Österreichische Post AG – Court Ruling (Austria, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Österreichische Post AG failed to respond to a person's request for access to their personal data within the required timeframe. This matters because it highlights the importance of timely responses to data requests, which can affect a person's ability to access their information.
What happened
The Austrian Post did not answer a person's access request within one month as required by law.
Who was affected
A person who requested access to their personal data from Österreichische Post AG.
What the authority found
The court found that the Austrian Post did not violate any data protection rules in this case.
Why this matters
This case emphasizes the need for companies to handle data requests promptly. It also shows that delays can lead to confusion about rights under data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
In 2019, the data subject submitted an access request under Article 15 to the Austrian Post. The Austrian Post replied to the data subject stating that due to the high number of inquiries in connection of media coverage that they have, complainant within three months as opposed to one month. The data subject replied stating that their request was not complicated, and that they would like to have an answer within one month. No answer was provided to the data subject within the one-month time frame. The data subject then submitted a complaint to the Austrian Data Protection Authority (DSB), in which he stated that (1) he had not received an answer to his Article 15 request from the Post within a one-month, and (2) the information received from his Article 13 request was partially incorrect. The DSB replied stating that they could not yet ascertain whether a subjective right had been violated, given that the three-month period had not expired yet. The DSB told the complainant that they could informally withdraw the complaint within two weeks, or expect a rejection. The complainant replied to the DSB stating that their complaint should remain valid because the information provided by the Post had also been incorrect (Article 13 GDPR). However, the DSB rejected this reasoning, stating that the suggested infringement of Article 13 was to be treated separately in scope to the suggested infringement of Article 15, and that a new complaint should therefore be submitted. Moreover, the DSB stated that The data subject complained about the DSB’s legal assessment, stating that their legal assessment was incorrect and that they had violated essential procedural rules. The data subject claimed that the three-month deadline should only be used in exceptional cases, and that the DSB had erred in assessing that this instance was one such case. The data subject claimed that the DSB had infringed his rights by causing a delay in his ability to exercise his rights. The data protectio
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (4)
Other cases involving Österreichische Post AG in AT
Court Ruling
Details
About this data
Cite as: Cookie Fines. Österreichische Post AG - Austria (2020). Retrieved from cookiefines.eu
Last updated: