The year 2021 - what we can expect in terms of data protection law

Björn Holeschak, Leiter Datenschutz EIKONA Systems GmbH
A picture of a smartphone can be seen in the foreground.

A new year has begun and according to the saying "New year, new luck", the chances are better that things will start looking up again. To make sure it stays that way in data protection, we have created a little outlook to be well prepared.


Delicate topic: Brexit

Brexit remains a sensitive issue, especially now that the transition period set out in the withdrawal agreement has expired on 31 December 2020. There is no longer an extension, so the United Kingdom will no longer be part of the Single Market and the Customs Union at the turn of the year. The consequence is that from now on, the UK is considered a third country in the sense of the DSGVO and a transfer of personal data is no longer possible without further ado.

You should therefore immediately check whether you have customers or service providers based in the UK. Here it is urgently necessary to establish another legal basis for processing personal data. The EU is trying to issue an adequacy decision according to Art. 45 DSGVO. However, until this actually comes into effect, companies should use the standard data protection clauses, for example. Further information can be found here.


Cookie banner bears first fruits

The ruling on cookies and consent banners issued by the ECJ in October 2019 is now bearing its first fruit. In its recent ruling, the Rostock Regional Court clarified that preselected cookies that must be manually deselected by the user (opt-out) are not suitable for effectively obtaining consent. Furthermore, the court also addressed the design of the cookie banner: The visual highlighting of the "Accept" button, whereby other selection options such as "Accept only necessary cookies" recede into the background and are no longer perceived as a clickable element, is also not sufficient to obtain effective consent. This means that many consent banners still violate the DSGVO.

At this point, it should also be noted that the supervisory authorities increasingly want to conduct audits "remotely" this year. This means that they take a look at the websites of the companies and can thus determine whether effective consent is obtained from the users or not. Therefore, also check whether the cookie banners on your website comply with the current requirements. We would be happy to check with you whether there is a need for action on your website. Contact us!


Federal Data Protection Act: new laws in prospect

The legislator intends to carry out an evaluation of the current Federal Data Protection Act (BDSG). This evaluation is being carried out by the Federal Ministry of the Interior, for Building and the Home Affairs (BMI) with the help of a questionnaire.

Furthermore, it is very likely that a new data protection law will be passed in Germany. The Telecommunications Telemedia Data Protection Act (TTDSG for short) is intended to bring clarity in the area of electronic communication by end users. There has not yet been an official announcement by the legislator, as the draft law has only been leaked. It remains to be seen when the time will finally come. We will keep you up to date!


Björn Holeschak
Björn Holeschak
Team Lead, Data Protection

Drawing on his profound data protection expertise, he tackles data protection challenges with renewed vigor every single day. He understands the dangers and stumbling blocks in intimate detail and gives customers practical advice.


Add a comment

What is the sum of 1 and 3?