GDPR – rights and freedoms – EU Charter of fundamental rights.

e.g. freedoms:

Chapter II: freedoms (the right to liberty and security, respect for private and family life, protection of personal data, the right to marry and found a family, freedom of thought, conscience and religion, freedom of expression and information, freedom of assembly and association, freedom of the arts and sciences, the right to education, freedom to choose an occupation and the right to engage in work, freedom to conduct a business, the right to property, the right to asylum, protection in the event of removal, expulsion or extradition).

Germany: BSI publishes technical guidelines for security of digital health apps

in German:

BSI TR-03161 Anforderungen an Anwendungen im Gesundheitswesen


ZD Datenschutz Übersichten zu Auskunftsanspruch und Schadenersatz (Kevin Leibold)

(Deutschland, DSGVO)

Übersicht zum Auskunftsanspruch nach Art. 15 DS-GVO:

  • eine Übersicht über den Inhalt des Auskunftsanspruchs nach Art. 15 DS-GVO (unter 1.),
  • eine Übersicht über die Vorlagefragen zu Art. 15 DS-GVO (unter 2.) und
  • eine Übersicht über die Streitwerte beim Auskunftsanspruch nach Art. 15 DS-GVO.

Des Weiteren finden sich hier drei Übersichten des Autors zum Schadensersatz nach Art. 82 DS-GVO:

  • eine Übersicht über den Schadensersatzanspruch nach Art. 82 DS-GVO;
  • eine Übersicht über die Vorlagefragen zu Art. 82 DS-GVO und
  • eine Übersicht über die Höhe des (zugesprochenen) Schadensersatzes nach Art. 82 DS-GVO

sowie einschlägige EuGH-Vorlagen.

Luxembourg: CNPD launches EU GDPR certification program

Companies, administrations, associations and other bodies established in Luxembourg now have the possibility of demonstrating that their personal data processing operations comply with the GDPR. GDPR-CARPA thus offers data controllers and subcontractors a high level of GDPR compliance for their processing operations subject to certification.

The establishment of certification mechanisms can promote transparency and compliance with the GDPR and allow data subjects to better assess the level of data protection offered by the products, services, processes or systems of organizations that process their personal data. A GDPR certification does not certify an organization but the processing operations covered by the certification.

The CNPD is to date the only European supervisory authority to have itself developed a certification scheme under the GDPR. As the entity that developed the certification criteria, the CNPD also owns the certification scheme.

Google Play: Declaration of apps’ privacy and security practices

“. Developers will soon be required to tell us about their apps’ privacy and security practices by completing a form in Play Console. Starting late April, 2022, this information will be shown on your app’s store listing to help Google Play users understand how your app collects and shares user data before they download.

This article provides an overview of the new requirements, what you need to do to complete the form, and a timeline of upcoming events.”

“By July 20, 2022, all developers must declare how they collect and handle user data for the apps they publish on Google Play, and provide details about how they protect this data through security practices like encryption. ”