On 20 December 2018, the German Federal Court of Justice confirmed that photographs of public domain paintings ‎are, in principle, protected by a copyright-related right in section 72 of the German Copyright Act (Case No. I ZR 104/17). The case involved a request to take down several pictures hosted on Wikimedia Commons—an online database of works distributed under Creative Commons licenses—as public domain images. All pictures featured art on display at the Reiss Engelhorn Museum in Mannheim, Germany. Continue Reading German Federal Court of Justice Confirms Copyright in Photographs of Public Domain Paintings

On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords. Continue Reading German Data Protection Authority Publishes Guideline on GDPR Requirements for Passwords

According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia. Continue Reading 41 GDPR Fines Issued by German Data Protection Authorities

On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations. Continue Reading EDPB Issues Note on Data Transfers to the UK in the Event of a No-Deal Brexit

Regulation (EU) 2019/5, which was published a few days ago in the Official Journal of the European Union, amends the EU pharmaceutical legal framework by firstly complementing new Regulation 2019/6 on veterinary products that repeals Directive 2001/82/EC on veterinary medicinal products and incorporating the provisions on veterinary products contained in Regulation 726/2004 (in particular, Articles 30 to 45), thereby Continue Reading New EU Regulation Extends Financial Penalties to Entities Beyond the Marketing Authorization Holder and Updates the Legal Framework for Medicinal Products for Human Use

On 23 January 2019, the European Commission (the “EU Commission”) authorized the free flow of personal data to Japan. This “adequacy decision,” issued jointly with a mirroring decision by the Japanese government, allows personal data to transfer between the European Union (the “EU”) and Japan freely and under strong guarantees of protection. The outcome of lengthy negotiations resulting in Japan strengthening its privacy rules to follow EU standards, Continue Reading Free Flow of Personal Data Between the European Union and Japan Starts Now

Foi publicada hoje a Medida Provisória 869/2018, emitida ontem pelo Presidente Michel Temer. A Medida Provisória cria a Autoridade Nacional de Proteção de Dados e aumenta o prazo de vacatio legis para a entrada em vigor da Lei Geral de Proteção de Dados (“LGPD”) de 18 para 24 meses após a sua publicação, ocorrida em 15 de agosto de 2018 (alteração do artigo 65 da LGPD pela Medida Provisória 869/2018). Continue Reading Presentes de Natal tardios: uma Autoridade Nacional de Proteção de Dados e mais tempo para se adequar à LGPD

Breaking news: the Brazilian President Michel Temer issued yesterday and had published today the so-called “Provisory Measure” No. 869/2018 (Medida Provisória, a norm issued by the President alone, usually reserved for urgent and relevant matters) to amend the New Brazilian Data Privacy Law (Lei Geral de Proteção de Dados, “LGPD”). With this measure, the President created a National Data Protection Authority and determined that the LGPD shall Continue Reading Late Christmas Gifts from Brazil’s President: A National Data Protection Authority and 6 Additional Months to Get Compliant with Brazil’s Privacy Law

The year 2018 is coming to a close. Among other things, it has brought us a new FIFA world champion, royal weddings and some other joyful things like the EU General Data Protection Regulation (GDPR). The latter could arguably cool one’s Holiday spirit—at least in some cases. For example, reportedly, the annual wish list campaign of the City of Roth, Germany, was intitally cancelled due Continue Reading Corporate Holiday Cards: The GDPR Nightmare Before Christmas?

On 1 November 2018, Hong Kong’s Securities and Futures Commission (“SFC”) issued a statement and circular that expanded its regulatory reach over virtual asset activities. Previously, the SFC’s position was that any activities related to virtual assets (e.g. cryptocurrencies, assetbacked tokens, virtual commodities, etc.) would only be subject to the Securities and Futures Ordinance (Cap. 571) if Continue Reading Hong Kong: Tightening the Reins on Cryptocurrency