Posts tagged #GDPR
All PostsLimits for Abusive GDPR Requests
Data Privacy LawIn the case at hand, a person living in Austria had signed up for a German optician’s newsletter by entering personal information into the company’s online registration form. Several weeks later, the individual contacted the optician's shop to reques...
One-year deadline for data protection complaints
Data Privacy LawThe Austrian Administrative Court (Verwaltungsgerichtshof, hereinafter VwGH) reviewed whether the one-year deadline specified in Section 24(4) of the Austrian Data Protection Act (Datenschutzgesetz, hereinafter DSG) under national procedural law alig...
Austrian OGH: No Personalised Advertising Without Consent
Data Privacy LawThe Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) has ruled on the conditions under which the processing of Facebook users’ personal data for personalised advertising and third-party tracking is permissible, as set out in Article 15 ...
ECJ: Restrictions on Naming Athletes in Doping Cases
European LawAdvocate General Spielmann asserts that disclosing the names of athletes found in violation of anti-doping regulations does not inherently conform with European Union law. Information released following a doping incident In the initial proceedings, f...
German BGH Clarifies ‘Personal Data’ under Article 15 of the GDPR
Civil LawThe German Federal Court of Justice (Bundesgerichtshof, hereinafter BGH) considered whether premium history details—such as adjustments, tariff changes, and terminations—in private health insurance count as personal data. The case at hand involved a ...
Supreme Court: Automated credit checks
Data Privacy LawThe Supreme Court (OGH) had to decide whether the automated rejection of certain payment methods (invoice, partial payment) by a mail order company falls under Article 22(1) of the General Data Protection Regulation (GDPR) and whether this practice i...
CJEU: Disclosure of Personal Data by Public Authorities
European LawThe processing of personal data in the context of official documents frequently raises questions about the scope of the General Data Protection Regulation (GDPR). The CJEU once again had the opportunity to clarify the conditions and limits of lawful ...
Austrian VwGH on Tax Deductibility of Donations
Administrative LawAccording to Section 18(8)(1) of the Austrian Income Tax Act (Einkommenssteuergesetz, hereinafter EStG), donations are only eligible for tax deductions if the taxpayer’s personal data is disclosed to the recipient of the donation. Additionally, the r...
ECJ: Damages for Suspected Data Misuse?
Data Privacy LawStrengthening the rights of consumers, the European Court of Justice (ECJ) has once again ruled on non-material damage under the General Data Protection Regulation (GDPR). The plaintiffs in the original case were clients of a tax advisory firm and ha...
OGH on the Purpose of Data Protection Laws
Data Privacy LawThe Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) has clarified that the protective purpose of the Data Protection Act does not extend to the right to claim damages from the responsible party for a justified refusal to pay an insuran...
ECJ To Clarify Concept of Non-Material Damage under GDPR
European LawThe German Federal Court of Justice (Bundesgerichtshof, hereinafter BGH) has asked the European Court of Justice (ECJ) to answer questions on the right to an injunction under EU law and the concept of immaterial damage under the GDPR. The plaintiff w...
GER: No Compensation for Facebook Scraping Victims
Data Privacy LawFollowing the so-called Facebook scraping cases, there will be no compensation for Facebook users under the General Data Protection Regulation (GDPR). According to the Higher Regional Court of Hamm, Germany (hereinafter OLG), although there was a bre...
BVwG: No Obligation to Delete Minutes of ÖH Meetings
DatenschutzrechtThe Austrian Federal Administrative Court (Bundesverwaltungsgericht, hereinafter BVwG) has ruled that no right exists to the erasure of personal data from the minutes of meetings of a public body (in this case, the Austrian National Students Union, Ö...
BVwG: COVID-19 a Mitigating Circumstance in GDPR Violations
Data Privacy LawThe Austrian Federal Administrative Court (Bundesverwaltungsgericht, hereinafter BVwG) has considered the COVID-19 pandemic and the fear of contagion a mitigating factor in penalties imposed for violating applicable data protection regulations. In th...
OGH: Legal Protection Coverage for Data Breaches
Civil LawThe Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) has clarified that even non-material damages may be covered by a legal expenses insurance policy under the General Conditions for Legal Expenses Insurance 2017 (Allgemeine Bedingungen...
