28.01.2016

GDD: Inoffizielle Übersetzung der DS-GVO ins Deutsche

Deutsche Übersetzung der Datenschutz-Grundverordnung, allerdings "nur" der Artikel 1-45. 51-54, 75-79b, 91 (pdf, deutsch/englisch, nicht-amtlich), übersetzt von DATAKONTEXT in Zusammenarbeit mit Herrn Thomas Müthlein, GF der DMC und Mitglied im Vorstand der GDD

25.01.2016

Newsletter 01/2016 der österr. Datenschutzbehörde erschienen

Der "DSB-Newsletter" 01/2016 (pdf) der österreichischen Datenschutzbehörde (DSB) wurde am 11.1.2016 verschickt, auf der Website ist dieser jetzt auch verfügbar. Der Newsletter enthält u.a. Kurzbesprechungen der auch hier im Blog geposteten, rezenten datenschutzrechtlichen VfGH-Judikatur (§ 28 Abs 2 DSG 2000; § 67 Gentechnikgesetz und § 11a Abs. 1 Versicherungsvertragsgesetz), des Safe-Harbor Urteils des EuGH und einer Entscheidung des Bundesverwaltungsgerichts zum Auskunftsrecht versus erfolgter Löschung von Vorratsdaten (W214 2014069-1/15E).

22.01.2016

Working Papers on Mobile Location Tracking & Intelligent Video Analytics

The International Working Group on Data Protection in Telecommunications has issued the following papers:

  • Working Paper on Location Tracking from Communications of Mobile Devices (Berlin, 13./14. Oktober 2015), English, deutsch (pdf)
  • Working Paper on Intelligent Video Analytics (Berlin, 13./14. Oktober 2015), English, deutsch (pdf) 

19.01.2016

Art. 29 WP: Update of Opinion 8/2010 on applicable law in light of the CJEU judgement in Google Spain

Update of Opinion 8/2010 on applicable law in light of the CJEU judgement in Google Spain (WP 179 update; pdf):
[...] The judgement provides useful clarification on two aspects: first, the judgement makes it clear that the scope of current EU law extends to processing carried out by non-EU entities with a 'relevant' establishment whose activities in the EU are 'inextricably linked' to the processing of data, even where the applicability of EU law would not have been triggered based on more traditional criteria. Second, the judgement also confirms that - where there is an 'inextricable link' - according to Article 4(1)(a) of Directive 95/46/EC, there may be several national laws applicable to the activities of a controller having multiple establishments in various Member States. [...]

Art. 29 WP: Compliance with data protection and automatic exchange of personal data for tax purposes

Article 29 Working Party, Guidelines for Member States on the criteria to ensure compliance with data protection requirements in the context of the automatic exchange of personal data for tax purposes, adopted on 16 December 2015 (WP 234; pdf):
The purpose of these Guidelines is to ensure compliance with data protection requirements in the context of the automatic exchange, between competent authorities of different countries, of personal data for tax purposes.
The data protection authorities of the European Union, which are represented in the Article 29 Working Party (WP29), are examining the new trends at European and international level, including the introduction of mechanisms for the automatic cross-border exchange of personal data for tax purposes and their impact on privacy and data protection. [...]

OGH: Schadenersatz für Stalking-Opfer

OGH 15.12.2015, 8 Ob 129/15a (Beschluss) - Stalking (§§ 1328, 1328a):
Bei erheblichen Verletzungen der Privatsphäre hat der beharrlich Verfolgte gegen den Stalker Anspruch auf Entschädigung für die erlittene persönliche Beeinträchtigung.
Quelle: Pressemeldung OGH

ECHR: Surveillance of Internet usage in the workplace and Article 8

ECHR judgment 12.01.2016, application no. 61496/08, Bărbulescu v Romania
(my keywords: termination of the applicant’s employment contract due to personal use of employer's resources, surveillance of Internet usage in the workplace, no violation of Article 8 of the Convention)
Be sure not to miss the separate opinion of Judge Pinto de Albuquerque, it is worth reading.
Update: The Guardian on the "misinformed media storm"; ECHR press release (pdf); Die Presse

