Photo of Dr. Viola Bensinger

Viola Bensinger co-chairs the firm's Data, Privacy & Cybersecurity Practice and she chairs the Technology Practice as well as the Litigation Practice in Germany. She advises clients from the technology, media, health care and other industries.

Within the technology sector, Viola advises international internet, technology and healthcare companies in the areas of digital products, IT outsourcing, e-commerce, electronic payment, data protection, software licensing as well as digital media.

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. After several EU data protection authorities (DPAs) published their reactions, the European Data Protection Board (EDPB), an association comprising, inter alia, national DPAs of all EU Member States, presented its guidance in form of an FAQ.

At the time of its publication, the guidance comprises 12 FAQs. It will be updated with further analysis. While the EDPB notes that supplementary measures may be necessary when using standard contractual clauses (SCCs), it fails to specify what that means but promises to provide more guidance in the future. Summarized below are the key takeaways from the EDPB’s guidance.
Continue Reading EDPB Issues Data Transfer FAQs in the Post Privacy Shield Area

The Court of Justice of the European Union (CJEU)’s historic decision in Schrems II, in which the EU-U.S. Privacy Shield was invalidated, requires businesses to rethink the mechanism they can rely on to transfer personal data from the EU to the United States and other countries. However, how the decision will be enforced remains

The Court of Justice of the European Union (CJEU) declares invalid a decision of the European Commission which attested that the EU-U.S. Privacy Shield provided adequate protection to personal data transferred from the EU to the U.S., if the receiving party had self-certified its adherence to the Privacy Shield Principles. At the same time, the

At the end of October 2019, the Berlin Commissioner for Data Protection and Freedom of Information imposed a fine of about EUR 14.5 million against a German residential real estate company for various violations of the EU General Data Protection Regulation (GDPR). The fine is not yet legally binding but, reportedly, has been appealed. However,

While many are still digesting the changes brought about by the EU General Data Protection Regulation (GDPR), a new privacy regulation is already on its way. The Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications – in short, the ePrivacy Regulation  – is currently a