Court case W252 2246883-1 – Court Ruling (Austria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian court ruled that a complaint about a manager using an employee's work email for personal matters was filed too late. The court said that while there's no specific deadline under GDPR to file complaints, Austria's one-year limit is fair and necessary. This decision highlights the importance of timely filing complaints about privacy issues.
What happened
An employee's complaint about personal emails sent to their work address was dismissed for being filed too late.
Who was affected
The employee who received personal communications through their work email address.
What the authority found
The court ruled that Austria's one-year deadline for filing privacy complaints is valid, even though GDPR itself doesn't set a specific time limit.
Why this matters
This case underscores the need for individuals to act quickly when they believe their privacy rights are violated. It also shows that national laws can set their own time limits for complaints, as long as they are fair and practical.
GDPR Articles Cited
The data subject was an employee of the controller. The data subject claimed that a manager addressed them through their official email address, even if the communication concerned personal issues unrelated to work. Thus, the data subject filed a complaint with the Austrian DPA. The Austrian DPA dismissed the complaint because it was lodged after more than 1 year after the data subject became aware of the alleged infringement. The data subject appealed this decision before the Austrian Federal Administrative Court (Bundesverwaltungsgericht – BVwG) for violation of Article 77 GDPR. The court clarified that Article 77 GDPR, providing for the right to lodge a complaint with the competent DPA, does not establish any deadline for the exercise of such a right. However, the activity of the DPAs is regulated by national procedural law within the limits of Article 58(4) GDPR. In lack of a regulation addressing the matter, specific rules governing procedures before the DPAs are subject to the principle of procedural autonomy of the Member States. The only limits to such a broad discretion of the Member States are the principle of equivalence – according to which procedural guarantees concerning European rights cannot be lower than guarantees set forth in the context of merely national rights – and the principle of effectiveness, which states that the exercise of European rights shall not be made impossible or excessively difficult in practice. In the present case, the court pointed out how that the 1-year limitation period applied both to GDPR-related complaints and complaints which were exclusively based on national law. Therefore, the protection offered by the Austrian legislator respected the principle of equivalence. Moreover, the introduction of such a deadline was considered necessary by the legislator, as the assessment of excessively old data protection violations would be in practice very difficult, if not impossible. In light of the above, the court rejected the
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W252 2246883-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W252 2246883-1 - Austria (2023). Retrieved from cookiefines.eu
Last updated: