• Mehr als 3 Millionen Wörter Inhalt
  • |
  • info@itmedialaw.com
  • |
  • Tel: 03322 5078053
Rechtsanwalt Marian Härtel - ITMediaLaw

No products in the cart.

  • en English
  • de Deutsch
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Kurzberatung
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
Rechtsanwalt Marian Härtel - ITMediaLaw

GDPR and Pseudonymization: A Surprising Ruling by the ECJ

5. June 2023
in Data protection Law, EU law
Reading Time: 4 mins read
0 0
A A
0
dsgvo 3589608 1280
Key Facts
  • The European Court ruled that the GDPR does not apply to pseudonymized data that has no direct personal reference.
  • It must no longer be possible to assign pseudonymized data to an identifiable person without additional information.
  • The ruling could have far-reaching consequences for companies and their data protection practices.
  • Technical and organizational risk mitigation measures are necessary to respond to data protection regulations.
  • The EDPS decided not to use remedial powers as the SRB had taken measures to ensure data protection.
  • Recommendation to the SRB: Data protection declarations should cover all potential data recipients and data processing.
  • The ruling emphasizes the need to ensure transparency with regard to data processing and the identity of recipients.

Introduction

Content Hide
1. Introduction
2. What is pseudonymization?
3. Key points of the ruling
4. Impacts and recommendations
5. Conclusion and outlook: Data protection and pseudonymization in practice
5.1. Author: Marian Härtel

The application of the General Data Protection Regulation (GDPR) to pseudonymized data is a controversial topic that generates much debate in the legal and data protection community. Pseudonymized data is data where identifiers have been removed or replaced to prevent or make it significantly more difficult to identify the data subjects. However, the question of whether this data qualifies as personal data within the meaning of the GDPR is controversial.

Recently, the Court of Justice of the European Union (CFI) issued a surprising ruling that calls into question previous legal practice and is causing a stir. In a decision that many consider unexpected, the court ruled that the GDPR does not apply when it comes to pseudonymized data that has a relative personal reference. This means that the data has been processed in such a way that it can no longer be directly assigned to a specific person without additional information.

The court went further and found that the GDPR does not apply even if the data recipient has no means of re-identification. In other words, if the recipient of the data is not able to attribute the pseudonymized data to a specific person, this data is not covered by the GDPR. This ruling represents a significant change in the interpretation and application of the GDPR and could have far-reaching effects on the data protection practices of companies and organizations.

What is pseudonymization?

Pseudonymization is a process in which personal data are processed in such a way that they can no longer be assigned to a specific data subject without additional information. This is often achieved by replacing identifying elements in the data with artificial identifiers or pseudonyms. This additional information needed for identification must be kept separately and be subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

A good example of such a practice is the use of truncated IP addresses in tools such as Google Analytics. In this case, the IP address that could provide a direct link to a specific user is shortened or “masked” to prevent the identification of the user. While this protects the user’s privacy, it also presents a challenge for the application of the GDPR.

The question is whether such pseudonymized data, such as truncated IP addresses, should be considered personal data in the sense of the GDPR. The recent ECJ ruling suggests that this is not the case if the recipient of the data has no possibility of re-identification. This could mean that companies using techniques such as IP masking may not have to comply with the full requirements of the GDPR.

However, it is important to emphasize that this is a complex and rapidly evolving area of law. Companies should therefore ensure that they regularly keep abreast of the latest developments and rulings and adapt their data protection practices accordingly.

Key points of the ruling

The court found that the data shared by the SRB with Deloitte could be considered pseudonymized data because the consultation phase responses were personal data and the SRB shared the alphanumeric code that allowed the responses received during the registration phase to be linked to those received during the consultation phase.

It was also found that Deloitte was a recipient of personal data of the complainants within the meaning of Article 3 No. 13 of Regulation 2018/1725. The fact that Deloitte is not mentioned in the SRB’s privacy statement as a potential addressee of the personal data collected and processed by the SRB as a controller in the context of the consultation procedure constitutes a violation of the data protection principles set forth in Art. 15 para. 1(d) of Regulation 2018/1725 constitutes a duty to provide information.

