On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of Continue Reading Data Protection Authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

In Germany, companies offering security-related services have to provide to the Federal Financial Supervisory Authority (Bundesanstalt für Finanzaufsicht, “BaFin”) information regarding the identity of staff responsible for, inter alia, providing investment advice (Section 87 of the German Securities Trading Act, “WpHG”). That personal data is kept in an internal BaFin database . Continue Reading German Financial Supervisory Authority May Refuse GDPR Requests for Erasure of Personal Data of Investment Advisors

On 5 September 2018, the German Data Protection Conference (Datenschutzkonferenz – “DSK) provided new guidance on the interpretation of Art. 13 of the General Data Protection Regulation (“GDPR”) in the context of medical treatment. The Data Protection Conference consists of all German data protection authorities meeting twice a year with the purpose of safeguarding data protection rights, providing guidance on Continue Reading Doctors Cannot Refuse Treatment Because Patient Refuses to Sign GDPR Information Documents

On 6 September 2018, the German Federal Patent Court denied an application for a (preliminary) compulsory license under a patent related to the treatment of cholesterol-related disorders to the Applicant, group companies of a French pharmaceutical company (Case 3 LiQ 1/18). This decision is in line with previous jurisprudence of the court that has, with very few exceptions, been Continue Reading German Federal Patent Court Denies Compulsory License on Anti-Cholesterol Drug Patent

On 16 July 2018, the District Court of Gießen, Germany, ruled that a custodian’s representation rights also cover consent to data processing activities related to the person under custodianship. Under the EU General Data Protection Regulation (GDPR), the processing of personal data is, in principle, prohibited unless there is a legal basis for such processing. Pursuant to Art. 6 para. 1 lit. a) GDPR, one possible legal basis is the data subject’s consent. However, the legitimacy of a declaration of consent may be in doubt if Continue Reading German Court Issues GDPR Ruling on Data Subject’s Consent for Persons Under Custodianship

Pursuant to the “license barrier” rule in Sec. 4j German Income Tax Act, newly introduced as of 1 January 2018, arm’s length business expenses of a company incurred for the right to use intellectual property (“IP”) and certain other rights are not fully deductible from the income tax base, if (i) the corresponding licensing income of the licensor is taxed at a rate lower than 25% (“Preferential Taxation”), (ii) this low tax rate is not the standard tax rate applicable in the respective jurisdiction Continue Reading Limited German Tax Deductibility of Low-Taxed License Payments Made to Related US Entities

According to media reports, the first cease-and-desist letters have been issued in relation to alleged violations of the EU General Data Protection Regulation (GDPR). The cease-and-desist letters seem to concern, inter alia, data protection declarations on websites. In particular, the letters seem to address specific website tools (e.g., Google Fonts, Like buttons) and whether their use and description in the data protection declaration is compliant with the GDPR. Continue Reading German Legislature Announces Plans to Prevent Abusive GDPR Cease-And-Desist-Letters

Aktuellen Presseberichten zufolge sind erste Abmahnungen aufgrund von behaupteten Verstößen gegen die EU Datenschutzgrundverordnung (DSGVO) ergangen. Die ergangenen Abmahnungen betrafen etwa Datenschutzerklärungen auf Web-Seiten; im Konkreten die datenschutzkonforme Einbindung und Beschreibung von bestimmten Tools (bspw. Google-Fonts, Like Buttons). Continue Reading Deutsche Gesetzesinitiativen wollen rechtsmissbräuchliche DSGVO-Abmahnungen verhindern

On 29 May 2018, only five days after the GDPR became applicable, the Regional Court of Bonn issued the first ruling applying the GDPR in Europe (file no. 10 O 171/18). The dispute involved the Internet Corporation for Assigned Names and Numbers (ICANN) and the ICANN-accredited registrar EPAG Domainservices GmbH (EPAG).

Continue Reading First Decision Applying the GDPR Issued by the Regional Court of Bonn (Germany)

Christian Wulff, a former German Federal President who resigned in February 2012, caught the attention of the public in May 2015 with his announcement that he was back together with his ex-wife Bettina Wulff. Following this, the press published a photograph of him pushing a cart at the parking lot of a supermarket next to his wife, Bettina Wulff. Mr. Wulff felt hurt in his right to privacy. He filed a lawsuit aiming to prohibit the publication of this private photo. In first and second instance Mr. Wulff was successful; the German Federal Court now overruled the previous decisions and decided that Mr. Wulff’s right to privacy were not infringed by the publication of the photo. Continue Reading The Right to Privacy of a Former Federal President