Seminars and Workshops

by Data Protection Experts with Years of Consulting Experience

 

Through years of experience in consulting and implementation of projects on data protection and data security, ePrivacy has acquired a rich fund of knowledge. Now we would like to make this knowledge at available to our customers and share our expertise with you. 

 


Seminar Programme

Here you can find the next dates for our seminars. The full seminar programme can be found here

Course NameCourse TypeDate
GDPR Basics (DE) Fundamentals12.11. to 13.11.2020
Data Protection Officer (DPO) (DE)Fundamentals25.11. to 27.11.2020
Up-to-date Data ProtectionOnline seminar and Q+A02.12.2020
GDPR Auditor (ePrivacy) technical (DE) Fundamentals13.01. to 15.01.2021
GDPR Auditor (ePrivacy) legal (DE) Fundamentals03.02. to 05.02.2021
Up-to-date Data ProtectionOnline Seminar and Q+A10.02.2021
Data Protection Officer (DPO) (DE)Fundamentals24.02. to 26.02.2021

Registration for our Seminars

Please register here or send us an e-mail to info@eprivacy.eu.


Our seminar programme is made up of different approaches.

  • Basic training courses for data protection officers and auditors
  • Flexible add-on modules for data protection officers and auditors
  • Annual training courses on current topics and legal developments
  • online workshops

Fundamental Trainings for Data Protection Officers and Auditors

In our three-day fundamental training courses you will receive comprehensive information that will prepare you for your tasks as a data protection officer or auditor. Together we will work out legal and technical know-how that will provide you with a solid foundation for independent evaluations and consulting skills.

This course offers you for example:

  • useful skills from the practical experience of an established team
  • knowledge transfer that is geared to practical relevance  
  • tips from everyday work with customers and projects
  • easy access to data protection legal information 

Flexible Add-on Trainings for Data Protection Officers and Auditors

Since the subject area is too extensive to be dealt with in a single training course, we offer you advanced modules that you can combine flexibly and book independently.

Topic-specific knowledge on how to plan and implement data protection and data security correctly is available for the topics:

  • eHealth
  • marketing (especially online)
  • online trading
  • human resources (HR)

Annual Training Courses on Current Topics and Legal Developments

Legal topics are subject to constant change as a result of legal developments. In the same way as with data security, technical progress does not stand still. In order to keep you up to date, we offer you an annual training program on the latest topics and developments. We compile the most important innovations for you and prepare the most important information for this training series.

Online Workshops

Not everyone has the opportunity to take the time to travel to a venue. Our online workshops offer you the opportunity to be kept up to date on the latest developments in data protection and data security from the comfort of your own home. The series of lectures "up-to-Date Data Protection" deals with current developments and recommendations that are particularly important for companies, consultants and auditors, such as:

  • current jurisdiction and current proceedings
  • information from the authorities
  • administrative enquiries
  • current recommendations for companies (e.g. home office, video systems, use of social media etc.)
  • recommended process adaptations and internal guidelines

To get a first impression of us, you can take part in a short virtual lecture or watch one of the recorded online seminars. You can find the media library here.


Seminar Venues

HAMBURG

Our training courses take place in high quality equipped seminar venues in downtown Hamburg in the heart of Hamburg's old town (e.g. at the Hamburg School of Business Administration - The architecturally impressive building, with its clear, straightforward design and floor-to-ceiling windows that make the rooms bright and spacious and let in plenty of daylight, is located in the immediate vicinity of the historic city hall and the Hanseatic promenade on the Alster).

As you are in the busy city centre of Hamburg, countless restaurants and cafés are just a few steps away. Drinks during breaks, snacks and lunch are included.

If you need recommendations for accommodation, please contact us and we will help you with your choice.

Are You Interested in One of our Seminars or Workshops?

You can easily reach us via info@eprivacy.eu - we look forward to hearing from you! 


Our Events

03.06.2020

The "Planet49" decision of the German Federal Court of Justice


The ruling by the German Federal Court of Justice (Bundesgerichtshof) of 28 May brought to an end the proceedings between the Federal Association of Consumer Organisations and Planet49 GmbH, a provider of online lotteries. The trial focused in particular on the question of the legal validity of the consent of website visitors to the storage of marketing cookies. This question was raised by the fact that the defendant had organized a competition on its website in 2013. For this purpose, the user was directed to a page with a web form on which he had to enter his name and address. Among the input fields for the address there were two consent forms with checkboxes. The first checkbox was not provided with a default check mark. The consent to be given here related to advertising by sponsors and cooperation partners of the defendant by mail, telephone, e-mail or SMS. The users could choose the sponsors and cooperation partners themselves and revoke their consent at any time.
 