Impacts and recommendations

Despite the identified breach, the EDPS decided not to make use of his remedial powers under Article 58(2). 2 of Regulation 2018/1725, as the SRB had put in place technical and organizational measures to mitigate risks to the right of individuals to the protection of their data in the context of the procedure concerning the right to be heard.

However, the EDPS recommended the SRB to ensure in future procedures concerning the right to be consulted that its privacy statements cover the processing of personal data during both the registration and consultation phases and that they include all potential recipients of the data collected in order to comply with the information obligation towards data subjects pursuant to Article 15 of Regulation 2018/1725.

Conclusion and outlook: Data protection and pseudonymization in practice

This ruling by the ECJ underscores the importance of data protection in all aspects of data processing, including sensitive areas such as bank processing. It emphasizes the need for all parties involved, including external consultants, to comply with data protection rules and ensure transparency to data subjects regarding the processing of their personal data and the identity of the recipients of that data.

The ruling also shows that the EDPS is willing to take pragmatic decisions when organizations take measures to mitigate risks, even if they have violated data protection rules. However, it is clear that such breaches should be taken seriously and avoided to ensure public confidence in compliance with data protection rules.

It remains to be seen how this ruling will affect the future application of the GDPR. However, it emphasizes the need to comply with data protection regulations in all aspects of data processing and to respect the rights of data subjects.

Overall, this case shows that the topic of data protection, and in particular the application of the GDPR to pseudonymized data, continues to be a dynamic and complex field that requires constant attention and adaptation. It is an important notice for all organizations that process personal data and emphasizes the need to comply with data protection regulations in all aspects of data processing and to respect the rights of data subjects.

Marian Härtel
Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.

Tags: CustomizationEntscheidungenGeneral Data Protection RegulationGoogleIP addressJudgmentsLegal fieldPersonal dataPrivacyRegulation

Weitere spannende Blogposts

DOSB and Esport: My comment on the comment

DOSB and Esport: A commentary
31. October 2018

Yesterday I published my comment on the current decision of the DOSB. On news and on social media, there was...

Read moreDetails

AG Ludwigsburg on abuse of rights in Google Fonts warnings

abmahnung
31. March 2023

In the area of data protection, warnings and legal disputes occur time and again. For example, the Ludwigsburg Local Court...

Read moreDetails

Attention: Insufficient cookie banners soon in the sights of data protectionists

ECJ: Cookies require explicit consent of users
7. November 2022

After the German data protection authorities published a guidance document last year, the Planet49 case should now be known to...

Read moreDetails

Avoid legal pitfalls when founding an online start-up

Avoid legal pitfalls when founding an online start-up
10. October 2024

Founding an online start-up requires not only entrepreneurial skill, but also a solid legal foundation. Company founders are confronted with...

Read moreDetails

ECJ: Cookies require explicit consent of users

ECJ: Cookies require explicit consent of users
1. October 2019

In the long-awaited ruling on Planet49 (see this article), the European Court of Justice today ruled on an interpretation of...

Read moreDetails

ECJ confirms classification of TikTok as a “gatekeeper”

Lego brick still protected as a design patent
13. August 2024

The Chinese Bytedance Group, which operates the video portal TikTok, has failed with a lawsuit against its classification as a...

Read moreDetails

Small Business Owners, VALUE Added Tax and Price Information Regulation

Online shops: Attention to advertising with EIA
11. March 2019

In line with this article, we would also like to provide some information on small businesses in accordance with Section...

Read moreDetails

Soon no Twitch, Steam, Discord, Twitter for under 16s?

Soon no Twitch, Steam, Discord, Twitter for under 16s?
7. November 2022

Will young people under 16 in Germany soon no longer be able to use Twitch, YouTube, Discord, Steam, Twitter and...

Read moreDetails

Blockchain and AI in law – new territory or proven terrain?

blockchain und ki im recht neuland oder bewaehrtes terrain
9. November 2023

Introduction: Discourses at the interface of technology and law Last week, there was an exciting discussion with a doctoral student...

