“Germany will become a world leader in autonomous driving. We are setting the pace for this: With our new law, we are becoming an international pioneer and putting an end to cumbersome individual permits,” says German Federal Transport Minister Andreas Scheuer.

The proposed regulation, still requiring approval by the Bundestag and the Bundesrat, contemplates regulation

Data Protection Authorities in the German states of Lower Saxony, North Rhine-Westphalia, Hesse, Hamburg and Brandenburg have launched a large scale inquiry against media websites to examine the use of tracking techniques and specifically whether the cookie banners they apply on their respective websites meet the requirements for a voluntary and informed consent of the

The Data Protection Authority for the Rhineland-Palatinate in Germany suggests there is a need for legislation limiting the use of contact tracing data.

Anyone sitting in the beer garden should not later be questioned by the police with respect to an administrative offense or minor damage to property based on the fact that their name

Data that is initially collected for the purpose of protecting against infection and which must be provided by those affected prior to visiting restaurants, accommodations, leisure facilities or events and concerts, is used in many cases as part of police investigations if necessary. The possibility of law enforcement authorities using this data for their own

Germany’s  Datenschutzkonferenz (DSK) issues its guidance on Shrems II:

  • The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately.
  • Standard contractual clauses can continue to be used, but, depending on the result of the assessment of the data exporter, additional measures may be required.

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption

Google Analytics is in the crossfire in Germany.

The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.

At issue is whether deploying Google Analytics is possible without acquiring

The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access request.
The court also held that:
  • The information is not a trade secret since claims made by the plaintiff against his