In a decision on immaterial damages under Article 82 of the EU General Data Protection Regulation (GDPR), the Higher Regional Court of Dresden, Germany (case number 4 U 940/24), set out important monitoring and auditing obligations of controllers with respect to their processors.
The controller (defendant) operates an online music
Continue Reading Germany: Monitoring and auditing obligations of controllers with respect to their processors
On April 9, 2025, the coalition agreement of the future German Federal Government, consisting of the three German parties CDU, CSU and SPD, was published. The document entitled “Responsibility for Germany” contains several plans, including some that may fundamentally change the German data protection supervisory authority structure and that aim to ease the regulatory burden
Continue Reading Germany: New government plans to centralize data protection supervision and reduce regulation for small and medium-sized companies
In its judgement of November 18, 2024 (case number VI ZR 10/24) the German Federal Court of Justice (Bundesgerichtshof – “BGH”) clarified key legal issues regarding claims for damages under Article 82 GDPR in the event of a mere loss of control of personal data in the Facebook scraping complex. This blog
Continue Reading Germany: Update: Judgment on Non-Material Damages for Loss of Control over Personal Data
On November 18, 2024, the German Federal Court of Justice (Bundesgerichtshof – “BGH”) made a (to date unpublished) judgment under the case number VI ZR 10/24 regarding claims for non-material damages pursuant to Art. 82 GDPR, due to the loss of control over personal data.
The judgment is based on a personal
Continue Reading Germany: Judgment on Non-Material Damages for Loss of Control over Personal Data
Introduction
In its judgement of 04 October 2024 (C-21/23), the European Court of Justice (“ECJ”, “Court”) ruled, that the provisions of Chapter VIII of the GDPR, do not preclude national rules which grant undertakings the right to rely, on the basis of the prohibition of acts of unfair competition
Continue Reading EU: ECJ rules that competitors are entitled to bring an injunction claim based on an infringement of the GDPR.Introduction
Identifiability; what can amount to personal data; and joint controllership are some of the issues addressed by the Court of Justice of the European Union (CJEU) in its recent judgment in the IAB Europe case (C-604/22). This case concerned the use of personal data for online advertising purposes and the use
Continue Reading CJEU ruling clarifies data protection and e-privacy issues in the ad-tech spaceAuthors: James Clark and Verena Grentzenberg
The Court of Justice of the European Union (CJEU) has delivered an important judgment on the scope and interpretation of the ‘automated decision-making’ framework under the GDPR. It is a decision that could have significant implications for service providers who use algorithms to produce automated scores, profiles
Continue Reading EU: Significant new CJEU decision on automated decision-making
The European Data Protection Board has published new guidelines (14 November 2023) on the scope of Article 5(3) of the e-Privacy Directive – i.e., the so-called ‘cookie rule’.
These guidelines apply a maximalist interpretation to the cookie rule, meaning that a wide variety of technologies other than traditional cookies are, in the opinion of the
Continue Reading EU: New EDPB guidelines on the scope of the ‘cookie rule’
