On 14th September, the German data protection authorities (“DPAs”), gathering in the so called “circle of Düsseldorf”, issued a non-binding opinion (pdf, German) on the question of the lawfulness of consents under the looming General Data Protection Regulation (“GDPR”), which were obtained under the conditions of the current legal framework. Continue reading →
The fundamental right to the protection of personal data as enshrined in Art. 8 (1) of the Charter of Fundamental Rights of the European Union (PDF) as well as the right to informational self-determination, derived from Art. 2 (1) and 1(1) of the German Constitution are not exclusive right of adults. Also children’s personal data are protected by these fundamental rights and consequently by the European Data Protection Directive (Directive 95/46/EC) or the respective national laws.
But if it comes to the practical compliance for companies, for example if you want to develop an app for children, European data protection laws currently will leave providers alone with an answer to the question, when a consent by minors might serve as the legal basis for the processing of their data. Continue reading →
Contrary to what had been the understanding before, the ICO in its capacity as data privacy watchdog in the UK has now declared in his guidance (download it here) that implied consent – if actually given – is just as valid a form of consent as explicit consent. That is not to say that website owners can simply continue to as before. When you read through the ICO’s advice on how implied consent may be brought about, it becomes quite clear that there really is not much difference from what the website owner must do to obtain explicit consent. Continue reading →
The (Draft) General Data Protection Regulation being a Regulation it not only aims at fully harmonizing the field of law it covers (as some Directives do) but would achieve that goal by simply being the (only) directly applicable law as far as its reach goes. Plus the Commission’s “empowerment to adopt delegated acts”, of course, which is a rather intriguing idea from a democracy point of view. But that’s another story.
One of the very few areas where the member states are given a certain amount of legislative leeway is set forth in Art. 82 of the Draft Regulation. Continue reading →
As reported by DataGuidance, the UK Information Commissioner the enforcement of the “cookie law” will be “pragmatic and realistic” in the UK. “Pragmatic” and realistic”: Sounds good doesn’t it? Doesn’t sound very German, though, does it? As explained here, the cookie situation in Germany is still unresolved, largely due to the (my take on the matter) inability to come up with a draft for transforming the Directive’s into German law that provides for a workable solution the problem. It seems that at least the current government feels uncomfortable to pass a law the wording of which would effectively rule out a good portion of how websites work today.
Even more interestingly, in the same DataGuidance post they report that the French Data Protection Authority (CNIL) will exempt analytics cookies from the new requirement of prior consent. Continue reading →
As we are quickly moving towards Germany’s 1st anniversary of non-compliance with the infamous “EU Cookie Directive“, one would expect the legislator to really make a push to get something on paper, right? Well, not so. In fact, there isn’t even a legislative silver lining anywhere to be seen. We have witnessed one draft of a change to the “Telemedia Act” (the place where any transforming the EU’s wisdom into German law would take place) submitted by the federal state of Hessen last year that no one has really talked much about, and one draft submitted by the current opposition in the Bundestag that has now been rebuffed on committee level without before even getting a proper hearing in parliament – without spoiling us by publishing any reasons for the government’s stance, sadly. That said, that’s all good news, really. Continue reading →