United States with proceedings under the General Data Protection Regulation (GDPR). The appeal came from the High Court, which had previously refused such permission on the basis that the claimant could not demonstrate that the claim satisfied the test for serving claims outside the jurisdiction. The reason given by the High Court was that the processing of the claimant’s personal data did not fall within the territorial scope of the GDPR. The Court of Appeal therefore revisited the GDPR’s territorial scope as part of this appeal and decided the claimant had an arguable case and could therefore serve the claim outside the jurisdiction.
Continue Reading UK’s Court of Appeal assesses territorial scope of GDPR