Arbeitsmarktservice Österreich – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
On 25 November 2019, the data subject filed a complaint with the Austrian DPA (Datenschutzbehörde – DSB) against the controller, the Austrian unemployment office (“Arbeitsmarktservice Österreich”). The data subject received unemployment payments through the controller which is a body that helps people find employment. The controller had retained data on the data subject’s transactions relating to their unemployment between 1992 and 1994. Between 1992 and 1994, the data subject had received unemployment payments and emergency aid payments. When on the 16 November 2019 the data subject again wanted to apply for unemployment payments, his account included pre-saved information on him. It included the data subject’s address and family status as well as information on transactions between 1992 and 1994. The DSB rejected the complaint on 3 February 2021, as it considered the processing of the data to be necessary for the execution of the controller’s current obligations. The data subject appealed this decision to the Federal Administrative Court (Bundesverwaltungsgericht BVwG) which accepted that the processing was unlawful but rejected the claim in relation to the right to erasure. The BVwG reasoned that an Austrian law governing the actions of the controller ([https://www.jusline.at/gesetz/amsg/paragraf/25 §25 Abs. 9 Arbeitsmarktservicegesetz – AMSG]) set out a clear limit of seven years for the retention of this kind of data (as defined in paragraph 25(1) AMSG). When the data is needed after the seven year period, the data could be requested from social insurance agencies. Therefore, the BVwG concluded that the processing had been in violation of Article 5(1)(e) GDPR since 2018. In relation to the erasure of the data, the BVwG held that the data from 1992-1994 is needed for the current unemployment payments therefore it rejected the argument that the data subject's right to erasure had been violated under Article 17 GDPR. Both the data subject and the controller ap
GDPR Articles Cited
National Law Articles
On 25 November 2019, the data subject filed a complaint with the Austrian DPA (Datenschutzbehörde – DSB) against the controller, the Austrian unemployment office (“Arbeitsmarktservice Österreich”). The data subject received unemployment payments through the controller which is a body that helps people find employment. The controller had retained data on the data subject’s transactions relating to their unemployment between 1992 and 1994. Between 1992 and 1994, the data subject had received unemployment payments and emergency aid payments. When on the 16 November 2019 the data subject again wanted to apply for unemployment payments, his account included pre-saved information on him. It included the data subject’s address and family status as well as information on transactions between 1992 and 1994. The DSB rejected the complaint on 3 February 2021, as it considered the processing of the data to be necessary for the execution of the controller’s current obligations. The data subject appealed this decision to the Federal Administrative Court (Bundesverwaltungsgericht BVwG) which accepted that the processing was unlawful but rejected the claim in relation to the right to erasure. The BVwG reasoned that an Austrian law governing the actions of the controller ([https://www.jusline.at/gesetz/amsg/paragraf/25 §25 Abs. 9 Arbeitsmarktservicegesetz – AMSG]) set out a clear limit of seven years for the retention of this kind of data (as defined in paragraph 25(1) AMSG). When the data is needed after the seven year period, the data could be requested from social insurance agencies. Therefore, the BVwG concluded that the processing had been in violation of Article 5(1)(e) GDPR since 2018. In relation to the erasure of the data, the BVwG held that the data from 1992-1994 is needed for the current unemployment payments therefore it rejected the argument that the data subject's right to erasure had been violated under Article 17 GDPR. Both the data subject and the controller ap
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Arbeitsmarktservice Österreich in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Arbeitsmarktservice Österreich - Austria (2024). Retrieved from cookiefines.eu
Last updated: