Germany: Results of a cross-industry audit of 50 companies
State Data Protection Commissioner of Lower Saxony has now submitted its final report for the result of a cross-industry GDPR-audit of 50 companies.
Find below the press release with
- questionnaire
- *criteria for evaluating the responses*
- final report
*Only in German”.. As expected quite a few didn’t get their legitimate interest assessments right, etc..
https://lfd.niedersachsen.de/startseite/allgemein/presseinformationen/abschluss-der-querschnittsprufung-182253.html
Italy – Garante: Report
EDPB Opinions
EDPB Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
includes
“[..]
49. The EDPB does not consider that Article 6(1)(b) would generally be an appropriate lawful basis for processing for the purposes of improving a service or developing new functions within an existing service. In most cases, a user enters into a contract to avail of an existing service. While the possibility of improvements and modifications to a service may routinely be included in contractual terms, such processing usually cannot be regarded as being objectively necessary for the performance of the contract with the user. ”
Also the EDPB again gives special attention to personalisation, saying that where personalisation is not really necessary for the performance of a contract, eg where content personalisation is just used to increase user engagement, data controllers should consider another legal basis
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines-art_6-1-b-adopted_after_public_consultation_en.pdf
Article: Complexity Theory: Facebook on privacy, part 1: ‘You agreed to it’ incl. How tagging works,
Germany – DSK: Orientierungshilfe für Anbieter von Telediensten (covers cookies, social media plugins, trackers, etc)
Article: Germany – Datenschutz im Beschäftigtenverhältnis
Data protection in the employment context
https://diercks-digital-recht.de/2019/10/datenschutz-im-beschaeftigungsverhaeltnis-teil-2-zeit-mit-den-mythen-aufzuraeumen-und-endlich-das-notwendige-zu-tun/
Consolidated version of GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)
Deutsche Wohnen SE – 1.4 mio EUR fine (not final)
DLA Piper:
- https://blogs.dlapiper.com/iptgermany/2019/11/06/berlin-data-protection-authority-imposes-eur-14-5-million-fine-for-data-cemetery/
- https://blogs.dlapiper.com/privacymatters/germany-berlin-data-protection-authority-imposes-eur-14-5-million-fine-for-data-cemetery/
https://www.cr-online.de/blog/2019/11/05/duennes-eis-berliner-datenschuetzer-verhaengen-millionenbussgeld/
br>
Statement by Deutsche Wohnen SE:
https://www.deutsche-wohnen.com/ueber-uns/presse/pressemitteilungen/deutsche-wohnen-geht-gegen-bussgeldbescheid-der-berliner-beauftragten-fuer-datenschutz-und-informationsfreiheit-vor/