Data protection news

The European Court of Justice (ECJ) has sentenced Germany to pay a fine of 34 million euros for inadequate implementation of whistleblower* protection. The EU requirements were not implemented on time.

Luxembourg. Germany must...

ECJ judgement / Data protection authorities must take all complaints seriously - even in the case of mass requests. The European Court of Justice (ECJ) has now ruled that authorities may only reject complaints if there is evidence...

In 2024, the EU adopted the new AI Regulation, which came into force on July 21. In terms of content, it deals with various regulations on dealing with artificial intelligence, which must now be implemented in stages.

This...

In 2025, the European Data Protection Board (EDPB) will focus on the implementation of the right to erasure under Art. 17 of the General Data Protection Regulation (GDPR) as part of the Coordinated Enforcement Framework (CEF)....

The issues surrounding the transfer of data to the USA have been known for a long time and are subject to constant fluctuations. As soon as political changes occur, this has always had an impact on the agreements at the time in...

The IT security situation in Germany remains tense - as shown by the 2024 situation report from the Federal Office for Information Security (BSI). Cyber criminals are acting increasingly professionally, critical vulnerabilities in...

Fraudsters use manipulated QR codes to obtain money or personal data. They paste over genuine codes on car park ticket machines and charging points or forge bank letters. The consumer advice centres warn of the increasing danger...

A customer felt harassed by an email and demanded 500 euros in compensation for an alleged GDPR violation. However, the Federal Court of Justice (BGH) dismissed the claim.

The customer had purchased a letterbox sticker from an...

A user of a darknet forum claims in Russian to have over 20 million access data to OpenAI accounts. He is offering sample data with email addresses and passwords for sale, reports GbHackers.

The alleged amount of data alerted...

IT researchers have observed a botnet with over 130,000 infected systems carrying out password spraying attacks on Microsoft 365 accounts. The mass testing of user password combinations enables access to poorly secured accounts.

...

The official recipe forum of the Thermomix manufacturer Vorwerk has fallen victim to a data leak. Criminals gained access to the data of 3.3 million users and then offered it for sale on the darknet.

International forums affected...

Stricter regulations for artificial intelligence (AI) have been in force in the EU since 2 February. The AI Act not only affects large tech companies, but also small and medium-sized enterprises (SMEs) that use or develop AI.

The European Court of Justice (ECJ) has ruled that asking people's gender when purchasing a ticket is in breach of the GDPR. According to the principle of data minimisation, only data that is objectively necessary to provide the...

In 2024, the EU adopted the new AI Regulation, which came into force on July 21. In terms of content, it deals with various regulations on dealing with artificial intelligence, which must now be implemented in stages.

This...

The Barrierefreiheitsstärkungsgesetz (BFSG), which comes into force on June 28, 2025, sets binding requirements for the accessibility of products and services. It is based on EU Directive 2019/882 (European Accessibility Act) and...

Advances in artificial intelligence (AI) are not only revolutionizing technology but also posing entirely new challenges for cybersecurity. One particularly alarming development is the use of AI to create malware. Using AI,...

The economy is subject to constant change and companies are often faced with unforeseeable challenges. In times of economic fluctuation, be it an economic upturn or a recession, it may be necessary for companies to review and...

“Gender identity of the customer is not required information for the purchase of a ticket”

On January 7, 2025, the European Court of Justice ruled that the inclusion of the title “Mrs.” or “Mr.” in the course of an online ticket...

NIS-2, the EU's new binding cybersecurity directive, will be implemented from October 17, 2024. On this date, the member states are obliged to create and apply the necessary measures to comply with the directive. In Germany, this...

The European Commission is planning a significant revision of the Standard Contractual Clauses (SCCs) that govern international data transfers. These new regulations are expected to come into force in 2025 and respond to current...

The following case proves that data transfer to the USA still requires special attention despite the EU-U.S. Data Privacy Framework.

The Dutch Data Protection Authority (DPA) has fined Uber 290 million euros. The background to...

An interesting case, which only life can write, was recently decided by the Düsseldorf Regional Labour Court. This case concerns a number of interesting...

GINDAT would like to draw your attention once again to Section 79a of the Works Constitution Act (BetrVG), which came into force in 2021. This states that the employer is responsible for the implementation of data protection...

We would like to draw the attention of all our customers who are involved in the letting of residential property to the fact that the DSK has issued a current guidance document on obtaining tenant self-disclosures.

In principle,...

On 14 May 2024, the Telemedia Act (TMG) was replaced by the Digital Services Act (DDG). In addition, the Telecommunications Telemedia Data Protection Act (TTDSG) is now the Telecommunications Digital Services Data Protection Act...

The new version of the TISAX VDA ISA catalogue is now available. This updated version contains extended requirements that are aligned with the latest security standards. Companies are advised to familiarise themselves with the new...

Introduction

The AI Act, which was passed on 21 May 2024, is the world’s first law on the regulation of artificial intelligence. It is expected that many industries will have to deal intensively with this regulation in the...

B) Risk-based approach of the AI Regulation

As already described in the Overview of the AI Regulation Part 1, the AI Regulation follows a risk-based approach.This means that the degree of regulation depends on the severity of the...

NIS2UmsuCG – a complicated-sounding string of letters – is coming our way this year and translates as the NIS 2 Implementation and Cyber Security Strengthening Act.

It is estimated that the law will affect at least 30 thousand...

The planned EU supply chain law has overcome a decisive hurdle: Despite resistance from the German government, a majority of EU countries support the law to protect human rights. It is intended to ensure that European companies...