Photo of Ana Bruder

Ana Hadnes Bruder is an associate in the Litigation & Dispute Resolution and Intellectual Property practices of the Frankfurt office.

Ana is a registered lawyer in Germany, Brazil and Portugal and has nearly 10 years of international experience as legal counsel. Before joining Mayer Brown, Ana gained experience representing foreign clients in judicial proceedings in Brazil and also worked as in-house counsel for a leading French company in the tourism sector in Paris, where she worked with litigation, intellectual property, internal compliance and expansion projects in Europe and Brazil. Other than German and her mother language Portuguese, she speaks English, French, Italian and Spanish.

Ana represents clients in litigation and arbitration procedures involving commercial, intellectual property, liability and antitrust matters. In the field of intellectual property, Ana provides guidance in the field of data protection and advises clients regarding trademark and patent infringement proceedings, acquisition and licensing of IP rights, research and development and cooperation agreements, including any antitrust aspects involved.

Foi publicada hoje a Medida Provisória 869/2018, emitida ontem pelo Presidente Michel Temer. A Medida Provisória cria a Autoridade Nacional de Proteção de Dados e aumenta o prazo de vacatio legis para a entrada em vigor da Lei Geral de Proteção de Dados (“LGPD”) de 18 para 24 meses após a sua publicação, ocorrida em 15 de agosto de 2018 (alteração do artigo 65 da LGPD pela Medida Provisória 869/2018). Continue Reading Presentes de Natal tardios: uma Autoridade Nacional de Proteção de Dados e mais tempo para se adequar à LGPD

Breaking news: the Brazilian President Michel Temer issued yesterday and had published today the so-called “Provisory Measure” No. 869/2018 (Medida Provisória, a norm issued by the President alone, usually reserved for urgent and relevant matters) to amend the New Brazilian Data Privacy Law (Lei Geral de Proteção de Dados, “LGPD”). With this measure, the President created a National Data Protection Authority and determined that the LGPD shall Continue Reading Late Christmas Gifts from Brazil’s President: A National Data Protection Authority and 6 Additional Months to Get Compliant with Brazil’s Privacy Law

The year 2018 is coming to a close. Among other things, it has brought us a new FIFA world champion, royal weddings and some other joyful things like the EU General Data Protection Regulation (GDPR). The latter could arguably cool one’s Holiday spirit—at least in some cases. For example, reportedly, the annual wish list campaign of the City of Roth, Germany, was intitally cancelled due Continue Reading Corporate Holiday Cards: The GDPR Nightmare Before Christmas?

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation Continue Reading Data Protection Authority Imposes First GDPR Non-Compliance Fine in Germany

On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of Continue Reading Data Protection Authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

In Germany, companies offering security-related services have to provide to the Federal Financial Supervisory Authority (Bundesanstalt für Finanzaufsicht, “BaFin”) information regarding the identity of staff responsible for, inter alia, providing investment advice (Section 87 of the German Securities Trading Act, “WpHG”). That personal data is kept in an internal BaFin database . Continue Reading German Financial Supervisory Authority May Refuse GDPR Requests for Erasure of Personal Data of Investment Advisors

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on Continue Reading Doctors Cannot Refuse Treatment Because Patient Refuses to Sign GDPR Information Documents

On 16 July 2018, the District Court of Gießen, Germany, ruled that a custodian’s representation rights also cover consent to data processing activities related to the person under custodianship. Under the EU General Data Protection Regulation (GDPR), the processing of personal data is, in principle, prohibited unless there is a legal basis for such processing. Pursuant to Art. 6 para. 1 lit. a) GDPR, one possible legal basis is the data subject’s consent. However, the legitimacy of a declaration of consent may be in doubt if Continue Reading German Court Issues GDPR Ruling on Data Subject’s Consent for Persons Under Custodianship

According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR. Continue Reading German Legislature Announces Plans to Prevent Abusive GDPR Cease-And-Desist-Letters

Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons). Continue Reading Deutsche Gesetzesinitiativen wollen rechtsmissbräuchliche DSGVO-Abmahnungen verhindern