According to recent press reports, the German data protection authorities have agreed on a new way to calculate administrative fines under the General Data Protection Regulation (“GDPR”). The new scoring model, which has not yet been officially published, could make fines of tens of millions of euros a reality in Germany. In contrast to their French and UK counterparts, Germany’s data protection authorities have so far been more restrictive in imposing GDPR fines.
Continue Reading German Data Protection Authorities Agree on New GDPR Fining Model

On 4 June 2019, the German Federal Court of Justice upheld a ruling by the German Federal Patent Court in which the latter court denied an application for a compulsory license under a patent related to the treatment of cholesterol-related disorders (Case X ZB 2/19). This decision is in line with previous German jurisprudence that has, with a few exceptions, been restrictive to grant compulsory licenses.
Continue Reading German Federal Court of Justice Denies Compulsory License on Anti-Cholesterol Drug Patent

After several months of delay and heated political discussion among all German parties about the scope of protection regarding journalists, whistleblowers and employees, the German parliament adopted the Federal Government’s draft Trade Secrets Act on 21 March 2019. This act implements Directive (EU) 2016/943 of the European Parliament on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure into national German law with the aim of establishing a homogenous protection of trade secrets.
Continue Reading Germany Introduces New Trade Secrets Act Which Imposes Extensive Preventive Measures on Companies

On 20 December 2018, the German Federal Court of Justice confirmed that photographs of public domain paintings ‎are, in principle, protected by a copyright-related right in section 72 of the German Copyright Act (Case No. I ZR 104/17). The case involved a request to take down several pictures hosted on Wikimedia Commons—an online database of works distributed under Creative Commons licenses—as public domain images. All pictures featured art on display at the Reiss Engelhorn Museum in Mannheim, Germany.
Continue Reading German Federal Court of Justice Confirms Copyright in Photographs of Public Domain Paintings

On 13 February 2019, the data protection officer for the German state of Baden-Wuerttemberg published a guideline on password security under the EU General Data Protection Regulation (GDPR). The guideline aims to advise data controllers (e.g., service providers, administrators) on how to set up effective password policies and securely store passwords, and data subjects (users) on how to choose secure passwords.
Continue Reading German Data Protection Authority Publishes Guideline on GDPR Requirements for Passwords

According to recent press reports, since the EU General Data protection Regulation (GDPR) came into force in May 2018, German data protection authorities have issued 41 GDPR-related fines. The highest fine in a single case is reported to have been EUR 80,000, and the majority of fines (33) originated from the state of North-Rhine Westphalia.
Continue Reading 41 GDPR Fines Issued by German Data Protection Authorities

The year 2018 is coming to a close. Among other things, it has brought us a new FIFA world champion, royal weddings and some other joyful things like the EU General Data Protection Regulation (GDPR). The latter could arguably cool one’s Holiday spirit—at least in some cases. For example, reportedly, the annual wish list campaign of the City of Roth, Germany, was intitally cancelled due
Continue Reading Corporate Holiday Cards: The GDPR Nightmare Before Christmas?

On 21 November 2018, the data protection authority of Baden-Württemberg, Germany (the “authority”) imposed a fine of EUR 20,000 against a German social media provider (the “company”) for failing to encrypt user passwords. The authority’s decision marks the first time that a fine was imposed on a company for violating the European General Data Protection Regulation
Continue Reading Data Protection Authority Imposes First GDPR Non-Compliance Fine in Germany

On 7 November 2018, the data protection authority of the Free State of Bavaria, Germany, issued a press release that, now that the European General Data Protection Regulation (GDPR) has been in effect for six months, the authority will intensify its GDPR compliance monitoring. The Bavarian data protection authority is responsible for monitoring GDPR compliance in the state of
Continue Reading Data Protection Authority of Bavaria, Germany, Intensifies GDPR Compliance Monitoring

In Germany, companies offering security-related services have to provide to the Federal Financial Supervisory Authority (Bundesanstalt für Finanzaufsicht, “BaFin”) information regarding the identity of staff responsible for, inter alia, providing investment advice (Section 87 of the German Securities Trading Act, “WpHG”). That personal data is kept in an internal BaFin database .
Continue Reading German Financial Supervisory Authority May Refuse GDPR Requests for Erasure of Personal Data of Investment Advisors