Selected topics of the Data Protection Conference 2023

On September 28th and 29th, the Data Protection Conference 2023 took place in Düsseldorf, Germany. We were there and want to share three interesting topics that might be relevant to you.

Data transfer to the U.S.

After the European Court of Justice (ECJ) invalidated the previously often used "EU-U.S. Privacy Shield" 3 years ago, the U.S. government and the European Commission adopted its successor this year. The new "Data Privacy Framework" allows European companies to once again transfer personal data to certified data recipients in the U.S. without concluding additional data transfer agreements. According to German authorities, data transfer agreements already in force will be superseded if the DPF is applicable, and will therefore no longer be valid. This might, in part, affect the information obligations towards data subjects.

Repurposing personal data

In many situations, personal data may come to be used for a purpose for which it was not originally collected. For example, employee information may need to be used in an internal investigation, or purchasing data in a web store may be repurposed for market analysis. In case of such change of purpose, the company must conduct a so-called compatibility test to check whether the new purpose and the original purpose are compatible.

Use of health data for research purposes

Another topic discussed was health data and the processing of it for scientific purposes. Use of health information for research is not prohibited under the GDPR, but is instead explicitly desired under the Federal Data Protection Act. However, the scope of the existing regulations is unclear. Therefore, the German legislator is currently pursuing two approaches with the Health Data Use Act (GDNG) and the Act to Accelerate the Digitalization of Healthcare (Digital Act, DigiG), which are intended to enable better use and linkage of health data.

The above is just a small excerpt of the various presented topics, some of which were heatedly debated at the conference. We will discuss recommended steps in our next newsletter.

The selection of speakers and presentations were excellent again this year, and the varied discussions with other conference participants further enriched the event.

We are already looking forward to participating in next year's data protection conference in Düsseldorf again in mid-September.