The various provisions of the General Data Protection Regulation set out fines for data protection violations. The fines can range from up to 20 million euros or, for companies, up to four percent of global annual turnover (whichever is higher in the end).
The competent supervisory authorities are responsible for assessing, prosecuting and punishing data protection violations. In particular, the Federal Data Protection Commissioner and the data protection commissioners of the German states are responsible for imposing fines.
Fines 2021 - August 2023 from EUR 50,000
(Reference: Website of the respective supervisory authority)
Date of the decision: 2.8. ...
Reviews from buyers, patients, guests and customers on portals as diverse as Google, Amazon, Ebay, Jameda, Tripadvisor, etc. are becoming increasingly important when deciding on an online store, a doctor, a hotel or a restaurant.
If these reviews are negative, they can be damaging to business because they discourage customers from buying, guests from booking a hotel, or patients from choosing a doctor's office. If they are untrue, insulting or obviously illegal, there is usually a right to delete them.
Right to delete untrue ratings, inadmissible expressions of opinion or obviously illegal content
It is not possible to take action against every bad review, because reviews are generally covered by freedom of opinion. ...
Warning letters because of Google Fonts
Currently, many website operators are receiving warnings accusing them of violations of the General Data Protection Regulation (GDPR) due to the use of Google Fonts. Google Fonts are fonts provided by Google on their servers for texts on websites.
In the complaint, the lawyers claim to represent private individuals who have previously visited the website. They refer to a ruling issued at the beginning of this year by the LG München I, final ruling v. 20.01.2022 - 3 O 17493/20, according to which website visitors may be entitled to claim damages from the website operator under Art. ...
On December 1, 2021, the TTDSG (Telecommunications and Telemedia Data Protection Act) came into force.
The TTDSG is designed to prevent unwanted access to sensitive data of Internet users that they have stored on terminal devices such as computers, tablets or cell phones.
The new law has significant consequences in the use of technologies such as cookies.
TTDSG, GDPR and EPVO
On Google Maps, business owners can create a profile to become more visible to searching customers. People with Google account have the possibility to rate these companies by giving 1 to 5 stars. They can additionally justify and comment on their rating there with a so-called review.
However, if the rating and review are negative, this is bad for business because it can scare off customers who are looking for a company. In addition, negative feedback is said to have an impact on the company's ranking in Google searches. So a business owner with a bad review will have a vested interest in its deletion. A deletion claim can arise for a number of reasons:
Violation of Google policy
Google itself has established and made public guidelines for inappropriate ratings and reviews. ...
Companies that are required to appoint a data protection officer (DPO) are free to choose whether to assign this task to an external or an internal data protection officer.
The external data protection officer
The external data protection officer is an independent contractor with whom the company concludes a service agreement. As a rule, the external data privacy officer will have several customers for whom he acts as data privacy officer. Since he is constantly dealing with data protection issues of different companies, he has a broad knowledge, knows weak points and has standard solutions for problems ready.
No special regulations regarding protection against dismissal apply to the contract with the external DPO. ...
The German Federal Data Protection Act (BDSG) and the General Data Protection Regulation (DSGVO) regulate the question of when companies need a data protection officer.
The DSGVO has significantly expanded the group of companies that require a data protection officer. It is now no longer only the size of the company that matters. Even small companies with fewer than 20 employees are often required to appoint a DPO.
A DPO is required in the following cases:
1. as a rule, at least 20 persons are permanently employed with the automated processing of personal data in the company (Section 38 BDSG). This provision essentially corresponds to the existing legal situation. ...
In its ruling of May 28, 2020 (I ZR 7/16), the German Federal Supreme Court (BGH) addressed the question of whether users must actively consent to certain cookies.
The Federal Association of Consumer Associations had filed a lawsuit against a sweepstakes provider because of a pre-ticked checkbox for cookies that were intended to serve the creation of usage profiles for purposes of advertising or market research.
After referring the matter to the ECJ (judgment of 1.10.2019, C-673/17), the BGH rendered a judgment as the final instance.
The Federal Court of Justice (BGH - VI ZR 405/18 and VI ZR 476/18) recently dealt with the right to be forgotten in two cases.
In one case, a decision was issued that shows the criteria according to which persons can have entries deleted from search engines such as Google. The former managing director of a regional welfare association filed a lawsuit because he wanted to prevent a press report from 2011 in particular from appearing in the hit list in a Google search for his name. This report revealed that the regional association had a deficit of around one million euros during his term of office and that he had called in sick during the crisis. The BGH dismissed the action. ...
Most memes are created by combining images with text, thereby creating entirely new meanings and contexts. They spread virally across the Internet and find many viewers because they have a high entertainment value due to their funny, ambiguous or even socially critical character. Memes are thus found on many social media, websites and blogs and are generally considered accepted.
However, like almost everything, memes can be considered legal and may infringe rights or violate policies.
The following legal categories can be used to categorize problematic memes that are not always liked by those affected, so deletion options are sought. ...