Im vergangenen Monat hat die Kommission einen Reformvorschlag zur DSGVO vorgelegt. Konkret soll Art. 30 DSGVO angepasst werden, der Datenverarbeiter verpflichtet ein sog. „Verarbeitungsverzeichnis“ zu führen. Bisher galt für Unternehmen mit weniger als 250 Beschäftigten eine Ausnahme. Künftig soll diese Grenze auf 750 Mitarbeiter angehobenen werden. Doch der Vorschlag polarisiert.
India’s data protection framework has been in the making for over a decade. The Digital Personal Data Protection Act was passed by Parliament in 2023, and the draft Digital Personal Data Protection Rules were released in January 2025 for public consultation. In this piece, I argue that the draft Rules do little to clarify India’s murky position on cross-border data flows. The ambiguous wording of the text grants unfettered discretion to the executive in operationalizing the localization mandate. Moreover, the lack of legislative protections for citizen privacy, coupled with missed opportunities to establish robust institutional frameworks undermines India’s own data diplomacy project.
The La Quadrature du Net II decision’s ripple effects are profound. By placing the ruling in thick context, this analysis uncovers hidden legal innovations and unexpected interactions that could reshape the future of data protection in the EU.
Am 05.11.2024 nahm der Generalbundesanwalt (GBA) acht junge Männer fest. Sowohl der festgenommene Kurt H., Schatzmeister der sächsischen AfD-Jugendorganisation und AfD-Fraktionsvorsitzender im Stadtrat von Grimma, als auch Kevin R. arbeiteten beim sächsischen AfD-Landtagsabgeordneten Alexander Wiesner, der stellvertretendes Mitglied des 2. Parlamentarischen Untersuchungsausschusses in der vergangenen Legislaturperiode war. Dieser Untersuchungsausschuss offenbart ein nicht unerhebliches Defizit im Grundrechtsschutz.
La Quadrature du Net II has been criticized for allowing generalized metadata retention measures. However, it is important not to lose sight of the fact that the law must not become a mechanism for protecting criminals. The scale of online rights violations are a real problem. P2P networks are not only a threat to copyright protection, but also an environment for the distribution of content related to serious crime. It is therefore necessary to strike a balance between these two concerns and to propose solutions that adequately protect users without guaranteeing impunity for criminals.
The Italian Data Protection Authority banned ChatGPT for violating EU data protection law. As training and operating large language models like ChatGPT requires massive amounts of (personal) data, AI's future in Europe, to an extent, hinges upon the GDPR.
Five Questions to Sabine Leutheusser-Schnarrenberger
Fünf Fragen an Sabine Leutheusser-Schnarrenberger
After the major shift in surveillance practices from state power and control to big tech corporations and monetisation, we are currently witnessing yet another Zeitenwende: Surveillance practices as a means of hybrid warfare, with the AI-driven vision of accessing what people think and feel. This type of surveillance produces knowledge that not only claims to reveal what people are likely to do in the future but also what they feel and think. The consequences of this epistemological bending are potentially grave.
Nowadays, data is mostly collected not by state actors but by businesses. In 2010, the German Constitutional Court held that the legislator has to evaluate the overall level of surveillance in Germany before enacting new data retention obligations. In light of the recent rejuvenised discussions about data retention and a general surveillance account, this text explores whether such an account needs to consider private data pools and what is required for a successful evaluation.
13. September 2025
Giovanni Capoccia
12. September 2025
Anne Peters
12. September 2025
Anne Peters