GDPR-Compliant Law Passed by Austrian Government

The Austrian Parliament seized the chance, made available by the GDPR’s opening clauses that give European Union member states the possibility to enact their local laws, to introduce the new Data Privacy Act that fine-tunes data privacy legal structures to comply with the General Data Protection Regulation (GDPR) which will become active on May 25, 2018.

This move strengthens the process of adapting the domestic legal framework to adhere with the new EU regulations. The Act took care of the multiple suggestions received from the public. The Austrian Parliament passed the new Act without amending the constitutional provisions in the old data Privacy Act. Many provisions majorly changed from the draft law.

The current securing of legal persons’ data remains unchanged. This is because the basic right to data privacy is retained its present form.   The amendments are expected to be ready soon as since the October 15, 2017 parliamentary elections have already taken place with Sebastian Kurz likely to take leadership. The definitions in the right to data privacy in its present form are not clear and are subject to interpretation. Due to this, efforts must be made in the Parliament to introduce amendments to ensure the security of the personsal data.

Children aged 14 years and over will be legally permitted to give consent to the processing of their personal data. The act states that children aged at least 14 years old will not need the consent of legal guardians to approve processing of their personal data. This implies that legal guardians will only have a mandate to approve consent or confirm processing of personal data to minors aged 13 years and less.

Criminal convictions and offenses data will be processed if it is vital for genuine reasons and sought by the controller or a third party. Processing is also permitted if it arises from a legal duty to exercise due diligence. These will legally justify processing of personal data for the majority of the internal investigations.

GDPR provides several legal justifications for the processing personal data by media firms, their service suppliers or their staff when conducting their journalistic work. In the new Austrian Data Privacy Act, most of those grounds for justification will not apply in that state. However, the act brought in additional justifications for processing personal data for public benefits regarding scientific and historical research reasons, archiving and statistical reasons.

The draft law enhanced the independence of Data Privacy Authority of the highest executive powers such as President and Ministers. However, this provision was not enacted due to the failure to reach the 66% majority in the parliament. The same fate befell securing of manually processed data.

The Austrian Government is now waiting for further amendments, particularly in those areas that did not attain a  parliamentary super majority. Parliamentary leadership is now establised following the October 15, 2017 elections. Since the Act did not differ much from GDPR, it creates a stable data privacy regime that matches the European Union General Data Protection legislation.

Author: GDPR News