Court case 2R149/21a – Court Ruling (Austria, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court upheld a decision that a website owner must remove personal data from their site after publishing a document without redacting the claimant's details. The court ruled that the website owner violated the claimant's privacy rights by refusing to anonymize the data. This case underscores the importance of respecting privacy requests when publishing personal information online.
What happened
A website owner published a document containing personal data without redacting it, despite a request to do so.
Who was affected
The individual whose personal data was published on a private website without redaction.
What the authority found
The court ruled that the website owner violated privacy rights by not removing or redacting the personal data upon request.
Why this matters
This case highlights the responsibility of individuals and businesses to respect privacy requests and anonymize personal data when publishing documents online. It reinforces the need for careful handling of personal information to avoid legal issues.
GDPR Articles Cited
National Law Articles
A district authority had issued a decision allowing for hawks to be shot in a certain rural area. This decision contained certain personal data of the claimant. The respondent(a natural person) published this decision on their private website. The claimant asked the respondent to redact/anonymise the claimant's personal data on their website but the respondent refused. Consequently, the claimant filded a complaint with the Austrian Data Protection Authority (Datenschutzbehörde - DSB), represented by an attorney. The DSB upheld the complaint, held that the respondent had violated the claimant's data protection rights (remark: the exact GDPR violations are not specified in the judgment) and ordered the respondent to remove the claimant's personal data from their website. The respondent filed an appeal to the Federal Administrative Court (Bundesverwaltungsgericht - BVwG) which dismissed the appeal. The claimant filed a lawsuit, claiming the costs of their attorney under Article 82 GDPR. The claimant argued that the respondent had acted unlawfully and culpably, as they refused to redact/remove the personal data despite the claimant's explicit request. The first instance court upheld the claim and the respondent filed an appeal with the Higher Regional Court Linz (Oberlandesgericht Linz - OLG Linz). The OLG Linz dismissed the appeal. It noted that Article 57(3) GDPR only states that the performance of the tasks of each supervisory authority shall be free of charge for the data subject and, where applicable, for the data protection officer. Hence Article 57(3) GDPR does not forbid that a controller can be put under the obligation to pay/refund legal costs in connection with a complaint procedure under Article 77 GDPR. Furthermore, the EFTA Court in E-11/19 and E-12/19 only held that a data subject cannot incur costs in a proceeding where they have become a party to the case by virtue of a controller appealing against a supervisory authority’s decision. However it did no
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case 2R149/21a in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case 2R149/21a - Austria (2021). Retrieved from cookiefines.eu
Last updated: