The European Commission had previously indicated that it will review the provisions of the General Data Protection Regulation (GDPR) this year to see if any changes are needed in light of the experience of the past six years.

The business transfer inevitably impacts on employment relationships, a context in which the identity of the economic entity has been the subject of exhaustive analysis in recent case-law of the Court of Justice of the European Union (CJEU).

Under which circumstances are controllers and processors not required to maintain records of personal data processing activities? The Personal Data Protection Law, modeled on the GDPR, sets out exceptions to the obligation for organizations with fewer than 250 employees to keep processing records. While this acknowledges the characteristics of small and medium-sized enterprises, ensuring they are not unnecessarily burdened with additional costs, the number of employees is not the sole criterion for exemption from the record-keeping obligation.

When developing their models, AI providers use various data sets. Sometimes these are provided by their clients, as in the case of tailor-made chatbots, and sometimes the models are trained on licensed or even publicly available data.

CHG Rechtsanwaelte has launched a new practice group focusing on data and technology.

As we wrote in our earlier article, according to the decision made by the German data protection authority at the end of last year, the use of the “pay-or-okay” principle is generally allowed. This model involves a cookie notice (via a so-called cookie banner) on a website, giving the user the choice between: