Court case W298 2266986 -1/20E – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court case in Austria involved a judicial officer whose personal data was improperly shared during a criminal investigation. This case is significant because it raises concerns about privacy rights in legal proceedings.
What happened
A judicial officer's personal data was disclosed inappropriately during a criminal case against a prisoner.
Who was affected
The judicial officer whose personal information was revealed in court documents.
What the authority found
The court ruled that the data protection authority could not assess the appropriateness of the documents shared during the legal proceedings.
Why this matters
This case highlights the need for careful handling of personal data in legal contexts. It suggests that even in court, privacy rights must be considered, prompting a review of how personal information is managed during legal processes.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
A judicial officer (data subject) of an Austrian prison was injured by a prisoner in 2021, following which he reported the offence and started legal proceedings against the prisoner. During the criminal investigations, the judge granted access to the files to the accused, which included personal data of the data subject, among others information about her injury, annual salary, marital status and contact details. These data had been provided to the judge by the employer of the data subject, the Federal Ministry of Justice, who joined the proceedings as a co-participating private party and was represented in this by a state attorney. According to the data subject the controller should not have disclosed such information about her and this constituted a violation of her right to privacy, hence she filed a complaint with the Austrian DPA ('DSB'). The state attorney, hereinafter the controller, submitted that the employer had suffered a financial damage as a consequence of the sick leave of the data subject and had to provide documents about her health status to prove the damage in accordance with Austrian Criminal Procedural law. The controller believed this to be compliant with Article 9 GDPR. The data subject instead claimed that the documents should have been redacted. On 11 November 2022, the DSB dismissed the complaint stating that its competence is limited to verifying whether the documents provided by the controller were appropriate to serve as evidence for the investigation, which it confirmed. The DSB claimed that it cannot rule on the content of the documents adduced by a representative of a public authority during a court procedure. The data subject appealed the decision before the Austrian Federal Administrative Court (Bundesverwaltungsgericht, BVwG) claiming that the controller provided more unredacted documents to the court than strictly necessary, thereby violating Article 5(1)(c) GDPR. The BVwG first of all considered that the DSB erred in assumi
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W298 2266986 -1/20E in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W298 2266986 -1/20E - Austria (2024). Retrieved from cookiefines.eu
Last updated: