Turning Point in Data Protection Law

RA Dr. Thomas Kahler FAIT-Recht

doi:10.5771/9783748921561

Summary

„Turning Point in Data Protection Law“ enthält Beiträge aus den ersten beiden Jahren der DS-GVO des DPOblog.eu. Die Themen erstrecken sich von den neuen Grundlagen der DS-GVO über die aktuellen Entscheidungen des EuGH bis zu den ersten Rechtsverfahren von Max Schrems.

Search publication

Bibliographic data

Copyright year: 2020
ISBN-Print: 978-3-8487-6909-4
ISBN-Online: 978-3-7489-2156-1
Publisher: Nomos, Baden-Baden
Language: English
Pages: 194
Product type: Edited Book

Titelei/Inhaltsverzeichnis No access Pages 1 - 10
Thomas Kahler
1. 25 April 2018 No access Thomas Kahler
Thomas Kahler
1. 25 April 2018 No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. A consent shall not be conditional No access Thomas Kahler
  2. 2. Consent shall be given in a separate way for any single purpose No access Thomas Kahler
  3. 3. Consent shall be given separately for any data processing operation No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Facts and legal background No access Thomas Kahler
  2. 2. The statement of the German DPAs with pro and contra No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Origin and transformation of Accountability No access Thomas Kahler
  2. 2. Accountability and liability No access Thomas Kahler
  3. 3. How to comply with Accountability? No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Facts No access Thomas Kahler
  2. 2. The legal arguments of Max Schrems No access Thomas Kahler
  3. 3. Are Max Schrems arguments convincing? No access Thomas Kahler
  4. 4. Are Facebook and Google wilfully infringing GDPR? No access Thomas Kahler
  5. 5. What powers does GDPR provide to the DPAs? No access Thomas Kahler
  6. 6. How the DPA of Hamburg would decide the WhatsApp case No access Thomas Kahler
  7. 7. Conclusion No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Facts and procedure No access Thomas Kahler
  2. 2. The decision of ECJ No access Thomas Kahler
  3. 3. Joint liability of fan pages with Facebook No access Thomas Kahler
  4. 4. Fan pages bearing risk to be fined No access Thomas Kahler
  5. 5. Conclusion No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Facts and procedure No access Thomas Kahler
  2. Thomas Kahler
    1. a. Processing of personal data No access Thomas Kahler
    2. b. ‘Data processing on behalf’ or ‘transmission’? No access Thomas Kahler
    3. c. Legitimate interest as a legal basis for transmission? No access Thomas Kahler
2. Thomas Kahler
  1. 3. Will the final decision be valid under GDPR? No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Requirements of ‘data processing on behalf’ No access Thomas Kahler
  2. 2. Parent company as ‘data processor’? No access Thomas Kahler
  3. 3. Exemption of GDPR-requirements for data exchange within a group? No access Thomas Kahler
  4. 4. Risk of breach No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. Thomas Kahler
    1. a. Performance of a contract No access Thomas Kahler
    2. b. Legitimate interest No access Thomas Kahler
    3. c. Consent No access Thomas Kahler
    4. d. Intentional infringement by Google No access Thomas Kahler
  2. 2. What is the reaction of the data protection watchdog? No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Statement of German DPAs No access Thomas Kahler
  2. 2. Consequences of the statement No access Thomas Kahler
  3. 3. Legal background No access Thomas Kahler
  4. 4. Legal opinion No access Thomas Kahler
  5. 5. Will the consistency mechanism apply? No access Thomas Kahler
Peter Schaar
1. Peter Schaar
  1. 1. Substance of the decision No access Peter Schaar
  2. 2. Assessment No access Peter Schaar
Thomas Kahler
1. Thomas Kahler
  1. 1. Legal background No access Thomas Kahler
  2. 2. Assessment No access Thomas Kahler
  3. 3. Conclusion No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Notification of data breaches No access Thomas Kahler
  2. 2. Powers of the DPA No access Thomas Kahler
  3. 3. Appropriate technical and organisational measures No access Thomas Kahler
  4. 4. Criteria for the amount of fines No access Thomas Kahler
  5. 5. What about class action? No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Facts No access Thomas Kahler
