Federal Minister of Finances – Violation Found (Austria, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Austria's Datenschutzbehörde found that the Federal Minister of Finances acted within the scope of GDPR when handling a politician's personal data during a corruption inquiry. Although the Minister claimed he was acting on behalf of the legislative branch, the DPA asserted its authority to review the Minister's actions. This decision clarifies the DPA's role in overseeing executive branch activities under GDPR.
What happened
The Federal Minister of Finances was found to be acting within the scope of GDPR when handling personal data during a corruption inquiry.
Who was affected
An Austrian politician whose personal data was involved in a corruption inquiry.
What the authority found
The DPA determined that the Federal Minister of Finances was subject to GDPR oversight, rejecting his claim of solely acting on behalf of the legislative branch.
Why this matters
This case highlights the DPA's authority to review executive actions under GDPR, even when those actions are related to legislative inquiries. It underscores the importance of understanding GDPR's reach across different government branches.
GDPR Articles Cited
On 16 December 2021, the corruption inquiry committee ordered the Minister of Finances as a controller to disclose information regarding potential criminal financial proceedings initiated against an Austrian politician, as data subject. On 24 January 2022, in an attempt to prevent such disclosure from happening, the data subject requested the Austrian DPA to issue a ban on the processing pursuant to Article 58(2)(f) GDPR. The data subject stated that the issue therein lay not in the transmission of information itself, but rather in the inquiry’s lack of confidentiality, citing past leaks to the media. Moreover, the data subject noted an absence of a legal basis for the processing of his personal data, claiming that this would constitute a violation against Article 5 GDPR and Article 6 GDPR. The Federal Minister of Finances denied the competence of the DPA, relying on recent decisions stating that the GDPR does not cover core legislative activities as provided for in Article 2(2)(a) GDPR. He argued that in this case he did not act in his role as part of the executive branch, but rather on behalf of the legislative branch, acting as an auxiliary body thereof and being subject to submission to the parliament’s inquiry committee. Furthermore, the Federal Minister of Finances pointed out that the threat to confidentiality interests worthy of protection would arise only, if at all, in the sphere of the inquiry committee in parliament. The DPA denied the Federal Minister of Finances’ claim to function solely on behalf of the legislative branch, as he is not obliged to submit to the inquiry commission in every case and thus retains his function as an organ of the executive branch. As a consequence, the DPA asserted to have the general competence of reviewing the actions of the Federal Minister of Finances under the GDPR. However, the DPA nevertheless rejected the data subject’s request, stating that its role is limited to ex-post control. The DPA held that ex-ante control
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Federal Minister of Finances in AT
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Federal Minister of Finances - Austria (2022). Retrieved from cookiefines.eu
Last updated: