Natural person (complainant) – Court Ruling (Austria, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court ruled that a father couldn't file a data complaint on behalf of his son without the mother's consent. The court also found that sharing data between Austrian and Italian social security was necessary and not a breach. This case highlights the need for proper authorization in data complaints involving children.
What happened
A father filed a complaint about data sharing between Austrian and Italian social security without the mother's consent.
Who was affected
A father and his son, whose data was shared between social security administrations.
What the authority found
The court found the father lacked authority to file a complaint on behalf of his son and that the data sharing was necessary and lawful.
Why this matters
This case clarifies that parents need proper authorization to file data complaints for their children. It also confirms that data sharing between social security systems can be lawful when necessary for administrative purposes.
GDPR Articles Cited
The plaintiff, an Austrian resident, had asked the Austrian social security administration to inform him about the status of his son's insurance, a boy living under the care of his mother in Italy. After a survey of both the mother and child's social security administrations, the Austrian administration informed the plaintiff that his son was not entitled to Austrian social security, since the place of residence of the child was not Austria. Following this, the plaintiff lodged a complaint with the Austrian DPA (Datenschutzbehörde Österreichs), claiming that the confidentiality of both his and his son's personal data had been breached by the illicit transfer of said data from the Austrian to the Italian social security administration. However, the Austrian DPA dismissed the complaint, arguing, regarding the alleged breach of his son's personal data, that the plaintiff was not authorized to act on behalf of the child and, regarding the alleged breach of the plaintiff's own personal data, that the Austrian social security administration had to share the data with third parties, especially with the Italian social security, as part of the inquiry into the entitlement of the Austrian social security of the plaintiff's son. 1) Can a parent lodge a complaint with a DPA on behalf of their child when the other parent has not given their consent for that purpose? 2) Does the transfer of data from one European social security administration to another constitute a breach of confidentiality? The Federal Administrative Court started by confirming that the Austrian DPA was right to dismiss the part of the complaint lodged by the plaintiff on behalf of his son. Indeed, the plaintiff lacked power of representation in this regard and could not produce evidence of the mother's consent for a joint complaint. Beyond that, it was also shown that the mother alone - contrary to the sayings of the plaintiff - had the right of custody of the child. The Court then pointed out that dat
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Natural person (complainant) in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Natural person (complainant) - Austria (2020). Retrieved from cookiefines.eu
Last updated: