HmbBfDI (Hamburg) - Ende des ZOOM-Verfahrens: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Germany |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoDE-HH.png |DPA_Abbrevation=HmbBfDI |DPA_With_Country=HmbBfDI (Hamburg) |Case_Number_Name=Ende des ZOOM-Verfahrens |ECLI= |Original_Source_Name_1=Hamburg DPA |Original_Source_Link_1=https://datenschutz-hamburg.de/service-information/taetigkeitsberichte/taetigkeitsbericht-datenschutz-2023#IV-5 |Original_Source_Language_1=German |Original_Source_Language__Code_1=DE |Original_Sourc...") |
No edit summary |
||
| Line 45: | Line 45: | ||
|National_Law_Link_2= | |National_Law_Link_2= | ||
|Party_Name_1= | |Party_Name_1=Zoom | ||
|Party_Link_1= | |Party_Link_1= | ||
|Party_Name_2= | |Party_Name_2= | ||
| Line 66: | Line 66: | ||
In 2021, HmbBfDI issued a warning against the Hamburg Senate Chancellery (FHH) regarding the planned use of Zoom, citing non-compliance with GDPR due to the transfer of personal data to third countries without adequate safeguards. The Senate Chancellery filed a lawsuit against this warning before the Hamburg Administrative Court (VG Hamburg). | In 2021, HmbBfDI issued a warning against the Hamburg Senate Chancellery (FHH) regarding the planned use of Zoom, citing non-compliance with GDPR due to the transfer of personal data to third countries without adequate safeguards. The Senate Chancellery filed a lawsuit against this warning before the Hamburg Administrative Court (VG Hamburg). | ||
On July 10, 2023, the European Commission adopted an Adequacy Decision for the EU-US Data Privacy Framework, resolving concerns raised by the CJEU's Schrems II ruling (Case C-311/18). As a result, the main grounds for HmbBfDI’s warning concerning the use of Zoom were no longer valid. Both parties agreed that continuing the lawsuit was no longer necessary. The HmbBfDI then officially withdrew the warning of August 11, 2021. | On July 10, 2023, the European Commission adopted an Adequacy Decision for the EU-US Data Privacy Framework, resolving concerns raised by the [[CJEU - C-311/18 - Schrems II|CJEU's Schrems II ruling]] (Case C-311/18). As a result, the main grounds for HmbBfDI’s warning concerning the use of Zoom were no longer valid. Both parties agreed that continuing the lawsuit was no longer necessary. The HmbBfDI then officially withdrew the warning of August 11, 2021. | ||
=== Holding === | === Holding === | ||
Latest revision as of 10:44, 6 March 2025
| HmbBfDI - Ende des ZOOM-Verfahrens | |
|---|---|
 | |
| Authority: | HmbBfDI (Hamburg) |
| Jurisdiction: | Germany |
| Relevant Law: | Article 45(1) GDPR |
| Type: | Other |
| Outcome: | n/a |
| Started: | |
| Decided: | |
| Published: | |
| Fine: | n/a |
| Parties: | Zoom |
| National Case Number/Name: | Ende des ZOOM-Verfahrens |
| European Case Law Identifier: | n/a |
| Appeal: | Not appealed |
| Original Language(s): | German |
| Original Source: | Hamburg DPA (in DE) |
| Initial Contributor: | CBMPN |
Use of the Zoom platform for videoconferences by public authority deemed legal after the 2023 Adequacy Decision for the EU-US Data Privacy Framework. Previous warning made by the Hamburg DPA in 2021 was withdrawn.
English Summary
Facts
In 2021, HmbBfDI issued a warning against the Hamburg Senate Chancellery (FHH) regarding the planned use of Zoom, citing non-compliance with GDPR due to the transfer of personal data to third countries without adequate safeguards. The Senate Chancellery filed a lawsuit against this warning before the Hamburg Administrative Court (VG Hamburg).
On July 10, 2023, the European Commission adopted an Adequacy Decision for the EU-US Data Privacy Framework, resolving concerns raised by the CJEU's Schrems II ruling (Case C-311/18). As a result, the main grounds for HmbBfDI’s warning concerning the use of Zoom were no longer valid. Both parties agreed that continuing the lawsuit was no longer necessary. The HmbBfDI then officially withdrew the warning of August 11, 2021.
Holding
The case was closed without a ruling on whether the prior use of Zoom had been lawful before the adequacy decision.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the German original. Please refer to the German original for more details.
In the 30th TB Data Protection 2021 (Chapter 4.6), the HmbBfDI informed that it had issued a warning to the Senate Chancellery of the Free and Hanseatic City of Hamburg (FHH). The background to this was the then planned use of the video conferencing software Zoom, which in the opinion of the HmbBfDI was not compatible with the GDPR. The Senate Chancellery then filed a lawsuit against the warning before the Hamburg Administrative Court.
On July 10, 2023, the European Commission announced an adequacy decision ("Adequacy decision for the EU-US Data Privacy Framework") within the meaning of Art. 45 (1) GDPR. This makes secure transatlantic data flows possible and at least temporarily dispels the concerns raised by the ECJ in its judgment of July 16, 2020 (case C-311/18 - Facebook Ireland and Schrems). In the opinion of the HmbBfDI, the main reasons for the warning of August 11, 2021 regarding the use of the video communication software "Zoom", which previously existed with regard to the transmission of personal data to a third country without suitable guarantees to protect this data, had essentially ceased to apply.
The Senate Chancellery also saw it this way. As a result, both sides agreed that continuing the court proceedings was no longer expedient due to the changed legal and factual situation. In particular, there was no interest in having the court determine whether the warning in question was correct under the old legal and factual situation.
The HmbBfDI then withdrew the warning in question of August 11, 2021 regarding the use of the video conferencing software "Zoom" with effect for the future. The settlement had no retroactive effect, which is why it remains unclear in court whether the use of ZOOM would have been lawful even before the adequacy decision.
