fbpx

Download free GDPR compliance checklist!

Tag Archives for " Austria "

Austrian ministry could face GDPR penalty after publishing personal data online

Austrians’ personal data has been publicly accessible on the Ministry of Economy’s website since 2009. One could simply go to the website, enter a name in the search field and find a person’s address and date of birth, as well as the date of tax returns.

The liberal party NEOS and NGO epicenter.works call it the “biggest data protection scandal of the Second Republic.” NEOS is considering legal action and a GDPR expert thinks it could be successful.

Source: Austrian ministry could face GDPR penalty after publishing personal data online – EURACTIV.com

Austrian citizen files GDPR legal complaint against Google over Android Advertising ID

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that this data is illegally processed.

The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google’s Android operating system generates the advertising ID without user choice as required by GDPR.

Source: Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID • The Register

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Criminal proceedings against Österreichische Post

The Austrian data protection authority imposed an administrative fine of 18 million euros on Österreichische Post AG (Austian Postal Service) after conducting administrative fine proceedings.

Austrian DPA concluded taht Österreichische Post had violated the GDPR by processing personal data on the alleged political affinity of affected data subjects. In addition, another GDPR violation was the further processing of data on package frequency and the frequency of relocations for the purpose of direct marketing.

However, the penalty is not final, as it can be challenged before the Federal Administrative Court within four weeks after the delivery of the penalty notice.

Source: Criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service) | European Data Protection Board

Austrian Supreme Court Says GDPR Lawsuits Can Be Filed Throughout EU

The Austrian Supreme Court has ruled that complaints concerning the EU General Data Protection Regulation (GDPR) can be brought anywhere in the EU.

The decision overturned a ruling by a lower Austrian court which held that a privacy lawsuit against Facebook had to be brought in Ireland, where the company is headquartered.

Source: Austrian Supreme Court: GDPR Lawsuits Can Be Filed Throughout EU

Austrian Data Protection Authority finalises investigation into Österreichische Post AG

The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.

Specifically, the Austrian DPA is of the opinion that the Austrian Post processes special categories of personal data (political opinions) by attributing preferences for certain political parties to data subjects by using statistical calculation methods, without explicit consent given by the data subjects. Furthermore, it found, DPIA for this kind of processing and the record of processing activities were erroneous.

The Austrian DPA imposed an immediate ban on these processing operations, ordered the erasure of the data and ordered the Austrian Post to carry out a new DPIA and to rectify its record of processing.

Source: Austrian Data Protection Authority finalises investigation into Österreichische Post AG

Austrian DPA takes “result-oriented perspective” in data erasure decision

The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint.

In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored for marketing purposes and anonymising the remainder.

Full article: Austria: DSB takes “result-oriented perspective” in data erasure decision

Austria’s Post Office under fire over data sharing

Austria’s national post office found itself under fire Tuesday for collecting and selling information about customers’ political allegiances in what privacy campaigners say bears similarities to the Facebook data-sharing scandal.

According to the investigative journalism website Addendum, the Austrian Post sold the names, addresses, age and gender of around three million customers to other companies for targeted marketing purposes.

Source: Austria’s Post Office under fire over data sharing

Validity of consent coupled with free online services

The Austrian Data Protection Authority, headed by the chair of the European Data Protection Board (EDPB), provided a clear way forward for advertising-based business models.

Following a complaint against an Austrian newspaper, the Austrian Data Protection Authority decided that the prohibition on making the provision of a service conditional on consent (“coupling prohibition”; Article 7(4) GDPR) can effectively be circumvented by additionally offering a consent-free equivalent service for a reasonable remuneration.

Full article: Validity of consent coupled with free online services – Chair of EDPB opens a path

Austrian DPA Issues Decision on Validity of Cookie Consent Solution

On November 30, 2018, the Austrian Data Protection Authority published a decision in response to a complaint received from an individual regarding the cookie consent options offered on an Austrian newspaper’s website.

Full article: Austrian DPA Issues Decision on Validity of Cookie Consent Solution | Privacy & Information Security Law Blog

>