The exchange of personal data between the European Union and the United States have suffered a further setback as the EU Court of Justice ruled against the Commission’s Privacy Shield Decision in the Schrems II case. The consequences could be far-reaching, and impact data flows not only to the United States. While the Court upheld the Commission’s decision regarding Standard Contractual Clauses (SCCs), any data flow to a third country must respect the GDPR principles and protect the fundamental freedoms of European citizens. The Court made clear that any jurisdiction, into which personal data are transferred, must offer an essentially equivalent level of personal data protection assessed considering both contractual clauses agreed between transferring parties and the relevant aspects of third country’s legal system. Consequently, not only big companies, such as Facebook, Microsoft, or Google, but also small and medium-sized businesses, must evaluate all data transfers to non-EU countries and assess the potential risks for the data in question.
The state of emergency is over, government measures are slowly easing up and we are entering the unknown as regards further developments in the spread of the SARS-CoV-2 virus (but let’s leave that to the experts). The time is now here to calculate the current and future damage. The measures taken by the government have had an enormous impact on the economy as a whole, as well as on practically every legal and natural person individually: freedom of movement has been restricted, shops and restaurants have been ordered to shut, a ban has been placed on the provision of services and the borders have been closed (all subject to only a few minor exceptions primarily aimed at ensuring basic needs and supplies are satisfied). Furthermore, the government has adopted a number of measures to provide relief to persons affected by the coronavirus pandemic and by the government’s restrictive measures.
It has been roughly a year since the somewhat controversial DSM Directive entered into force on June 7, 2019. The clock is ticking as the EU member states are required to transpose the Directive into national law within 24 months—a half of which is already gone. The most discussed provisions of the DSM Directive are included in its Articles 15 and 17.
The acquisition of a sports club is definitely a specific process in many respects and requires preparation on several fronts. This article takes a closer look at one of the first steps to undertake before acquiring a sports club, namely legal due diligence. Along with the areas usually checked, one must pay attention to several specific areas stemming from the specific characteristics of the sport (and each type of sport has not only its own considerable further specifics, but also its own unique risks).
On February 7, 2020, the German federal competition authority prohibited Facebook from combining user data with data from its other services (WhatsApp, Instagram etc.) and third party webpages. The authority also questioned the legality of the consent to this processing, which is a condition to using Facebook. What impact will this have on Facebook and other companies, which based their business model on processing of their users’ personal data?