ECJ: The Right to ‘a Copy’ under GDPR
European LawThe European Court of Justice (ECJ) has clarified that under the right to information pursuant to Article 15 of the General Data Protection Regulation (GDPR), copies of entire documents may have to be provided. In the original case, the complainant h...
OGH on the Right of Access under Art 15 GDPR
Data Privacy LawThe Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) has clarified: The framework of Art 15 of the General Data Protection Regulation (hereinafter GDPR) includes the right to information as to whether personal data has been disclosed to...
OGH: Disclosing Data Recipients under GDPR
Data Privacy LawIn the case at hand, the Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) examined a consumer request concerning the disclosing of personal data to third parties. In 2019, the plaintiff had requested information from the defendant about...
OGH on Data Protection Notices
Data Privacy LawThe Austrian Supreme Court (Oberster Gerichtshof, hereinafter OGH) held in its decision from 23 November 2022 that a data protection notice taken note of by consumers in a contract’s General Terms and Conditions does not constitute a mere piece of in...
Irish Data Protection Imposes EUR 405m Fine on Instagram
Data Privacy LawIn a press release, the Irish Data Protection Commission DPC recently announced that social network Instagram will have to pay a fine of EUR 405 million for publishing personal data of minors in Ireland. The inquiry by the DPC involved the use of per...
Google Ignores ECJ: Complaint Filed with French Data Protection Authority
Data Privacy Lawnoyb.eu has filed a complaint against Google with the French data protection authority (CNIL). Google has repeatedly used its email platform Gmail to send unsolicited advertising emails without valid consent of the users. noyb (None of Your Business)...
OGH: Members of a cooperative have right of inspection under the GDPR
Civil LawArticle 6 of the General Data Protection Regulation (GDPR) regulates the facts that justify the processing of data, whereby several standards of permission exist side by side. All facts are equivalent and consent does not necessarily have to be fulfi...
OGH: Data processing in a teacher evaluation app is permissible after all
Öffentliches RechtIn this case, the Austrian Supreme Court (Oberster Gerichtshof, OGH) examined the question of prohibiting the processing of personal data in the course of evaluations of a teacher. The plaintiff is a teacher at an HTL (a Higher Technical Education In...
Data Protection Authority declares Google Analytics inadmissible
Public LawAs a consequence of the "Schrems II" ruling of the European Court of Justice (ECJ), the Data Protection Authority (DPA) has deemed the use of Google Analytics to be a violation of the General Data Protection Regulation (GDPR). Google Analytics is a p...
OLG Wien: Teacher evaluation app "Lernsieg" unlawful
Public Law Civil LawThe Vienna Higher Regional Court (Oberlandesgericht Wien, OLG) has declared the teacher evaluation app "Lernsieg" unlawful. Specifically, it objected to the fact that there are only inadequate measures to verify the authenticity of the raters. In the...
DPA on unauthorised inspection of electronic vaccination certificate
The Data Protection Authority (DPA) examined an allegation of unauthorised inspection of a data subject's electronic vaccination record by a doctor. The complainant, who is also the sister-in-law of the defendant, is an employee of the medical practi...
OGH to ECJ: Right to information: categories of recipients under GDPR
The Austrian Supreme Court (OGH) has referred a question to the European Court of Justice (ECJ) for a preliminary ruling regarding Art 15 (1) (c) of the General Data Protection Regulation (GDPR). The question is whether the data controller has the ri...
GDPR: major case of video surveillance at the workplace
The State Data Protection Commissioner (Landesbeauftrage für den Datenschutz, LfD) of Lower Saxony (Germany) imposed a fine of 10.4 million EUR because the company (notebooksbilliger.de) unlawfully monitored its employees by video over a period of at...
Data Protection Authority on disclosure of trade union data
In the course of an appeal, the Austrian Data Protection Authority had to deal with the right to confidentiality under Section 1 of the Data Protection Act (Datenschutzgesetz, DSG). In the present proceedings, the plaintiff was an employee of the def...
Efficient Legal Information 
Legal Jobs 
Innovative LegalTech Solutions