The German Federal Ministry for Digital and Transport (Bundesministerium für Digitales und Verkehr – BMDV) has drawn up a new draft bill which shall introduce:

  • (i) a statutory obligation for providers of number-independent interpersonal communication services (e.g. instant messaging services) to allow their users to use end-to-end encryption (“E2EE”), and (ii) a statutory transparency obligation for such providers to inform their users accordingly; and
  • a statutory transparency obligation for providers of certain cloud services to inform their users about how to use continuous and secure encryption (“Draft Bill”).

The Draft Bill (status 7 February 2024), which does not have any basis in EU law, is available here (German content).Continue Reading Germany’s government plans to introduce a statutory ‘right to encryption’ for users of messaging and cloud storage services

The Court of Justice of the European Union (“CJEU”) issued a judgment on the 9th of February 2023 (docket no. C-453/21), which addresses the question of the dismissal of a Data Protection Officer (“DPO”) and the interpretation of Article 38 of the EU GDPR.Continue Reading CJEU rules on DPO conflicts of interest under the GDPR

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day.

What’s new in data protection in the EU

It has been a busy few weeks in the EU for all things data protection, particularly data transfers. Cynthia O’Donoghue and Andy Splittgerber walk us through the new Standard Contractual Clauses (SCCs) for international transfers and for controllers to processors, the newly issued EDPB Supplementary Measures Recommendations, and the UK adequacy decision. (18 mins)

M365 in 5: Compliance and governance in M365

E-Discovery consultant Lighthouse returns to our M365 in 5 series for a discussion about the importance of compliance and governance in M365 and collaboration among stakeholders to balance risk and business needs. Reed Smith’s Anthony Diana and Therese Craparo join Lighthouse’s John Holliday to discuss implementing controls and managing data to mitigate risk. (8 mins)Continue Reading Tune in for the latest updates on our Tech Law Talks podcast

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends. We cover product and technology development to operational and compliance issues that technology practitioners encounter every day.

On this channel, we host regular discussions about the legal and business issues around data protection, privacy and security; data

The Interstate Treaty on Media (Medienstaatsvertrag – MStV) has finally been ratified by all 16 German federal states and can now enter into force. On 28 October 2020, the Parliament of Mecklenburg-Vorpommern – the last German federal state to ratify the MStV – adopted the Act ratifying the MStV. Ratification of the MStV by all German federal states is a precondition for the MStV entering into force.

The MStV is the German implementation of the EU Audiovisual Media Services Directive 2010/13/EU, as amended by Directive 2018/1808/EU.

The MStV replaces the current Interstate Treaty on Broadcasting (Rundfunkstaatsvertrag – RStV) and is considered an important milestone in media policy. It is an essential part of the national efforts to modernise the media landscape and to make the German legislative framework fit for the next level of digital media. Consequently, the MStV focuses on services beyond the category of broadcasting, i.e., telemedia services, as well as on broadcasting. With media intermediaries, media platforms, user interfaces and video-sharing-services, the MStV applies to many players on the media market.
Continue Reading Germany’s next steps in digitization: Finally, the new Interstate Treaty on Media has been ratified by all German federal states

The COVID-19 pandemic has hit the brand ambassador and influencer industry in different ways. Social media engagement is up. Screen times have increased. Advertising campaigns of brand ambassadors for organizations and influencers might have been adjusted. Self-quarantining audiences have different demands. With the strong trust from their followers, influencers on social media channels such as

On July 20, 2019 the German tax court for the federal states of Berlin and Brandenburg published the first decision of a German tax court on the qualification of “bitcoins” in a provisional legal protection procedure.

The court confirmed that a bitcoin qualifies as an “asset” for German taxation and (tax) accounting purposes.

At the

After a month of rumors, uncertainty, and German data protection authorities being nontransparent, the German conference of data protection authorities (Datenschutzkonferenz, DSK) published the concept for calculating administrative fines for data protection violations (Concept, available here) on October 16, 2019.

The Concept sets out a standardized approach regarding the calculation of administrative fines in accordance with article 83(4) and (5) of the General Data Protection Regulation (GDPR) and also takes into account the circumstances of the individual case as described in article 83(2) GDPR. The Concept provides a uniform determination of administrative fines under GDPR without losing the flexibility to consider the individual case and situation of the violating person or organization (Violating Entity).

The Concept is not binding on courts, non-German authorities, or the European Data Protection Board (EDPB) and shall only be used for violations in Germany that are not cross-border cases. The Concept shall only be used until the EDPB has issued its own guidelines for the determination of fines under article 83 GDPR. In addition, the Concept shall not be used for fining associations or natural person outside of their economic activity.

In this blog, we explain the five-step procedure that the DSK applies in the calculation:Continue Reading Calculation of administrative fines under GDPR – standardized concept published in Germany

In its recent decision of 11 June 2019 (docket no.: 4 U 760/19, available here), the Dresden Court of Appeals (Oberlandesgericht Dresden – Court of Appeals) had to decide on claims for damages under Article 82 GDPR with regard to minor violations of the GDPR.

Background

The defendant, the provider of a social