Complainant: unnkown GmbH (limited company), pharma trade – Dismissed (Austria, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian company complained that its data was mishandled during an audit by the Federal Office for Safety in Health Care. The Austrian Data Protection Authority dismissed the complaint, affirming that legal entities can file data protection complaints. This case clarifies that companies have the right to data protection under Austrian law.
What happened
An Austrian company claimed its data was mishandled during an audit by a government office.
Who was affected
The company involved in the audit process.
What the authority found
The authority confirmed that legal entities have the right to data protection and can lodge complaints, but found no mishandling of data.
Why this matters
This ruling clarifies that companies, not just individuals, have data protection rights under Austrian law, setting a precedent for future cases involving legal entities.
GDPR Articles Cited
National Law Articles
Entities Involved
The complainant (hereinafter the "company") is a limited company under Austrian law conducting business as pharmacy wholesale. It was subject to an audit of the Bundesamt für Sicherheit im Gesundheitswesen (hereinafter "BASG"), the Austrian Federal Office for Safety in Health Care. In the course of this audit, the BASG processed personal data of the company. The company lodged a complaint with the DSB, claiming that the BASG had violated the company's right to confidentiality of personal data pursuant to §1(1) DSG by unlawfully collecting, processing, disclosing and failing to delete the company's personal data ex officio. The BASG contested the company's entitlement to lodge a complaint with the DSB, as the company was not a natural person. Further, the BASG contested to have violated any data protection rights, mainly because under Austrian Law the BASG was under a legal obligation to process the data in connection with the audit. *Does §1 DSG apply to legal persons? *If so, do the provisions of the DSG, which deal with the procedure before the DSB, also apply to legal persons? The DSB held that at a legal person has the constitutional right to data protection under § 1 DSG (Austrian Data Protection Act) and is entitled to lodge a complaint before the DSB if these rights are violated. The DSB further held that the procedural provisions of the DSG - which deal with the procedure before the DSB - also apply regarding data protection complaints lodged by legal persons. The DSB reasoned as follows: *§1 DSG has a wider scope of applicability than Article 8 GRC (the latter only protects natural persons). *As Article 16(2) TFEU leaves it to member states to grant data protection rights to legal persons as well as long as this does compromise the level of protection of the GRC, nor the primacy, unity and effectiveness of Union law. *The provisions of the DSG - which deal with the procedure before the DSB - must also apply on legal persons because the Austrian legisla
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for Complainant: unnkown GmbH (limited company), pharma trade in AT
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Complainant: unnkown GmbH (limited company), pharma trade - Austria (2020). Retrieved from cookiefines.eu
Last updated: