How long may a credit bureau in Germany store information about a settled payment default? In a ruling with major practical relevance, the Higher Regional Court (OLG) of Munich held: a storage period of three years is, in principle, lawful and appropriate. The decision of April 11, 2025 (Ref. 14 U 3590/24) strengthens the position … Read more
Do you regularly use WhatsApp to exchange personal information? Then you should know that a new third party might be able to read along: Google’s “Gemini” artificial intelligence (AI). This development raises serious privacy questions and affects millions of Android users. What Happened? Google’s AI Integrates with WhatsApp Since early July 2025, Google’s Gemini assistant … Read more
If you rent addresses for direct marketing and use a lettershop, you could soon be considered a “joint controller” within the meaning of the GDPR—even if you never see the addresses. This radical legal view is taken by the Berlin data‑protection authority and could upend the entire practice of address trading. The Case: Targeted Advertising … Read more
Can a non-functioning email address for data-protection requests lead to a hefty fine? The Federal Administrative Court (BVerwG) in Austria has answered this with a clear “yes” and upheld a penalty of €15,000. The judgment of March 28, 2025 (ref. W298 2285480-1/10E) is an urgent wake-up call for all companies to take basic GDPR duties … Read more
May an online shop send newsletters automatically after the mere creation of an account? “No,” ruled the Regional Court (LG) Berlin II in a clear judgment. Automatically sending advertising emails without the user’s explicit consent is unlawful and violates competition law (LG Berlin II, judgment of January 28, 2025 – Ref. 102 O 61/24). The … Read more
Can you film or photograph your neighbor to document suspected illegal activity? A ruling by the District Court (Amtsgericht, AG) of Lörrach says: Not just like that! The General Data Protection Regulation (GDPR) sets strict limits. Here’s why the court prohibited the surveillance and what this means for you.(AG Lörrach, ruling dated 03.03.2025 – Ref.: … Read more
Since its introduction in May 2018, the General Data Protection Regulation (GDPR) has been a constant companion—and often a source of uncertainty and fear of expensive warnings—for many website operators. The urge to check your website’s GDPR compliance and gain clarity quickly arises. Often, the first instinct is to run a quick online GDPR check … Read more
Many users of Meta services like Facebook and Instagram have recently received an email stating: “Learn how we use your information to improve AI at Meta.” Behind this seemingly harmless announcement lies a plan with far-reaching implications for individual privacy. At Sofortdatenschutz.de, we explain what you need to know and what actions you can take. … Read more
Many companies are required to appoint a Data Protection Officer (DPO) under the GDPR and BDSG. But the key question is: should it be an internal employee or an external service provider? This decision has major cost and effectiveness implications. This article offers a detailed cost comparison between internal and external DPOs to help you … Read more
Data Breach Notification Period Pursuant to Article 33 para. 1 of the General Data Protection Regulation (GDPR), the controller must notify the competent supervisory authority of a personal data breach without undue delay and, if possible, within 72 hours of becoming aware of it. But how is the data breach notification period calculated? Applicable Standards … Read more
What is the EU-U.S. Data Privacy Framework about? On July 10, 2023, the EU Commission issued a new adequacy decision for the transfer of personal data to the USA under the name “EU-U.S. Data Privacy Framework” (DPF). This means that, on the basis of this adequacy decision, personal data from the EU or the EEA … Read more
IoT and Data Protection Smart technologies are increasingly finding their way into the daily lives of many people, whether out of affinity for technology, practicality or convenience. In the context of the Internet of Things (IoT) and the Industrial Internet of Things (IIoT), the networking of a wide variety of devices is steadily increasing. However, … Read more
Should there be a “reject all cookies” button in the cookie banner? Many people find the banners that ask for consent to the use of various cookies when visiting a website annoying. A “reject all cookies” button does not exist on many websites. Rather, you have to navigate through a settings menu and disable the … Read more
Data Protection and WhatsApp As a daughter company of Meta (formerly Facebook), WhatsApp has often been criticized because of massive concerns about data protection and privacy. Despite all the data protection concerns: according to studies (including here), 85 percent of customers would like to be able to contact companies via WhatsApp. Due to the popularity … Read more
Is a contract necessary between controllers who are not joint controllers? If personal data is exchanged between companies or if two or more companies use a common data pool, which is often found in group constellations, the GDPR regulates two case constellations: processor (Art. 28 GDPR) and joint controllers (Art. 26 GDPR). A company is … Read more
© Copyright 2021 mip Consult GmbH. All Rights Reserved.