1) Judgments

Federal Court of Justice: Video Surveillance in the Kitchen-Diner

https://www.bundesgerichtshof.de/SharedDocs/Pressemitteilungen/DE/2026/2026029.html
The Federal Court of Justice is hearing a case regarding whether a daughter was permitted to secretly film her mother and mother-in-law in the kitchen.
The lawsuit challenges the secret video surveillance in a private residence, which may violate the GDPR.
The case raises fundamental questions regarding the tension between a homeowner’s rights and the personal rights of visitors.

Transport encryption is sufficient for emails

https://nrwe.justiz.nrw.de/ovgs/vg_duesseldorf/j2026/29_K_7351_23_Urteil_20260402.html
The Düsseldorf Administrative Court ruled that, in email communication with insurance companies, simple TLS encryption is generally sufficient and end-to-end encryption is not strictly required (Case No. 29 K 7351/23 dated April 2, 2026).
The court examined whether the level of protection required under Article 32 of the GDPR is maintained through transport encryption, even for sensitive data.
The decision provides clarity for companies regarding the selection of technical safeguards for email communications.

Legal Remedies for GDPR Damages

https://www.gesetze-bayern.de/Content/Document/Y-300-Z-BECKRS-B-2026-N-6267
In its decision of April 1, 2026, the Ansbach Administrative Court clarified issues regarding the legal remedy and jurisdiction for claims for damages under Article 82 of the GDPR (Case No. AN 14 K 26.1164).
The decision concerns the procedural classification of data protection damage claims.
The ruling provides guidance for data subjects in choosing the appropriate court.

2) Fines and government agencies

North Rhine-Westphalia Annual Data Protection Report 2025

https://www.ldi.nrw.de/31_Taetigkeitsbericht_LDI_NRW
The North Rhine-Westphalia Data Protection Authority has recorded a massive 60 percent increase in complaints and imposed a fine of EUR 300,000 on a telecommunications company.
The company sent personalized advertising letters to individuals who were unaware that their data was being processed and subsequently ignored their requests for information and deletion.
The authority cites increasing data processing and the use of AI-generated responses in search engines as the main reasons for the rise in complaints.

Hesse's Annual Data Protection Report Published

https://datenschutz.hessen.de/presse/hbdi-stellt-taetigkeitsberichte-fuer-das-jahr-2025-vor-bedeutung-des-datenschutzes-nimmt-zu
The Hessian Data Protection Commissioner notes that the importance of data protection continues to grow and also reports a rise in the number of complaints.
The increase in submissions reflects citizens’ growing awareness of data protection and indicates a greater need for guidance.
The report addresses key topics such as artificial intelligence, employee data protection, and the digitization of public administration.

Italy: €12.5 million fine imposed on Poste Italiane and Postepay

https://www.dsgvo-portal.de/bussgelder/dsgvo-bussgeld-gegen-poste-italiane-2026-04-20-IT-4995.php
https://www.gpdp.it/web/guest/home/docweb/-/docweb-display/docweb/10241568
The Italian Data Protection Authority imposed a fine of 12.5 million euros on Poste Italiane and Postepay for serious GDPR violations.
The violations include inadequate data security measures, insufficient information provided to data subjects, and a breach of accountability obligations regarding the processing of personal data.
Poste Italiane is Italy’s largest postal company and also offers financial services through Postepay, which means that particularly sensitive customer data is affected.

3) Laws and News

Use of AI by the Federal Criminal Police Office and the Federal Police

https://www.bild.de/politik/inland/kabinett-beschliesst-gesetz-dobrindt-laesst-jetzt-mit-ki-kriminelle-im-netz-jagen-69f1936e792e2c3e9d47d2b5#fromWall
https://www.tagesschau.de/inland/innenpolitik/digitale-ermittlungsbefugnisse-entwurf-faq-100.html
The Federal Cabinet has passed a law granting the Federal Criminal Police Office (BKA) and the Federal Police expanded AI powers to combat crime, including biometric facial recognition on the internet.
The AI is intended to automatically compare biometric photos of suspects with images from the internet and analyze large amounts of data from videos, texts, and images.
Data protection advocates and the opposition criticize potential infringements on fundamental rights and are calling for clear legal limits on the use of surveillance technology.

Musk vs. Altman: $100 Billion Lawsuit

https://t3n.de/news/musk-gegen-altman-jetzt-geht-der-streit-um-openai-vor-gericht-weiter-1739931/
Elon Musk is suing OpenAI and Sam Altman for $100 billion in damages for breach of contract and unjust enrichment.
Musk is demanding the repayment of “unlawful profits” to OpenAI, which was originally a non-profit organization.

Hairdresser secretly films 13-year-old

https://www.lto.de/recht/nachrichten/n/friseur-live-stream-heimlich-ermittlungen-persoenlichkeitsrecht
A hairdresser is under investigation for secretly filming a 13-year-old customer in his salon.
The case raises serious questions regarding privacy rights and the special protection of minors.
The secret recording could result in criminal charges.