Technology is constantly progressing, and the law follows suit: Questions about IT and Software Law, Data Protection Law, but also "Law 4.0", i. e. contractual protection of data, etc, are increasingly on the agenda of the companies in the mechanical and plant engineering sector. It is important to recognize the signs of the times at an early stage and make the right decisions on the basis of legally sound advice.
The VDMA legal experts will be happy to assist you.
News on Digitization / Industry 4.0 / Data Protection Law
In October, the Data Protection Conference, a body consisting of the independent data protection authorities of the federal and state governments, presented the concept for calculating fines in proceedings against companies for GDPR violations.
On 25.11.2019, the Second Act on the Adaptation of Data Protection to EU Regulation 2016/679 and on the Implementation of EU Directive 2016/680 (2nd DSAnpUG-EU) was published in the Federal Law Gazette.
On 14.11.2019, numerous supervisory authorities of the federal states (Berlin, Brandenburg, Hamburg, Hesse, Lower Saxony, NRW, Rhineland-Palatinate, Saarland, Saxony, Schleswig-Holstein, Thuringia, Bavaria) and the Federal Commissioner for Data Protection and Freedom of Information (BfDI) published largely identical press releases on the use of tracking tools, in particular on Google Analytics.
The European Data Protection Supervisor, an independent supervisory authority of the European Union, developed a software tool (under EUPL-1.2 license) to enable website operators to analyse their own website with regard to the processing of personal data.
According to the Conference of Independent Data Protection Supervisory Authorities of the Federation and the Länder (DSK), it is currently working on a new concept for setting fines for violations of the GDPR in Germany.
With regard to the scope of the data protection law claim for information under the Basic Data Protection Regulation (DSGVO), the Regional Court of Cologne declared in a partial judgment of 18 March 2019 (Case No. 26 O 25/18) that the claim under Art. 15 DSGVO does not serve the simplified accounting of the data subject, but is intended to ensure that the data subject can assess the scope and content of the stored personal data.
The European Court of Justice decided in its judgement of 29.07.2019 that operators of websites together with plug-in providers (here: Facebook, "Like Button") are so-called "Joint Controllers" within the meaning of Art. 26 DSGVO
At the end of June, the German Bundestag passed the so-called Data Protection Adjustment Act (Datenschutzanpassungsgesetz), which adapted a whole series of laws to the GDPR that came into force more than a year ago.
On 29 May 2019, the EU Commission published the guidelines for Regulation 2018/1807/EU. The aim of this regulation is to prevent national data localisation requirements and to create a single European data market as a supplement to the GDPR.
In cooperation with Noerr LLP, the legal department of the VDMA developed a comprehensive guide on data sovereignty in the field of mechanical engineering industry, which provides member companies with valuable information on contractual possibilities of data allocations.
Time and again, companies within the machinery industry are faced with the question of how to deal with the protection of their IT systems: Whether in the company itself or in relation to products sold to the customer, the question in each case is what level of protection must be guaranteed.
The German Federal Commissioner for Data Protection and Freedom of Information (BfDI) has pointed out that in the case of a hard Brexit, Great Britain becomes a third country under data protection law and has compiled some information on this subject.
At the end of 2018, the Austrian data protection authority had to decide whether a deletion request based on Art. 17 had been sufficiently implemented by the responsible party if the latter had not carried out a deletion in the narrower sense but had made parts of the personal data unrecognisable by anonymising them.
The GDPR, in force since 25 May 2018 presented the VDMA members, among others, with some far-reaching challenges: processes had to be reviewed and, if necessary, adapted to the new data protection regulations; data protection had to be placed on a more professional level in many cases.
The Regulation “concerning the respect for private life and the protection of personal data in electronic communications”, also known as the E-Privacy Regulation, is currently being discussed at European level.
RA Daniel van Geerenstein, LL.M.
Legal Counsel (Syndikusanwalt)
Deputy of Legal Services
Digitzation, Data Protection Law, Intellectual Property Law, Unfair Competition, Antitrust Law
This month we are updating our privacy statement to better understand what information we collect and why. We have also taken steps to improve our features to protect your information and privacy.
There is no change to your current settings or how your data is processed. We have merely improved the explanation of our procedures and explain to you in more detail what options you have to update, manage and delete your data.
We take the protection of your personal data and their confidential treatment very seriously.
General information about the scope of processing of your personal data and about your data protection rights can be found at www.vdma.org/datenschutz.
You can reach us at the following contact details: