IT Security

The Cologne Data Protection Law Conference, organised by Dr. Otto Schmidt Publishers, will take place on 18 and 19 June 2026. The event will focus on current developments relating to the GDPR, the AI Regulation, the Data Act, the Digital Omnibus Directive, class actions and digital sovereignty.

Cyberattacks are no longer merely a technical issue – they are a communication issue. Anyone who communicates incorrectly or too late during a crisis risks fines, liability and reputational damage. Our event, ‘Cyber Law and Communication’, brings together legal experts, technologists and PR professionals to demonstrate how companies can position themselves in a legally sound and professionally communicative manner – in Germany, the EU and Switzerland.

The "Schabowski" case of the OVG Münster is going to the Federal Administrative Court! The proceedings revolve around Günther Schabowski's famous speech at the press conference on 9 November 1989. Who did the Haus der Geschichte buy this note from? A journalist from the BILD newspaper sued the museum on the basis of the right to information under Article 5 of the German Constitution. The OVG Münster accepted such a claim, rejecting it and basing its decision on the grounds for refusal of the IFG and Art. 86 GDPR. The Haus der Geschichte is now appealing. From minute (20:39), Dr Stefan Brink and Prof Niko Härting talk about the resolution paper of the Data Protection Conference on the P20 Data House, a federal-state project on the IT infrastructure of the police. The paper criticises in particular the lack of a legal basis for the planned IT architecture. Finally, from minute 30:13 onwards, the AI tool Microsoft Copilot is discussed. Copilot is not actually allowed to access files labelled as confidential; however, such access did take place. Stefan and Niko shed light on the consequences under data protection law and finally land on the keyword of digital sovereignty.

With a new cybersecurity package (Cybersecurity Act 2), Brussels wants to take cybersecurity in the EU to a new level: mandatory certifications, stricter supervision and a stronger ENISA are intended to make the digital single market resilient to current and future threats. The requirements for companies under the NIS 2 Directive are also under review.

The Digital Services Act passed last year is already relevant for so called "very large online platforms and search engines" since 25 August 2023. These services already need to comply with all new obligations under the act.

According to the parliamentary initiative of the Green Group of 15 June 2023, the nDSG should be amended in Art. 21bis nDSG.

After more than 15 years, the Canton of Zurich is undergoing a total revision of its law on information and data protection (IDG).

The European Union (EU) has recently adopted regulations in the digital field and is actively working on new ones. From the Digital Services Act (DSA) and Digital Markets Act (DMA) to the AI Act, freshly passed by the Parliament, important changes in the EU area are on the horizon.

In just under two months, the completely revised version of the FADP will enter into force, which will provide the federal data protection supervisory authority in particular with new instruments so that the FDPIC can intensify its supervisory activities.