The other checkbox was already provided with a preset check mark. Although this preset check mark could be removed, participation in the competition was only possible if the user checked at least one of the two fields. In the context of this declaration, the user should agree that a cookie provided with a tracking ID should be stored on the end device:
 
"I agree to use the web analysis service Remintrex in my company. As a result, the lottery organiser, the [defendant], will set cookies after registration for the lottery, which [the defendant] makes it possible for Remintrex to evaluate my surfing and usage behaviour on the websites of advertising partners and thus to provide interest-oriented advertising. I can delete the cookies at any time. Read more here [link to privacy policy]".
 
The user was also informed that the stored ID would be used to record each visit to the websites of an advertising partner registered for Remintrex and also to record which products the user is interested in and which he/she buys.
 
While the Regional Court of Frankfurt am Main ordered the defendant to refrain from both declarations of consent, the plaintiff achieved success on appeal only with the application regarding the use of cookies with preset declarations of consent. After the OLG Frankfurt allowed the appeal to the Federal Court of Justice, the BGH initiated a preliminary ruling procedure before the European Court of Justice, in particular to clarify the question of the effectiveness of consents to the setting of cookies under Union law. The legal focus here was on questions of interpretation of Art. 5 para. 3 and Art. 2 lit. f of the ePrivacy Directive 2002/58/EC (implemented in Germany in § 15 para. 3 Telemediengesetz) in conjunction with Art. 2 lit. h of the Data Protection Directive 95/46/EC and Art. 6 para. 1 lit. On 1 October 2019, the European Court of Justice (ECJ) announced the so-called Planet49 ruling and determined that for consent to be effective, an active act of the consenting party is required, for which pre-selected checkboxes are not sufficient (see our blog post). The ECJ justified this by stating that a pre-activated checkbox does not constitute a user activity. Rather, the user's action in the case of pre-selected checkboxes would consist merely in deselecting the default setting.
 
With today's ruling, the Federal Court of Justice (BGH) adopted this legal interpretation of the ECJ and brought the court proceedings to a close. So far, only the press release is public, the detailed reasons for the decision will only be published in the next few days. The most important sentence in the press release is as follows:
 
"In the light of Article 5(3), first sentence, of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, Section 15(3), first sentence, of the German Telemedia Act must be interpreted in conformity with that directive as meaning that the use of cookies to create user profiles for the purposes of advertising or market research requires the consent of the user.
 
The BGH thus clarifies that in its opinion the consent of the user is thus required for the creation of user profiles. 
The other interesting question, which has been discussed for years in the online marketing industry, is whether the processing of pseudonymous user data for advertising purposes can be based on a legitimate interest under Art. 6 (1) (f) GDPR instead of consent (as is also expressly mentioned in Recital 47 of the DSGVO). The BGH merely states that the entry into force of the GDPR does not affect the German implementation of the ePrivacy Directive in the Telemedia Act. The current parallel regulation in the GDPR and TMG will therefore not be dissolved.
Nevertheless, many people understand the interpretation of Section 15 (3) of the German Telemedia Act (TMG), which is now provided by the Federal Court of Justice, as a clear roadmap that online publishers will have to obtain the express consent of their users for the setting of marketing cookies in the future. We can therefore only urgently recommend that in future they switch to consent-based business models. Anyone who wants to continue to rely on the legitimate interest will certainly run the risk of having to pay even more attention than has been the case since the ECJ's decision.
 
Already in the last few weeks it could be observed that large online media such as Spiegel Online or DIE ZEIT switched to consent models. 
 
But the problem actually lies elsewhere: The European legislator had originally intended to regulate the question of online marketing anew in the planned ePrivacy Regulation - as the successor to the old ePrivacy Directive and sister law to the Basic Data Protection Regulation. However, because no agreement could be reached in the European Council on how to reconcile the protection of the privacy of the users concerned with the existing business model of advertising-financed online offers, the plan has been on hold for years. Perhaps today's ruling by the Federal Court of Justice will now give the German Council Presidency the decisive impetus in the second half of 2020. At least on a national level, the German government has already announced an adjustment of the Telemedia Act.
 
Written on 28 May 2020 by Dr. Lukas Mezger, Dr. Frank Eickmeier, attorneys at law.


Our Publications

03.06.2020

The "Planet49" decision of the German Federal Court of Justice


The ruling by the German Federal Court of Justice (Bundesgerichtshof) of 28 May brought to an end the proceedings between the Federal Association of Consumer Organisations and Planet49 GmbH, a provider of online lotteries. The trial focused in particular on the question of the legal validity of the consent of website visitors to the storage of marketing cookies. This question was raised by the fact that the defendant had organized a competition on its website in 2013. For this purpose, the user was directed to a page with a web form on which he had to enter his name and address. Among the input fields for the address there were two consent forms with checkboxes. The first checkbox was not provided with a default check mark. The consent to be given here related to advertising by sponsors and cooperation partners of the defendant by mail, telephone, e-mail or SMS. The users could choose the sponsors and cooperation partners themselves and revoke their consent at any time.
 
