Weekly Data Privacy Alert - 14 September 2015
EU-US Data Protection “Umbrella Agreement” Finalised
The EU-US “umbrella agreement” has been agreed between EU and US negotiators, providing a data protection framework for personal data transfers for law enforcement and terrorism purposes. This agreement is intended to guarantee a high level of protection to personal data when it is transferred to law enforcement authorities in the US, and, in particular, provides that EU citizens will have the right to enforce their rights in their own personal data in US courts. The umbrella agreement has been initialled and will be formally signed once the US Congress has passed the Judicial Redress Bill.
ICO Provides Guidance on Preparing for the New EU Data Protection Regulations
The Information Commissioner’s Office (ICO) has provided preliminary guidance on the steps that UK businesses can take now to prepare for the forthcoming reforms to the European data protection legislation. The ICO anticipates that the Regulation will be adopted around June 2016 meaning that it will be in force from the latter half of 2018. The ICO recommends that businesses ensure they are compliant with the current legislation now and to start considering the impact to their line of business of the proposed legislation to ensure that they are prepared.
Conference of German Data Protection Officers Calls for Improvement of General Data Protection Regulation
In a recent statement, the Conference of the Data Protection Officers of the Bund and the Laender called for several improvements of the General Data Protection Regulation. The Conference appealed to the trilogue partners to pay particular attention to the following issues: data economy as a goal, no weakening of the principle of purpose limitation, requirement of express consent, no limitation of information rights, better limitation of profile building, obligatory appointment of data protection supervisors in all European state agencies and private companies as well as better control of data transfers to state agencies and courts in third countries. The General Data Protection Regulation should guarantee better, or at least the same, protection standards compared to now.
Higher Administrative Court: Advertising Calls Under the Pretext of a Satisfaction Survey Are Illegal
The Higher Administrative Court of Berlin-Brandenburg has ruled that surveys of subscriber satisfaction by telephone may not be used for obtaining consent to advertisement of other company products via telephone, email or sms, unless the subscriber consented to such a use of his or her telephone number when concluding the subscription. The Court hereby followed the ruling of the Administrative Court of Berlin and the Berlin Data Protection Officer, Dr. Alexander Dix, who had interdicted a media company from disguising advertising calls as a satisfaction survey.
Bavarian Data Protection Office: Company Sales Are Also About Data Protection
The Bavarian Data Protection Office announced that it has imposed a fine of tens of thousands of euros on the seller and the buyer of a Bavarian company (online shop) for breaching customers’ privacy rights. Thomas Kranig, the Office President, said that in the course of asset deals customers’ personal data was often being sold under breach of privacy law and that the Bavarian Office is going to impose fines also in further suitable cases in order to improve sensitivity on this issue. The Bavarian Office reminded that fines can amount to €300,000.