  2. Thomas Kahler
    1. a) Software maintenance as data processing No access Thomas Kahler
    2. b) Microsoft becomes controller No access Thomas Kahler
    3. c) No legal basis for data transfer to Microsoft No access Thomas Kahler
  3. 3. Dutch Government liable for 'data breach of Microsoft' No access Thomas Kahler
  4. 4. Conclusion No access Thomas Kahler
Lukas Lezzi, Jutta Sonja Oberlin
1. Lukas Lezzi, Jutta Sonja Oberlin
  1. 1. Introduction No access Lukas Lezzi, Jutta Sonja Oberlin
  2. Lukas Lezzi, Jutta Sonja Oberlin
    1. 2.1 Controller No access Lukas Lezzi, Jutta Sonja Oberlin
    2. 2.2 Processor No access Lukas Lezzi, Jutta Sonja Oberlin
  3. Lukas Lezzi, Jutta Sonja Oberlin
    1. 3.1 Term No access Lukas Lezzi, Jutta Sonja Oberlin
    2. 3.2 Intra-Group relationship No access Lukas Lezzi, Jutta Sonja Oberlin
  4. Lukas Lezzi, Jutta Sonja Oberlin
    1. 4.1 Formal requirements No access Lukas Lezzi, Jutta Sonja Oberlin
    2. Lukas Lezzi, Jutta Sonja Oberlin
      1. 4.2.1 Allocation of functions within the data processing No access Lukas Lezzi, Jutta Sonja Oberlin
      2. 4.2.2 Regulation of data subjects’ rights No access Lukas Lezzi, Jutta Sonja Oberlin
      3. 4.2.3 Regulation of other duties No access Lukas Lezzi, Jutta Sonja Oberlin
    3. 4.3 Transparent communication of the substance of the agreement No access Lukas Lezzi, Jutta Sonja Oberlin
  5. 5. Practical example for an intra-group joint controllership No access Lukas Lezzi, Jutta Sonja Oberlin
  6. 6. Conclusion No access Lukas Lezzi, Jutta Sonja Oberlin
Katarina Barley
1. Katarina Barley
  1. A faster, better and cheaper way of enforcing consumer rights No access Katarina Barley
  2. How does the “one for all lawsuit” work? No access Katarina Barley
  3. Specific details on the “one for all lawsuit”: No access Katarina Barley
Thomas Kahler
1. Thomas Kahler
  1. 1. Landmark decision of the German Anti-trust Authority No access Thomas Kahler
  2. 2. The decision of Bundeskartellamt (German Anti-trust Authority) No access Thomas Kahler
  3. 3. Assessment No access Thomas Kahler
  4. 4. Conclusion No access Thomas Kahler
Matthias C. Kettemann
1. Matthias C. Kettemann
  1. Norms for the hardware No access Matthias C. Kettemann
  2. The normative order of the internet and national legal orders No access Matthias C. Kettemann
  3. There is order No access Matthias C. Kettemann
Thomas Kahler
1. Thomas Kahler
  1. 1. No consent without choice No access Thomas Kahler
  2. 2. Consent shall be specific for different purposes No access Thomas Kahler
  3. 3. Assesment No access Thomas Kahler
Winfried Bausback
1. 13 April 2019 No access Winfried Bausback
Thomas Kahler
1. Thomas Kahler
  1. 1. Does national law or EU-law apply? No access Thomas Kahler
  2. 2. Regulation (EEC, EURATOM) No 1182/71 No access Thomas Kahler
  3. Thomas Kahler
    1. 3.1. Start and end of 72 hours period No access Thomas Kahler
    2. 3.2. Notice period on weekend No access Thomas Kahler
  4. 4. Assessment No access Thomas Kahler
Tobias Jaquemain
1. Tobias Jaquemain
  1. I. Regulatory mechanisms are only complementary No access Tobias Jaquemain
  2. Tobias Jaquemain
    1. Tobias Jaquemain
      1. a) Material damage No access Tobias Jaquemain
      2. Tobias Jaquemain
        aa) Missing assessment criteria in data protection law No access Tobias Jaquemain
        bb) Violation of data protection = unauthorised commercialisation of personal data? No access Tobias Jaquemain
        cc) Assessment criteria for violations of privacy resulting from data protection violations No access Tobias Jaquemain
  3. III. Conclusion No access Tobias Jaquemain
Alexander Golland
1. Alexander Golland
  1. 1. Legal basis for personalised advertising No access Alexander Golland
  2. 2. The Concept of “Paid Alternative Access” No access Alexander Golland
  3. 3. Pricing the “Paid Alternative Access” No access Alexander Golland
  4. 4. Conclusion No access Alexander Golland
Thomas Kahler
1. Thomas Kahler
  1. 1. Proceeding: joint controller and consent No access Thomas Kahler
  2. 2. Class action: new option for consumer agencies No access Thomas Kahler
  3. 3. Assessment No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Role of DPO according to GDPR No access Thomas Kahler
