Data Protection

Social media, e-commerce, smartphones and tablets – the introduction over the past decade of a variety of network-based services, new technologies and the proliferation of mobile devices has led to a comprehensive digitization of our daily lives.  Much of the communication, purchase of everyday goods, and use of services today occurs on the Internet through data-driven enterprises such as Facebook, Hotmail, and Amazon.

The personal data collected from individuals may be analyzed with ever greater detail and is used to create profiles for digital marketing and advertising strategies (so-called behavioral targeting), but may also be used to monitor and control users.  Personal data is therefore of increasing significance and market value for companies.  The interest of companies and advertisers in personal data however is balanced against the individual’s rights to self-determination and basic liberties.  These fundamental rights of the individual are provided in data protection legislation, which is found in a wide range of general and sector-specific laws and regulations.  Violations can result in disciplinary proceedings from data protection authorities, as well as warning letters from competitors.

Against this legally complex and constantly evolving background arises a number of practical issues for businesses.  What data can be collected and processed without concern?  In what situations is the user’s consent required, and for what purposes may such information be used?  May the information be provided to third parties, such as advertising agencies, hosting services, or other companies within a corporate group?  What contractual agreements are necessary to distribute the information?

We assist clients in developing strategies and solutions that take into account data protection requirements without losing sight of the underlying business aims.  Our advice  and contract drafting services in this area include in particular:

  • Data protection within the company
    • Contractual agreements with the data protection officer
    • Support to data protection officers
    • Examination of data protection issues related to process and data protection audits
    • Confidentiality agreements
    • Corporate privacy policy
    • Operating agreements for video surveillance, e-mail and Internet usage by employees
    • Bring Your Own Device (BYOD)
  • Data transfer and data processing by third parties
    • Transfer of personal data, nationally and internationally
    • Contracts for data processing
    • Privacy in the context of outsourcing
    • Privacy in the context of cloud computing
    • Destruction of data and the drafting of contracts with service providers
  • Data sharing in Social Networks, Networking and Advertising
    • Assignment of addresses to third parties
    • Contracts for the implementation of Internet tracking (analyzing usage and behavior of web traffic)
    • Privacy statements and consent forms for online portals and shops
    • E-mail advertising, advertising via SMS, e-mail newsletters
    • Privacy statements for mobile device apps
    • Privacy statements and consent forms for social networks and communities

More information about data protection law may be found in our Infocenter, data protection from A to Z.