fbpx

Download free GDPR compliance checklist!

Tag Archives for " Austria "

“Party affinity” data may not be processed without the consent, Austrian court rules

The Federal Administrative Court of Austria confirmed by its decision of 26 November 2020 the stance of the Austrian Data Protection Authority (“Datenschutzbehörde“) that so-called “party affinity” data may not be processed without the data subject’s consent.

Most importantly, the Court clarified that data about an individual fall within the scope of “personal data” even if they only reflect probable and not actual characteristics of individuals. This judgement is one of the few judicial decisions rendered in recent years which establish that the concept of personal data includes more than facts about an individual.

Source: Austria: Probabilities as personal data | BDK Advokati

Austrian ministry could face GDPR penalty after publishing personal data online

Austrians’ personal data has been publicly accessible on the Ministry of Economy’s website since 2009. One could simply go to the website, enter a name in the search field and find a person’s address and date of birth, as well as the date of tax returns.

The liberal party NEOS and NGO epicenter.works call it the “biggest data protection scandal of the Second Republic.” NEOS is considering legal action and a GDPR expert thinks it could be successful.

Source: Austrian ministry could face GDPR penalty after publishing personal data online – EURACTIV.com

Austrian citizen files GDPR legal complaint against Google over Android Advertising ID

Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that this data is illegally processed.

The complaint against Google, which was filed with the Austrian Data Protection Authority, is based on the claim that Google’s Android operating system generates the advertising ID without user choice as required by GDPR.

Source: Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID • The Register

€114 Million in Fines Imposed by EU Authorities Under GDPR

New findings from DLA Piper show that 160,000 data breach notifications reported across 28 European Union Member States and data protection authorities have imposed €114 million in monetary fines under the GDPR for a wide range of infringements. Not all fines were related to data breach infringements, however.

In terms of the total value of fines issued by geographical region, France (€51m), Germany (€24.5m) and Austria (€18m) topped the rankings, whilst the Netherlands (40,647), Germany (37,636) and the UK (22,181) had the highest number of data breaches notified to regulators.

Source: €114m in Fines Imposed by Euro Authorities Under GDPR – Infosecurity Magazine

Criminal proceedings against Österreichische Post

The Austrian data protection authority imposed an administrative fine of 18 million euros on Österreichische Post AG (Austian Postal Service) after conducting administrative fine proceedings.

Austrian DPA concluded taht Österreichische Post had violated the GDPR by processing personal data on the alleged political affinity of affected data subjects. In addition, another GDPR violation was the further processing of data on package frequency and the frequency of relocations for the purpose of direct marketing.

However, the penalty is not final, as it can be challenged before the Federal Administrative Court within four weeks after the delivery of the penalty notice.

Source: Criminal proceedings of the Austrian data protection authority against Österreichische Post AG (Austrian Postal Service) | European Data Protection Board

Austrian Supreme Court Says GDPR Lawsuits Can Be Filed Throughout EU

The Austrian Supreme Court has ruled that complaints concerning the EU General Data Protection Regulation (GDPR) can be brought anywhere in the EU.

The decision overturned a ruling by a lower Austrian court which held that a privacy lawsuit against Facebook had to be brought in Ireland, where the company is headquartered.

Source: Austrian Supreme Court: GDPR Lawsuits Can Be Filed Throughout EU

Austrian Data Protection Authority finalises investigation into Österreichische Post AG

The Austrian Data Protection Authority has finalised its investigation into the Austrian Post (Österreichische Post AG) and issued a decision stating the Austrian Post has violated several provisions of the GDPR.

Specifically, the Austrian DPA is of the opinion that the Austrian Post processes special categories of personal data (political opinions) by attributing preferences for certain political parties to data subjects by using statistical calculation methods, without explicit consent given by the data subjects. Furthermore, it found, DPIA for this kind of processing and the record of processing activities were erroneous.

The Austrian DPA imposed an immediate ban on these processing operations, ordered the erasure of the data and ordered the Austrian Post to carry out a new DPIA and to rectify its record of processing.

Source: Austrian Data Protection Authority finalises investigation into Österreichische Post AG

Austrian DPA takes “result-oriented perspective” in data erasure decision

The Austrian data protection authority (‘DSB’) published, on 30 January 2019, its decision, dated 5 December 2018, on the right to data erasure, further to an individual’s complaint.

In particular, the DSB highlighted that the complainant had alleged that an unnamed insurance company had infringed his right to data erasure by only deleting data stored for marketing purposes and anonymising the remainder.

Full article: Austria: DSB takes “result-oriented perspective” in data erasure decision

Austria’s Post Office under fire over data sharing

Austria’s national post office found itself under fire Tuesday for collecting and selling information about customers’ political allegiances in what privacy campaigners say bears similarities to the Facebook data-sharing scandal.

According to the investigative journalism website Addendum, the Austrian Post sold the names, addresses, age and gender of around three million customers to other companies for targeted marketing purposes.

Source: Austria’s Post Office under fire over data sharing

Validity of consent coupled with free online services

The Austrian Data Protection Authority, headed by the chair of the European Data Protection Board (EDPB), provided a clear way forward for advertising-based business models.

Following a complaint against an Austrian newspaper, the Austrian Data Protection Authority decided that the prohibition on making the provision of a service conditional on consent (“coupling prohibition”; Article 7(4) GDPR) can effectively be circumvented by additionally offering a consent-free equivalent service for a reasonable remuneration.

Full article: Validity of consent coupled with free online services – Chair of EDPB opens a path

>