CJEU: Breyer vs. Germany

CJEU landmark decision in the case Breyer v. Federal Republic of Germany (decision dated 19 October 2016, case number C-582/14).

DLA Piper analysis

https://blogs.dlapiper.com/privacymatters/ecj-dynamic-ip-addresses-constitute-personal-data-and-german-law-not-compliant-with-data-protection-directive-by-jan-spittka-and-jan-pohle/

David Vasella

http://datenrecht.ch/bgh-i-s-breyer-vi-zr-13513-16-5-17-personenbezug-dynamischer-ip-adressen/

IAPP article

https://iapp.org/news/a/in-breyer-decision-today-europes-highest-court-rules-on-definition-of-personal-data/

 

(from 2016) – Lessons from living with high privacy fines (Spain)

The GDPR introduces some very high fines for violations, and for many countries in Europe this will be a major change. – In this context, it’s interesting to have a look at Spain, where the Data Protection Authority can already enforce  fines of up to 600,000 EUR since several years.

Ricard Martinez of the Spanish Data Protection Association APEP wrote a very interesting article on the challenges that come with high privacy fines.

My key take-aways from his post are:

  • The total annual amount of fines in Spain is between 15 to 20 mio EUR in the last decade.
  • The majority of the sanctioned companies are in the telecommunications, video surveillance, and financial industries. Their relative share stays about the same year by year. – So the high fines do not appear to be a crucial deterrent.
  • The legislator had to modulate the sanctions to balance the impact on small and medium enterprises. – It’s important that the DPAs harmonize around this before the GDPR becomes effective, as the overall effect might be unfair.
  • The volume of complaints is steadily increasing from year to year. This has an impact on the ability of the DPA to take actions:  The number of actual infringement statements is staying  constant.  – Any news on DPA actions seem to increase the volume of complaints further.

There’s much more information in Ricard Martinez’ post, and I encourage you to read more at http://www.phaedra-project.eu/the-challenge-of-the-enforcement-in-the-proposal-for-a-general-data-protection-regulation-2/