Forwarding of personal employee data by works council member via private email account justifies exclusion from works council
Compensation after loss of control of data
Disclosure of health data by employers can lead to compensation.
The German Federal Court of Justice keeps up its consistent line in decisions on company rights in relation to data protection in contrast to the ECJ, which restricted shareholders' right to information in September last year.
The BGH has confirmed that data protection violations can be prosecuted not only by the data subjects themselves, but also by competitors and consumer associations.
The BAG specifies the requirements for non-material claims for damages under Art. 82 para. 1 GDPR.
The current EU-US Data Privacy Framework constitutes a legal basis for the transfer of personal data to the USA. How do current political developments affect this data transfer instrument?
The AI Act entered into force 2 August 2024. A VDMA FAQ document was prepared together with the law firm FPS to provide non-binding guidance, now available as 2nd edition.
Company agreements must be fully GDPR-compliant.
The draft bill for the German national Data Act Implementation Act was published at the beginning of February. To effectively implement the Data Act the draft bill needs to be adopted rather sooner than later.
The VDMA has developed a guidance to provide non-binding orientation on the data sharing obligations under the EU Data Act.
On February 4, 2025, the EU Commission published guidelines to provide an overview of the AI systems that have been banned in the EU since this February.
From June 2025, new accessibility requirements will be imposed on products and services in accordance with the German Accessibility Strengthening Act. But is the law also relevant for mechanical and plant engineering?
The results of the VDMA-survey clearly show that there are still a lot of legal uncertainties regarding the implementation of the Data Act.
A business service is fully liable for incorrect information about companies generated by AI if an error-prone system is deliberately used and responsibility for the content is assumed.
The Commission has published the Frequently Asked Questions (FAQs) on the EU Data Act to help companies implement the Data Act.
Impact on mechanical and plant engineering in conjunction with electrical automation
The VDMA is conducting a survey among its member companies on the state of implementation of the EU Data Act.
The question of the patentability of a machine-generated invention has repeatedly arisen in the past. This question has now been answered by the Federal Court of Justice in a recent decision (BGH, decision of 11.06.2024, ref. X ZB 5/22).
No fine against the parent company: Joint responsibility does not already exist in the case of a fundamental strategic decision and the establishment of a subsidiary.
The European Artificial Intelligence Act was published in the Official Journal on July 12, 2024.
As part of the implementation of the Digital Services Act at national level, among other things, certain digital laws have been renamed. This may lead to necessary changes for companies.
Digitalization and the increasing use of artificial intelligence (AI) do not stop at application processes.
The BGH clarifies that copies of documents of the data subject may also be covered by a request for information. In addition, it must be examined whether complete documents are required to contextualize the processed data.
On 13.03.2024, the European Parliament gave the green light for the so-called AI Regulation. It is intended to ensure safety and respect for fundamental rights in the context of artificial intelligence and promote innovation.
The Berlin Court of Appeal has ruled in a case that companies are liable per se in the area of GDPR violations. An administrative order imposing a fine does not have to specify the natural person who may have been responsible for a breach of duty.
The EU Data Regulation came into force on January 11, 2024. A VDMA FAQ document has been compiled and updated to provide non-binding guidance.
The VDMA handout on the implementation of the DSGVO has been revised. It is now available in a second edition in German and English exclusively for VDMA members.
The EU Data Act aims to put data traffic on a new footing, including between companies. This could shift the center of power in the economy. For industrial SMEs, this law is both an opportunity and a risk.
The number of hacker attacks in the mechanical and plant engineering sector is on the rise. More and more VDMA member companies are reporting attacks on office and production systems within the company. Already almost 40 percent of the attacks lead to production downtimes. How can medium-sized companies in particular arm themselves against attacks in advance or react correctly in the event of an actual attack?
On November 1, 2021, the Personal Information Processing and Protection Law (PIP Law) came into force in China. For this purpose, VDMA together with Sinolytics has prepared a policy briefing with the view of the mechanical engineering industry.
Für die Nutzung von Daten gibt es bislang keine Rechtsgrundlage. Wie ein Unternehmen die beste technische Lösung findet und welche Aspekte es vertraglich regeln sollte? Einige zentrale Fakten.
How can more digital sovereignty succeed in mechanical and plant engineering? These questions are answered by Lars Nagel, International Data Spaces Association and Kai Kalusa, VDMA in this episode of the VDMA Industry Podcast.
Mechanical and plant engineering is a leader in applied industrial digitalization. Digitalization creates new potential for intelligent production and new business models. In order to remain competitive and meet the growing demands for research, training and qualification, norms and standards, legal and data security, the industry needs efficient structures and competent contacts in digital policy.
Cooperation within Europe on digital policy must improve. The industry needs efficient political structures and competent contacts. And it needs a common, interoperable cloud and data infrastructure.
Today marks the official launch of the Industrial Digital Twin Association (IDTA).
Frankfurt, December 9, 2020 - The Automation Management for House Buildings trade association of the VDMA has published a revised version of Standard Sheet 24774 on IT security in building automation.
One result of the COVID 19 pandemic will be the further automation of logistics processes. Intralogistics providers are increasingly offering networked solutions for this. In this context, the question of data security of intralogistics systems is becoming increasingly important. A conversation with Steffen Zimmermann, VDMA Competence Center Industrial Security, about cyber security for intralogistics systems.
Digitization, Artificial Intelligence and Industry 4.0 are a permanent feature of the VDMA.
Companies must be able to make independent decisions about their data and business models. Sufficient IT security is a cornerstone for this; an open European data infrastructure is being sought.
The coronavirus is keeping the world in suspense. Companies also have a central function in dealing with the virus.
During the autumn conference of Fachabteilung 2 - Machines and Equipment for Garden and Landscape Maintenance - GPS-supported telemetry solutions were examined from a legal point of view.
In October, the Data Protection Conference, a body consisting of the independent data protection authorities of the federal and state governments, presented the concept for assessing fines in proceedings against companies for data protection violations.
The ECJ's eagerly awaited ruling (case C-673/17) on the question of the extent to which the use of cookies on websites requires the consent of website visitors made headlines.
In line with its previous case law on fan pages, the ECJ ruled on 29.07.2019 that website operators together with plugin providers (here: Facebook, "Like Button") are so-called "joint controllers" within the meaning of Art. 26 GDPR.
Time and again, machine builders are faced with the question of how to protect their IT systems: Whether in their own company or in relation to products sold to customers, the question in each case is what level of protection must be guaranteed.
At the end of 2018, the Austrian data protection authority had to decide whether a request for erasure based on Art. 17 GDPR was sufficiently implemented by the controller if the controller did not carry out an erasure in the strict sense, but made parts of the personal data unrecognizable by anonymization.
The rules of the General Data Protection Regulation have a significant impact on the handling of personal data in sales.