Germany

noyb Sues Hamburg DPA over “Pay or OK” in Der Spiegel

Consent or Pay, Der Spiegel, GDPR, Germany, noyb |

noyb has filed a lawsuit against the Hamburg Data Protection Authority (DPA) after it approved the controversial ‘Pay or OK’ system used by DER SPIEGEL, which forces users to choose between consenting to data tracking or paying for a subscription. The Hamburg DPA’s decision, which took nearly three years, has been criticized for lack of impartiality, as the complainant was not consulted and critical facts were ignored.

noyb Sues Hamburg DPA over “Pay or OK” in Der Spiegel Read More »

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation

DORA, Germany |

On 8 July 2024, the German Federal Financial Supervisory Authority (BaFin) published guidelines for implementing the Digital Operational Resilience Act (DORA). These guidelines are intended to help supervised financial companies meet DORA requirements for ICT risk management and third-party ICT risk management. The guidelines cover governance, information risk management, IT operations, business continuity, project management, and operational security. They are aimed at banks and insurers under BaFin’s supervision and include minimum contract contents with ICT service providers. Effective 17 January 2025, these companies must comply with DORA’s comprehensive ICT risk management framework.

The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation Read More »

Bavarian Data Protection Authority Issues Joint Controllership Guidance

Bavarian Data Protection Authority Issues Joint Controllership Guidance

DPA guidance, GDPR, Germany, Joint controllership |

The Bavarian Data Protection Authority released new guidance on joint controllership under GDPR Article 26. This document clarifies the roles and responsibilities when two or more entities jointly determine the purposes and means of processing personal data. It aims to alleviate concerns and provide practical recommendations, emphasizing the legal necessity of a transparent agreement delineating each party’s obligations. This guidance helps entities navigate the complexities of shared data responsibilities, enhancing accountability and transparency in data processing activities.

Bavarian Data Protection Authority Issues Joint Controllership Guidance Read More »

Scroll to Top