The other checkbox was already provided with a preset check mark. Although this preset check mark could be removed, participation in the competition was only possible if the user checked at least one of the two fields. In the context of this declaration, the user should agree that a cookie provided with a tracking ID should be stored on the end device:
 
"I agree to use the web analysis service Remintrex in my company. As a result, the lottery organiser, the [defendant], will set cookies after registration for the lottery, which [the defendant] makes it possible for Remintrex to evaluate my surfing and usage behaviour on the websites of advertising partners and thus to provide interest-oriented advertising. I can delete the cookies at any time. Read more here [link to privacy policy]".
 
The user was also informed that the stored ID would be used to record each visit to the websites of an advertising partner registered for Remintrex and also to record which products the user is interested in and which he/she buys.
 
While the Regional Court of Frankfurt am Main ordered the defendant to refrain from both declarations of consent, the plaintiff achieved success on appeal only with the application regarding the use of cookies with preset declarations of consent. After the OLG Frankfurt allowed the appeal to the Federal Court of Justice, the BGH initiated a preliminary ruling procedure before the European Court of Justice, in particular to clarify the question of the effectiveness of consents to the setting of cookies under Union law. The legal focus here was on questions of interpretation of Art. 5 para. 3 and Art. 2 lit. f of the ePrivacy Directive 2002/58/EC (implemented in Germany in § 15 para. 3 Telemediengesetz) in conjunction with Art. 2 lit. h of the Data Protection Directive 95/46/EC and Art. 6 para. 1 lit. On 1 October 2019, the European Court of Justice (ECJ) announced the so-called Planet49 ruling and determined that for consent to be effective, an active act of the consenting party is required, for which pre-selected checkboxes are not sufficient (see our blog post). The ECJ justified this by stating that a pre-activated checkbox does not constitute a user activity. Rather, the user's action in the case of pre-selected checkboxes would consist merely in deselecting the default setting.
 
With today's ruling, the Federal Court of Justice (BGH) adopted this legal interpretation of the ECJ and brought the court proceedings to a close. So far, only the press release is public, the detailed reasons for the decision will only be published in the next few days. The most important sentence in the press release is as follows:
 
"In the light of Article 5(3), first sentence, of Directive 2002/58/EC, as amended by Article 2(5) of Directive 2009/136/EC, Section 15(3), first sentence, of the German Telemedia Act must be interpreted in conformity with that directive as meaning that the use of cookies to create user profiles for the purposes of advertising or market research requires the consent of the user.
 
The BGH thus clarifies that in its opinion the consent of the user is thus required for the creation of user profiles. 
The other interesting question, which has been discussed for years in the online marketing industry, is whether the processing of pseudonymous user data for advertising purposes can be based on a legitimate interest under Art. 6 (1) (f) GDPR instead of consent (as is also expressly mentioned in Recital 47 of the DSGVO). The BGH merely states that the entry into force of the GDPR does not affect the German implementation of the ePrivacy Directive in the Telemedia Act. The current parallel regulation in the GDPR and TMG will therefore not be dissolved.
Nevertheless, many people understand the interpretation of Section 15 (3) of the German Telemedia Act (TMG), which is now provided by the Federal Court of Justice, as a clear roadmap that online publishers will have to obtain the express consent of their users for the setting of marketing cookies in the future. We can therefore only urgently recommend that in future they switch to consent-based business models. Anyone who wants to continue to rely on the legitimate interest will certainly run the risk of having to pay even more attention than has been the case since the ECJ's decision.
 
Already in the last few weeks it could be observed that large online media such as Spiegel Online or DIE ZEIT switched to consent models. 
 
But the problem actually lies elsewhere: The European legislator had originally intended to regulate the question of online marketing anew in the planned ePrivacy Regulation - as the successor to the old ePrivacy Directive and sister law to the Basic Data Protection Regulation. However, because no agreement could be reached in the European Council on how to reconcile the protection of the privacy of the users concerned with the existing business model of advertising-financed online offers, the plan has been on hold for years. Perhaps today's ruling by the Federal Court of Justice will now give the German Council Presidency the decisive impetus in the second half of 2020. At least on a national level, the German government has already announced an adjustment of the Telemedia Act.
 
Written on 28 May 2020 by Dr. Lukas Mezger, Dr. Frank Eickmeier, attorneys at law.

Do you have questions or recommendations for us?

We are glad to receive your comments.