Court case W298 2266986 -1/20E – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A judicial officer (data subject) of an Austrian prison was injured by a prisoner in 2021, following which he reported the offence and started legal proceedings against the prisoner. During the criminal investigations, the judge granted access to the files to the accused, which included personal data of the data subject, among others information about her injury, annual salary, marital status and contact details. These data had been provided to the judge by the employer of the data subject, the Federal Ministry of Justice, who joined the proceedings as a co-participating private party and was represented in this by a state attorney. According to the data subject the controller should not have disclosed such information about her and this constituted a violation of her right to privacy, hence she filed a complaint with the Austrian DPA ('DSB'). The state attorney, hereinafter the controller, submitted that the employer had suffered a financial damage as a consequence of the sick leave of the data subject and had to provide documents about her health status to prove the damage in accordance with Austrian Criminal Procedural law. The controller believed this to be compliant with Article 9 GDPR. The data subject instead claimed that the documents should have been redacted. On 11 November 2022, the DSB dismissed the complaint stating that its competence is limited to verifying whether the documents provided by the controller were appropriate to serve as evidence for the investigation, which it confirmed. The DSB claimed that it cannot rule on the content of the documents adduced by a representative of a public authority during a court procedure. The data subject appealed the decision before the Austrian Federal Administrative Court (Bundesverwaltungsgericht, BVwG) claiming that the controller provided more unredacted documents to the court than strictly necessary, thereby violating Article 5(1)(c) GDPR. The BVwG first of all considered that the DSB erred in assumi
GDPR Articles Cited
A judicial officer (data subject) of an Austrian prison was injured by a prisoner in 2021, following which he reported the offence and started legal proceedings against the prisoner. During the criminal investigations, the judge granted access to the files to the accused, which included personal data of the data subject, among others information about her injury, annual salary, marital status and contact details. These data had been provided to the judge by the employer of the data subject, the Federal Ministry of Justice, who joined the proceedings as a co-participating private party and was represented in this by a state attorney. According to the data subject the controller should not have disclosed such information about her and this constituted a violation of her right to privacy, hence she filed a complaint with the Austrian DPA ('DSB'). The state attorney, hereinafter the controller, submitted that the employer had suffered a financial damage as a consequence of the sick leave of the data subject and had to provide documents about her health status to prove the damage in accordance with Austrian Criminal Procedural law. The controller believed this to be compliant with Article 9 GDPR. The data subject instead claimed that the documents should have been redacted. On 11 November 2022, the DSB dismissed the complaint stating that its competence is limited to verifying whether the documents provided by the controller were appropriate to serve as evidence for the investigation, which it confirmed. The DSB claimed that it cannot rule on the content of the documents adduced by a representative of a public authority during a court procedure. The data subject appealed the decision before the Austrian Federal Administrative Court (Bundesverwaltungsgericht, BVwG) claiming that the controller provided more unredacted documents to the court than strictly necessary, thereby violating Article 5(1)(c) GDPR. The BVwG first of all considered that the DSB erred in assumi
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W298 2266986 -1/20E in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W298 2266986 -1/20E - Austria (2024). Retrieved from cookiefines.eu
Last updated: