Osservatorio sul diritto e telecomunicazioni informatiche, a cura del dott. V. Spataro dal 1999, 9347 documenti.

Il dizionario e' stato letto volte.

Segui via: Email - Telegram
  Dal 1999   spieghiamo il diritto di internet  Store  Podcast  Dizionario News alert    
           privacy, formulari, check up per WordPress

Temi attuali:
Algoritmi ChatGPT Intelligenza artificiale Privacy WordPress

Schrems 31.03.2021    Pdf    Appunta    Letti    Post successivo  

EDPB: basta usare MailChimp perche' negli USA.

"Bavarian DPA (BayLDA) calls for German company to cease the use of 'Mailchimp' tool"

Questo il comunicato. Gli interpreti si chiedono le conseguenze sui sistemi operativi, device, e servizi in cloud. Spegnere il web non e' una opzione, e non si puo' crittografare tutto. Chi non si e' organizzato deve preoccuparsi. Almeno avete gia' catalogato i vostri fornitori negli USA per cercare alternative ?  Fatelo per iscritto.

Tuttavia l'autorità Bavarese non si chiede se esistano alternative europee con uguali livelli di sicurezza: stiamo parlando di email usate per inviare newsletter. E contro i cookies profilanti i giornali italiani cosa dovrebbero fare ?

Ecco il comunicato dell'autorità europea.

Valentino Spataro



The "ruling" presented in the "Standard" concerns a remedy procedure concluded without formal supervisory measures regarding a complaint by a data subject, in which the controller (an individual company) that had used Mailchimp had, after our request for comments and detailed information on the consequences of the Schrems II- decision, announced that it had now refrained from using Mailchimp. 

Our final notice to the complainant, which apparently formed the basis of the publication and was sent in mid-March, had the following wording in extracts and translated informally: 

"... We are referring to your data protection complaint against .... concerning the use of "Mailchimp". As a result of our intervention, the company has informed us that it had used Mailchimp twice to send newsletters. As a result of our intervention, the company has now informed us that it will no longer use Mailchimp with immediate effect.

The company also informed us that it had only transmitted email addresses to Mailchimp in the context of the above-mentioned use. It also mentioned that the recommendations of the European Data Protection Board on the so-called Supplementary Measures for transfers of personal data to third countries are not yet available in a final version, but are still subject to public consultation; this is correct

According to our assessment, the use of Mailchimp by .... in the two cases mentioned - and thus also the transfer of your email address to Mailchimp, which is the subject of your complaint - was unlawful under data protection law, because .... had not examined whether, in addition to the EU standard data protection clauses (which were used), "additional measures" within the meaning of the ECJ decision "Schrems II" (ECJ, judgment of 16.7. 2020, C-311/18) were necessary in order to make the transfer compliant with data protection requirements, and in the present case there were at least indications that Mailchimp may in principle be subject to data access by US intelligence services on the basis of the US legal provision FISA702 (50 U.S.C. § 1881) as a possible so-called Electronic Communications Service Provider and thus the transfer could only be lawful if such additional measures (if possible and sufficient to remediate the problem) were taken. “

We informed the company that, due to the above, the above-mentioned transfers of personal data to the U.S.- were  not lawful.

“The processing of your complaint is thus concluded. This letter constitutes the legally required information on the outcome of the processing of your complaint pursuant to Art. 77 (2) of the GDPR. "

This case is exemplary for our supervisory enforcement of the requirements of the ECJ decision, which, contrary to recurring criticism, has already been taken up with a high degree of intensity even without publicly perceived investigations or sanctions and has so far succeeded with above-average frequency in reaching agreement.

For more information, please contact the Bavarian DPA:

31.03.2021 Valentino Spataro

Four companies must stop using Google Analytics | IMY
DPF - Schrems III: dipende dal trattamento se ci sono ulteriori adempimenti
EDPB - trasferite i dati con gli USA con il DPF (e anche prima)
Schrems III e DPA Austria: valutare l'adeguatezza
Adequacy shield: 137 pagine per trasferire i dati negli USA con un ritorno ai vecchi tempi
125 Consenso o contratto - Schrems e la Corte Suprema chiedono alla CJEU
130 Disqus e la privacy secondo i norvegesi
Faq Cookie 007 Schrems II e l'informativa
200 Schrems con l'EDPB - Meta non puo' piu' profilare, nemmeno con il consenso

Segui le novità in materia di Schrems su via Telegram
oppure via email: (gratis Info privacy)

dallo store:
visita lo store

Dal 1999 il diritto di internet. I testi sono degli autori e di IusOnDemand srl p.iva 04446030969 - diritti riservati - Privacy - Cookie - Condizioni d'uso - in 0.072