  2. 2. Limits of DPOs independence No access Thomas Kahler
  3. 3. DPO at risk No access Thomas Kahler
  4. 4. How to empower the DPO No access Thomas Kahler
  5. 5. DPO as a messenger of bad news No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. Thomas Kahler
    1. 1.1 'Clickbox No 1' No access Thomas Kahler
    2. 1.2 'Clickbox No 2' No access Thomas Kahler
  2. 2. Legal framework No access Thomas Kahler
  3. 3. The rationale of the ECJ No access Thomas Kahler
  4. 4. Assessment No access Thomas Kahler
Iheanyi Samuel Nwankwo
1. Iheanyi Samuel Nwankwo
  1. Background No access Iheanyi Samuel Nwankwo
  2. The Importance of the Whitelist No access Iheanyi Samuel Nwankwo
  3. Conclusion No access Iheanyi Samuel Nwankwo
Toshihiro Wada
1. Toshihiro Wada
  1. 1. Sensitivity of Japanese to the data protection No access Toshihiro Wada
  2. Toshihiro Wada
    1. Toshihiro Wada
      1. 2.1.1 Three Acts on the Protection of Personal Information No access Toshihiro Wada
      2. 2.1.2 Special data protection laws and guidelines No access Toshihiro Wada
    2. 2.2 Data protection in local authorities No access Toshihiro Wada
  3. Toshihiro Wada
    1. 3.1 Basic principle of the APPI No access Toshihiro Wada
    2. 3.2 OECD Privacy Guidelines No access Toshihiro Wada
  4. 4. Resume No access Toshihiro Wada
Peter Hense
1. Peter Hense
  1. Dresden Regional Court on Google Analytics No access Peter Hense
  2. 1. The facts of the case No access Peter Hense
  3. 2. The reasons No access Peter Hense
  4. Peter Hense
    1. 3.1 Data protection law does not end with the GDPR No access Peter Hense
    2. 3.2 “AnonymizeIp” is not all it’s cracked up to be No access Peter Hense
    3. 3.3 Indispensability of informed consent when using Google Analytics No access Peter Hense
    4. 3.4 Possible damages No access Peter Hense
  5. 4. Practical implications No access Peter Hense
Thomas Kahler
1. Thomas Kahler
  1. 1. Liability pursuant to European public liability law No access Thomas Kahler
2. a) Infringement of rights of individuals No access Thomas Kahler
3. b) The breach must be sufficiently serious No access Thomas Kahler
4. c) Direct causal link between the breach and the damage No access Thomas Kahler
5. d) Application of European public liability law No access Thomas Kahler
6. Thomas Kahler
  1. 2. Assessment No access Thomas Kahler
Thomas Kahler
1. Thomas Kahler
  1. 1. Internal Audit and DPO No access Thomas Kahler
  2. 2. Seperation of tasks between controller and DPO No access Thomas Kahler
  3. 3. Independent role of DPO and T-LoD No access Thomas Kahler
  4. 4. Internal Audit and the Accountability Principle No access Thomas Kahler
  5. 5. Assessment No access Thomas Kahler
Andreas Rohner, Gerald Trieb
1. Andreas Rohner, Gerald Trieb
  1. Double opt-in No access Andreas Rohner, Gerald Trieb
  2. Facts of the case No access Andreas Rohner, Gerald Trieb
  3. Legal framework No access Andreas Rohner, Gerald Trieb
  4. Decision of the DPA No access Andreas Rohner, Gerald Trieb
Thomas Kahler
1. Thomas Kahler
  1. 1. Does GDPR provide any adequate legal basis? No access Thomas Kahler
  2. 2. GDPR was not designed for a 'state of pandemic' No access Thomas Kahler
  3. 3. Law for the ‘state of pandemic' No access Thomas Kahler
  4. 4. Assessment No access Thomas Kahler
Alexander Golland, Jan-Peter Ohrtmann
1. Alexander Golland, Jan-Peter Ohrtmann
  1. The supervisory authorities on lawfulness of video surveillance No access Alexander Golland, Jan-Peter Ohrtmann
  2. ECJ ruling on private video surveillance No access Alexander Golland, Jan-Peter Ohrtmann
  3. Video surveillance to detect and prevent criminal offences No access Alexander Golland, Jan-Peter Ohrtmann
  4. Sensitive data and information obligations No access Alexander Golland, Jan-Peter Ohrtmann
  5. Impact on practice No access Alexander Golland, Jan-Peter Ohrtmann
Jutta Sonja Oberlin
1. Jutta Sonja Oberlin
  1. Risk Assessments under the GDPR No access Jutta Sonja Oberlin
  2. The usage of location data No access Jutta Sonja Oberlin
  3. Decentralized Privacy-Preserving Proximity Tracing No access Jutta Sonja Oberlin
  4. Anonymization vs. pseudonymization No access Jutta Sonja Oberlin
  5. Conclusio No access Jutta Sonja Oberlin
Author directory No access Pages 187 - 194