unnknown data subject – Court Ruling (Austria, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court reviewed a case where a Facebook group admin shared private chat screenshots with someone else. The court found that the Austrian Data Protection Authority didn't fully investigate the facts and sent the case back for further review. This case highlights the importance of thorough investigations in privacy complaints.
What happened
A Facebook group admin shared private chat screenshots with the data subject's ex-boyfriend.
Who was affected
The person whose private chat messages were shared without consent.
What the authority found
The court ordered the Austrian Data Protection Authority to reassess the case, focusing on whether the household exemption under GDPR applies.
Why this matters
This case emphasizes the need for authorities to conduct detailed investigations in privacy disputes, especially when personal data is shared in private settings. It also highlights the potential application of GDPR exemptions for personal activities.
GDPR Articles Cited
National Law Articles
Both data subject and (alleged) controller are natural persons using Facebook. The controller is the admin of several Facebook groups and the data subject had joined one of these groups that dealt with "stress coping". The data subject and the controller engaged in a chat on Facebook, which the controller took screenshots of and disclosed them to the ex-boyfriend of the data subject. For these reasons, the data subject filed a complaint with the Austrian Data Protection Authority (Datenschutzbehörde - DSB) which, in turns, argued that the GDPR did not apply because the relevant online-activities have not been publicly visible. The DSB interrogated the ex-boyfriend as a witness and then upheld the complaint. It held that the data disclosure violated the right to secrecy under § 1 Austrian Data Protection Act (Datenschutzgesetz - DSG). However, the DSB did not assess the case under the GDPR. The controller filed an appeal against this decision with the Federal Administrative Court. (Bundesverwaltungsgericht - BVwG). The BVwG did not issue a decision on the merits of the case but remitted it to the DSB, ordering it to properly establish the facts of the case by pointing out a variety of omissions and errors. For example, the BVwG held that the DSB failed to assess which personal data of the data subject have actually been disclosed to the witness (ex-boyfriend of the data subject alleged data recipient) and if the witness already had been in possession of these data before. Furthermore, the DSB had failed to address several relevant questions to the witness, ignored several statements of the controller and ambiguities in the data subject's submissions, failed to interrogate the data subject and did not explain its consideration of evidence. On a legal level, the BVwG held that the DSB failed to assess whether the household exemption under Article 2(2)(c) GDPR applied on the case, since the controller is a natural person and the data disclosed stems from a private cha
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for unnknown data subject in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. unnknown data subject - Austria (2021). Retrieved from cookiefines.eu
Last updated: