National Variations Further Fragment GDPR
As long as the legal landscape is unfolding, supervisory authorities will hold off from the kinds of “true” enforcement action possible only under settled legal frameworks.
June 20, 2018 at 05:00 PM
3 minute read
- Several member states lift the prohibition to process health data without the individual's prior consent when such data is necessary for medical treatment or diagnosis, or to ensure high-quality standards for the health care industry and medicinal products.
- The Dutch GDPR implementing act lifts the prohibition to process biometric data (which is considered sensitive data used to uniquely identify a person) without prior consent when such data is needed for authentication or security purposes. This could, for instance, cover access control mechanisms to a company's premises.
- Several member states have provided that sensitive employee data can be processed without prior consent when needed in the context of workers' reintegration or assistance in case of disability or illness, or to comply with social security, taxation and other legal requirements where the individual has no overriding interest in not processing such data.
- The requirement to appoint a data protection officer was further tailored in Germany, where the appointment of a DPO was already largely required before the GDPR. Germany's GDPR act provides that companies that employ at least 10 persons who process data, perform processing that requires a Data Protection Impact Assessment, or (anonymously) transfer or process data for market or opinion research must appoint a DPO.
- Most member states have lowered the minimum age at which children can provide legally valid consent for information society services to the minimum age permitted by the GDPR, 13 years old.
- From a procedural perspective, several GDPR implementing laws allow for “class actions” through which individuals mandate a nonprofit organization (e.g., a consumer rights organization) to represent them in regulatory and/or legal proceedings on their behalf. Member state implementing legislation also occasionally provides procedural rules for regulatory proceedings before the national Supervisory Authority, including appeal options, and certain specifics for administrative fines.
- Both the Austrian and Hungarian statutes indicate that their local supervisory authorities should issue warnings before resorting to fining (or other corrective) powers, especially for first-time violations. While the enforceability of these limitations on Supervisory Authorities' powers may be questionable as a matter of EU law, it currently forms an express part of Austrian and Hungarian GDPR statutes.
Jan Dhont, located in Alston & Bird's Brussels office, works with public and private companies in the EU and worldwide to resolve legal issues. Lauren Cuyvers is an associate in the Brussels office and a member of the privacy and data security group.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Protecting Attorney-Client Privilege in the Modern Age of Communications
6 minute read
Lingering Questions at Supreme Court About Climate Change Litigation Need Resolution
6 minute read
Trending Stories
- 1Judicial Ethics Opinion 24-68
- 2Friday Newspaper
- 3Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 4Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 5NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
