The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.
Specifically, the Austrian DPA is of the opinion that the Austrian Post processes special categories of personal data (political opinions) by attributing preferences for certain political parties to data subjects by using statistical calculation methods, without explicit consent given by the data subjects. Furthermore, it found, DPIA for this kind of processing and the record of processing activities were erroneous.
The Austrian DPA imposed an immediate ban on these processing operations, ordered the erasure of the data and ordered the Austrian Post to carry out a new DPIA and to rectify its record of processing.
Source: Austrian Data Protection Authority finalises investigation into Österreichische Post AG