Germany’s  Datenschutzkonferenz (DSK) issues its guidance on Shrems II:

  • The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately.
  • Standard contractual clauses can continue to be used, but, depending on the result of the assessment of the data exporter, additional measures may be required.

Per the German DSK (the Conference of Independent German Federal and State Data Protection Supervisory Authorities), emails need to be encrypted in order to meet the minimum requirements of Article 32 of the General Data Protection Regulation (GDPR).

This means:
  • TLS (transport layer encryption) at minimum
  • Additional measures like end-to-end encryption and qualified transport encryption

Google Analytics is in the crossfire in Germany.

The data protection authorities of the German states are being flooded with complaints, approximately 200,000 in number, regarding deployment of the Google Analytics service on websites in a manner which allegedly is in violation of GDPR.

At issue is whether deploying Google Analytics is possible without acquiring

The Higher Regional Court of Cologne Germany has held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to a data access request.
The court also held that:
  • The information is not a trade secret since claims made by the plaintiff against his

Does your company have a processing agreement with each service provider that handles personal information for you as required by the EU General Data Protection Regulation (GDPR)?

If you don’t, it may cost you 5,000 EUR per missing agreement – says the data protection authority of Hesse, Germany.

Following a complaint to the data protection

Privacy officials in Germany penned a position paper arguing that standard contract language and binding corporate rules do not adequately provide data protections necessary for legal U.S.-EU data flows. These two data transfer alternatives to Safe Harbor are not viable.

Binary code on the European continent from space, illustrating European Union data privacyThe German data protection authority (DPA) recommended a path of informed consent. U.S. companies should