fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " Austria "

Austrian Supreme Court Says GDPR Lawsuits Can Be Filed Throughout EU

The Austrian Supreme Court has ruled that complaints concerning the EU General Data Protection Regulation (GDPR) can be brought anywhere in the EU.

The decision overturned a ruling by a lower Austrian court which held that a privacy lawsuit against Facebook had to be brought in Ireland, where the company is headquartered.

Source: Austrian Supreme Court: GDPR Lawsuits Can Be Filed Throughout EU

Austrian Data Protection Authority finalises investigation into Österreichische Post AG

The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.

Specifically, the Austrian DPA is of the opinion that the Austrian Post processes special categories of personal data (political opinions) by attributing preferences for certain political parties to data subjects by using statistical calculation methods, without explicit consent given by the data subjects. Furthermore, it found, DPIA for this kind of processing and the record of processing activities were erroneous.

The Austrian DPA imposed an immediate ban on these processing operations, ordered the erasure of the data and ordered the Austrian Post to carry out a new DPIA and to rectify its record of processing.

Source: Austrian Data Protection Authority finalises investigation into Österreichische Post AG

Austrian DPA takes “result-oriented perspective” in data erasure decision

The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint.

In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored for marketing purposes and anonymising the remainder.

Full article: Austria: DSB takes “result-oriented perspective” in data erasure decision

Austria’s Post Office under fire over data sharing

Austria’s national post office found itself under fire Tuesday for collecting and selling information about customers’ political allegiances in what privacy campaigners say bears similarities to the Facebook data-sharing scandal.

According to the investigative journalism website Addendum, the Austrian Post sold the names, addresses, age and gender of around three million customers to other companies for targeted marketing purposes.

Source: Austria’s Post Office under fire over data sharing

Validity of consent coupled with free online services

The Austrian Data Protection Authority, headed by the chair of the European Data Protection Board (EDPB), provided a clear way forward for advertising-based business models.

Following a complaint against an Austrian newspaper, the Austrian Data Protection Authority decided that the prohibition on making the provision of a service conditional on consent (“coupling prohibition”; Article 7(4) GDPR) can effectively be circumvented by additionally offering a consent-free equivalent service for a reasonable remuneration.

Full article: Validity of consent coupled with free online services – Chair of EDPB opens a path

Austrian DPA Issues Decision on Validity of Cookie Consent Solution

On November 30, 2018, the Austrian Data Protection Authority published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website.

Full article: Austrian DPA Issues Decision on Validity of Cookie Consent Solution | Privacy & Information Security Law Blog

Austria: “Cookie Walls / Paywalls” hybrids are permissible?

In a recent case, the Austrian Data Protection Authority (ADPA) decided for the first time on the permissibility of a consent for the use of cookies, as well as the concept of freely given consent under the GDPR.

The case involves the cookie consent on the website of an Austrian newspaper. In this decision, the ADPA has seen a hybrid cookie wall / paywall solution as permissible, but has failed to address several important issues potentially arising in such cases

Full article: Austria: “Cookie Walls / Paywalls” hybrids are permissible?

First GDPR fine issued by Austrian data protection regulator

Austrian Data Protection Authority (“DSB”) has issued a fine against an entrepreneur for violations of the GDPR. The entrepreneur had installed a CCTV camera in front of his establishment that also recorded a large part of the sidewalk. The DSB found this act to be in violation of the GDPR, as large-scale monitoring of public spaces is not permitted under the GDPR. Apparently the camera was also not sufficiently marked as conducting video surveillance, meaning that the applicable transparency obligations had not been fulfilled.

The amount of the fine, however, was quite moderate: EUR 4,800. According to the deputy director of the DSB, fines should be proportionate – e.g. a controller with an annual income of, for example, EUR 40,000 is unlikely to receive a EUR 20 million fine from the DSB.

Source: First GDPR fine issued by Austrian data protection regulator, Gernot Fritz

ePrivacy rapporteur furious over Austria’s limited ambition

The European Parliament’s lead rapporteur on the ePrivacy Regulation has responded with fury to the news that the Austrian presidency of the Council of the EU intends to produce no more than a status update on the law’s progress by the end of the year.

Source: ePrivacy rapporteur furious over Austria’s limited ambition

>