Austrian Data Protection Authority – Court Ruling (Austria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Austria's Public Employment Service used an algorithm to help jobseekers find work based on various factors like age and education. The court ruled that this approach was legal and did not violate any data protection rules. This decision is important for how public services can use data to assist individuals without breaching privacy laws.
What happened
The Public Employment Service in Austria used an algorithm to assess jobseekers' employment opportunities.
Who was affected
Jobseekers in Austria who received support from the Public Employment Service.
What the authority found
The court found that the algorithm used by the Public Employment Service had a valid legal basis under Austrian law.
Why this matters
This ruling shows that public service providers can use data-driven tools to help individuals without violating privacy rules. Other organizations should consider how they use algorithms while ensuring compliance with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The controller, the Public Employment Service in Austria, supports workers in (re)integrating into the labour market by offering various services, including a counsellor that discusses labour market opportunities with the jobseeker. In order to assess the jobseeker’s labour opportunities on the market, the controller used an algorithm to calculate the degree of probability for jobseekers to be employed for a certain number of days, based on: (1) age group, (2) gender, (3) country group, (4) education, (5) health impairment, (6) care responsibilities, (7) occupational group, (8) career history and (9) the regional labour market situation and the duration of cases at the controller. The algorithm did not include motivation, self-help potential of the jobseeker, addiction, debt or housing situation. Based on this, the algorithm divided jobseekers into the following three groups: (1) Service jobseekers with high labour market opportunities, (2) Care jobseekers with low labour market opportunities, (3) Consultancy jobseekers with medium labour market opportunities. The result was used as a starting point for counsellors to work with jobseekers to assess their potential and any obstacles in the labour market integration. The algorithm itself was not used for job placement, but only for targeted support and assistance, meaning, choosing the right support strategy based on which group the jobseeker was assigned to. The controller claimed it had a legal basis under Austrian national law (the Arbeitsmarktservicegezetz, AMSG) to process data with the help of an algorithm. Under Article 4(4) GDPR, this processing of data is considered profiling. According to Austrian data protection law (see [https://www.ris.bka.gv.at/eli/bgbl/i/1999/165/A1P1/NOR40139563 Article 1 §2 DSG]), processing for the performance of a public task needs to be authorised in Asutrian law. However, the DPA found that a legal basis for this processing could not be found in the AMSG. The
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Austrian Data Protection Authority in AT
Details
About this data
Cite as: Cookie Fines. Austrian Data Protection Authority - Austria (2023). Retrieved from cookiefines.eu
Last updated: