Photo of Ana Bruder

Ana Hadnes Bruder is an associate in the Litigation & Dispute Resolution and Intellectual Property practices of the Frankfurt office.

Ana is a registered lawyer in Germany, Brazil and Portugal and has nearly 10 years of international experience as legal counsel. Before joining Mayer Brown, Ana gained experience representing foreign clients in judicial proceedings in Brazil and also worked as in-house counsel for a leading French company in the tourism sector in Paris, where she worked with litigation, intellectual property, internal compliance and expansion projects in Europe and Brazil. Other than German and her mother language Portuguese, she speaks English, French, Italian and Spanish.

Ana represents clients in litigation and arbitration procedures involving commercial, intellectual property, liability and antitrust matters. In the field of intellectual property, Ana provides guidance in the field of data protection and advises clients regarding trademark and patent infringement proceedings, acquisition and licensing of IP rights, research and development and cooperation agreements, including any antitrust aspects involved.

Foi publicada hoje a Medida Provisória 869/2018, emitida ontem pelo Presidente Michel Temer. A Medida Provisória cria a Autoridade Nacional de Proteção de Dados e aumenta o prazo de vacatio legis para a entrada em vigor da Lei Geral de Proteção de Dados (“LGPD”) de 18 para 24 meses após a sua publicação, ocorrida em 15 de agosto de 2018 (alteração do artigo 65 da LGPD pela Medida Provisória 869/2018).
Continue Reading

Breaking news: the Brazilian President Michel Temer issued yesterday and had published today the so-called “Provisory Measure” No. 869/2018 (Medida Provisória, a norm issued by the President alone, usually reserved for urgent and relevant matters) to amend the New Brazilian Data Privacy Law (Lei Geral de Proteção de Dados, “LGPD”). With this measure, the President created a National Data Protection Authority and determined that the LGPD shall
Continue Reading

The year 2018 is coming to a close. Among other things, it has brought us a new FIFA world champion, royal weddings and some other joyful things like the EU General Data Protection Regulation (GDPR). The latter could arguably cool one’s Holiday spirit—at least in some cases. For example, reportedly, the annual wish list campaign of the City of Roth, Germany, was intitally cancelled due
Continue Reading

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation
Continue Reading

On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of
Continue Reading

In Germany, companies offering security-related services have to provide to the Federal Financial Supervisory Authority (Bundesanstalt für Finanzaufsicht, “BaFin”) information regarding the identity of staff responsible for, inter alia, providing investment advice (Section 87 of the German Securities Trading Act, “WpHG”). That personal data is kept in an internal BaFin database .
Continue Reading

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on
Continue Reading

On 16 July 2018, the District Court of Gießen, Germany, ruled that a custodian’s representation rights also cover consent to data processing activities related to the person under custodianship. Under the EU General Data Protection Regulation (GDPR), the processing of personal data is, in principle, prohibited unless there is a legal basis for such processing. Pursuant to Art. 6 para. 1 lit. a) GDPR, one possible legal basis is the data subject’s consent. However, the legitimacy of a declaration of consent may be in doubt if
Continue Reading

According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR.
Continue Reading

Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons).
Continue Reading