Read moreDetails
Cologne District Court considers online contract generator to be illegal

Leasing contract

10. November 2024

Legal definition and principles The leasing contract is a complex legal instrument that enables companies, especially start-ups, to use assets...

Read moreDetails
c8cb7c2c03f212e63dd27dbfd5d1814c

German Limited Liability Companies Act (GmbHG)

9. November 2024
lawyers are advising clients about real estate law 2021 08 27 09 31 04 utc

Federal Vacation Act (BUrlG)

10. November 2024
iStock 1405433207 scaled

Legal guide to a successful startup investment

15. December 2024
Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA)

16. October 2024

Podcast Folgen

d5e1e6cad87cb839a9e23af79034bd94

AI in the legal system: Towards a digital future of justice

16. October 2024

In this fascinating podcast episode, we take a deep dive into the world of artificial intelligence (AI) and its impact...

da884f9e2769f2f96d6b74255be62c27

The role of the IT lawyer

5. September 2024

In this exciting podcast episode, we delve into the fascinating world of IT start-ups and find out why an experienced...

75df8eaa33cd7d3975a96b022c65c6e4

Life as an IT lawyer, work-life balance, family and my career

26. September 2024

In this captivating episode of my IT Medialaw podcast, I, Marian Härtel, share my personal journey as a passionate IT...

052c2ca5ca0421f0316b42073ce61791

Innovative business models – risk and opportunity at the same time

10. September 2024

In this exciting episode of our podcast, we take a deep dive into the world of innovative business models. Our...

  • Privacy policy
  • Imprint
  • Contact
  • About lawyer Marian Härtel
Marian Härtel, Rathenaustr. 58a, 14612 Falkensee, info@itmedialaw.com

Marian Härtel - Rechtsanwalt für IT-Recht, Medienrecht und Startups, mit einem Fokus auf innovative Geschäftsmodelle, Games, KI und Finanzierungsberatung.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • Informationen
    • Ideal partner
    • About lawyer Marian Härtel
    • Quick and flexible access
    • Principles as a lawyer
    • Why a lawyer and business consultant?
    • Focus areas of attorney Marian Härtel
      • Focus on start-ups
      • Investment advice
      • Corporate law
      • Cryptocurrencies, Blockchain and Games
      • AI and SaaS
      • Streamers and influencers
      • Games and esports law
      • IT/IP Law
      • Law firm for GMBH,UG, GbR
      • Law firm for IT/IP and media law
    • The everyday life of an IT lawyer
    • How can I help clients?
    • Testimonials
    • Team: Saskia Härtel – WHO AM I?
    • Agile and lean law firm
    • Price overview
    • Various information
      • Terms
      • Privacy policy
      • Imprint
  • Services
    • Support and advice of agencies
    • Contract review and preparation
    • Games law consulting
    • Consulting for influencers and streamers
    • Advice in e-commerce
    • DLT and Blockchain consulting
    • Legal advice in corporate law: from incorporation to structuring
    • Legal compliance and expert opinions
    • Outsourcing – for companies or law firms
    • Booking as speaker
  • News
    • Gloss / Opinion
    • Law on the Internet
    • Online retail
    • Law and computer games
    • Law and Esport
    • Blockchain and web law
    • Data protection Law
    • Copyright
    • Labour law
    • Competition law
    • Corporate
    • EU law
    • Law on the protection of minors
    • Tax
    • Other
    • Internally
  • Podcast
    • ITMediaLaw Podcast
  • Knowledge base
    • Laws
    • Legal terms
    • Contract types
    • Clause types
    • Forms of financing
    • Legal means
    • Authorities
    • Company forms
    • Tax
    • Concepts
  • Videos
    • Information videos – about Marian Härtel
    • Videos – about me (Couch)
    • Blogpost – individual videos
    • Videos on services
    • Shorts
    • Podcast format
    • Third-party videos
    • Other videos
  • Contact
  • en English
  • de Deutsch
Kostenlose Kurzberatung