Berlin: Annual report 2019; information on the right to information, among other things.

The Berlin Commissioner for Data Protection and Freedom of Information has given his Annual report for the year 2019 published. It contains, among other things, the following notes and explanations:

an explanation of the Fine concept the DSK;
Notes on the Access right:
- In one case, a former employee was not entitled to the disclosure of all e‑mails containing the employee’s name, firstly because these e‑mails contained the names of other persons and secondly because the disclosure of the e‑mails was not purely official correspondence there was no legitimate interest (private e‑mails, on the other hand, were to be handed over) (cf. on this also LG Cologne, LG Heidelberg and TB Hesse);
- The responsible person must Request for information in any form even if they are not addressed to the internally responsible office. Even requests for information that are received by e‑mail and sent to the Spam folder land are deemed to have been received and must be processed;
The Tying prohibition for consents does not apply absolutely. However, consent to be contacted by telephone for advertising purposes cannot be made a condition of concluding a contract for the supply of food;
will be online a Registration process canceledthe personal data collected up to the point of termination must not simply remain stored (analogous to the “Abandoned Cart”). Two buttons are therefore recommended at each stage of the registration process, one for cancellation with deletion of the data collected up to that point and one with storage. It would also be possible to save the entered data on the server side only when the registration is completed;
the Storage of data in inactive customer accounts is not permitted indefinitely. The permissible storage period can only be determined on a case-by-case basis, taking into account, among other things, the sensitivity of the data and the purpose of the account. In any case, it is not permissible to store sensitive data such as photos, information on sexual orientation and presence (here in the account of a dating platform) for six years after the last activity.

David Vasella

July 12, 2020

Deutsch

Authority

BInBDI Berlin

Area

Privacy

Topics

Access right, Data deletion, GDPR 15, GDPR 7, Consent

VG Berlin: Unreasonable information about video recordings; personal reference of the recordings (left open)

ECJ C‑634/21: Credit score (of SCHUFA) as an automated decision

EDSA: Guidelines on the scope of application of cookie consent, comments on cookies under Swiss law

Subscribe to news →

com­mon search words

Topics

Ber­lin: Annu­al report 2019; infor­ma­ti­on on the right to infor­ma­ti­on, among other things.

FDPIC in the Digi­tec Gala­xus case: Very strict trans­pa­ren­cy requi­re­ments, but guest purcha­se not mandatory

VG Ber­lin: Unre­a­sonable infor­ma­ti­on about video recor­dings; per­so­nal refe­rence of the recor­dings (left open)

ECJ C‑634/21: Cre­dit score (of SCHUFA) as an auto­ma­ted decision

EDSA: Gui­de­lines on the scope of appli­ca­ti­on of coo­kie con­sent, comm­ents on coo­kies under Swiss law

common search words

Berlin: Annual report 2019; information on the right to information, among other things.

FDPIC in the Digitec Galaxus case: Very strict transparency requirements, but guest purchase not mandatory

VG Berlin: Unreasonable information about video recordings; personal reference of the recordings (left open)

ECJ C‑634/21: Credit score (of SCHUFA) as an automated decision

EDSA: Guidelines on the scope of application of cookie consent, comments on cookies under Swiss law