Austrian Data Protection Authority – Court Ruling (Austria, 2023)

The controller, the Public Employment Service in Austria, supports workers in (re)integrating into the labour market by offering various services, including a counsellor that discusses labour market opportunities with the jobseeker. In order to assess the jobseeker’s labour opportunities on the market, the controller used an algorithm to calculate the degree of probability for jobseekers to be employed for a certain number of days, based on: (1) age group, (2) gender, (3) country group, (4) education, (5) health impairment, (6) care responsibilities, (7) occupational group, (8) career history and (9) the regional labour market situation and the duration of cases at the controller. The algorithm did not include motivation, self-help potential of the jobseeker, addiction, debt or housing situation. Based on this, the algorithm divided jobseekers into the following three groups: (1) Service jobseekers with high labour market opportunities, (2) Care jobseekers with low labour market opportunities, (3) Consultancy jobseekers with medium labour market opportunities. The result was used as a starting point for counsellors to work with jobseekers to assess their potential and any obstacles in the labour market integration. The algorithm itself was not used for job placement, but only for targeted support and assistance, meaning, choosing the right support strategy based on which group the jobseeker was assigned to. The controller claimed it had a legal basis under Austrian national law (the Arbeitsmarktservicegezetz, AMSG) to process data with the help of an algorithm. Under Article 4(4) GDPR, this processing of data is considered profiling. According to Austrian data protection law (see [https://www.ris.bka.gv.at/eli/bgbl/i/1999/165/A1P1/NOR40139563 Article 1 §2 DSG]), processing for the performance of a public task needs to be authorised in Asutrian law. However, the DPA found that a legal basis for this processing could not be found in the AMSG. The