08.01.2016

BayLDA: Trilog-Synopse der DS-GVO

Im Dezember 2015 haben die Europäische Kommission, das Europäische Parlament und der Rat der Europäischen Union auf „Aufbauarbeitsebene“ im sog. Trilog-Verfahren die politische Einigung für das zukünftige Datenschutzrecht in Europa erzielt. Das Bayerische Landesamt für Datenschutzaufsicht (BayLDA) hat die ursprünglichen Entwürfe und das vorliegende Ergebnis in einer erweiterten Synopse (pdf, 655 Seiten) zusammengefasst.
Quelle: Bayerisches Landesamt für Datenschutzaufsicht (pdf); Anm.: Für archivarische Zwecke siehe die ursprüngl. Gegenüberstellung (DS-GVO-Entwurf Kommission vs. Parlament) des BayLDA hier.

Aus der (sehr brauchbaren) Synopse:
Diese Synopse soll zum einen einen Überblick über den aktuellen Stand des Gesetzgebungsverfahrens vermitteln, zum andern aber auch dokumentieren, auf welcher Basis die Trilogparteien zu dem gefundenen Ergebnis gekommen sind. Nach Veröffentlichung der deutschen Fassung der Datenschutz-Grundverordnung im Amtsblatt der Europäischen Union ist beabsichtigt, dieses Dokument fortzuschreiben und auch die letzte Spalte noch zu füllen.

EDPS issues guidelines on mobile devices and personal data/electronic communications

On 17 December 2015, the European Data Protection Supervisor (EDPS) published two sets of Guidelines for the EU institutions and bodies: one on personal data and electronic communications (eCommunications) and the other on personal data and mobile devices. These guidelines offer practical advice to organisations to integrate data protection principles in their management of email, internet and telephony for work purposes [...]
  • Guidelines on the protection of personal data in mobile devices used by European institutions (Mobile devices guidelines), 17 December 2015 (pdf)
  • Guidelines on personal data and electronic communications in the EU institutions (eCommunications guidelines), 16 December 2015 (pdf)
Source: EDPS press release; for older EDPS guidelines look here

07.01.2016

FTC Report: Big Data: A Tool for Inclusion or Exclusion?

FTC Report entitled "Big Data: A Tool for Inclusion or Exclusion? - Understanding the Issues" (pdf):
V. Conclusion
Big data will continue to grow in importance, and it is undoubtedly improving the lives of underserved communities in areas such as education, health, local and state services, and employment. Our collective challenge is to make sure that big data analytics continue to provide benefits and opportunities to consumers while adhering to core consumer protection values and principles. For its part, the Commission will continue to monitor areas where big data practices could violate existing laws, including the FTC Act, the FCRA, and ECOA, and will bring enforcement actions where appropriate. In addition, the Commission will continue to examine and raise awareness about big data practices that could have a detrimental impact on low-income and underserved populations and promote the use of big data that has a positive impact on such populations. Given that big data analytics can have big consequences, it is imperative that we work together—government, academics, consumer advocates, and industry—to help ensure that we maximize big data’s capacity for good while identifying and minimizing the risks it presents.
Source: FTC press release

ECHR: Updated factsheet on personal data protection (case law)

European Court of Human Rights (ECHR/EGMR): Factsheet – Personal data protection (case law of the ECHR; pdf), December 2015

Directive on the protection of trade secrets: full compromise achieved

Proposal for a Directive of the European Parliament and of the Council on the protection of undisclosed know-how and business information (tradesecrets) against their unlawful acquisition, use and disclosure - Analysis of the final compromise text with a view to agreement:
[...] 10. At the fourth informal trilogue meeting, which took place on 15 December, a full compromise was achieved. This compromise text is set out in detail in the Annex. [...]