Arbeitsmarktservice Österreich – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Austria's Federal Administrative Court ruled that the Austrian unemployment office kept personal data longer than allowed. They found that the office violated data protection rules by retaining information from the 1990s beyond the seven-year limit. This case highlights the importance of properly managing how long personal data is stored.
What happened
The Austrian unemployment office retained personal data from a user’s unemployment history dating back to 1992-1994.
Who was affected
The person who received unemployment payments and had their historical data retained by the Austrian unemployment office.
What the authority found
The court decided that the unemployment office unlawfully processed personal data by keeping it longer than permitted under data protection rules.
Why this matters
This ruling emphasizes that organizations must adhere to strict data retention limits. Businesses should regularly review their data storage practices to ensure compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 25 November 2019, the data subject filed a complaint with the Austrian DPA (Datenschutzbehörde – DSB) against the controller, the Austrian unemployment office (“Arbeitsmarktservice Österreich”). The data subject received unemployment payments through the controller which is a body that helps people find employment. The controller had retained data on the data subject’s transactions relating to their unemployment between 1992 and 1994. Between 1992 and 1994, the data subject had received unemployment payments and emergency aid payments. When on the 16 November 2019 the data subject again wanted to apply for unemployment payments, his account included pre-saved information on him. It included the data subject’s address and family status as well as information on transactions between 1992 and 1994. The DSB rejected the complaint on 3 February 2021, as it considered the processing of the data to be necessary for the execution of the controller’s current obligations. The data subject appealed this decision to the Federal Administrative Court (Bundesverwaltungsgericht BVwG) which accepted that the processing was unlawful but rejected the claim in relation to the right to erasure. The BVwG reasoned that an Austrian law governing the actions of the controller ([https://www.jusline.at/gesetz/amsg/paragraf/25 §25 Abs. 9 Arbeitsmarktservicegesetz – AMSG]) set out a clear limit of seven years for the retention of this kind of data (as defined in paragraph 25(1) AMSG). When the data is needed after the seven year period, the data could be requested from social insurance agencies. Therefore, the BVwG concluded that the processing had been in violation of Article 5(1)(e) GDPR since 2018. In relation to the erasure of the data, the BVwG held that the data from 1992-1994 is needed for the current unemployment payments therefore it rejected the argument that the data subject's right to erasure had been violated under Article 17 GDPR. Both the data subject and the controller ap
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Arbeitsmarktservice Österreich in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Arbeitsmarktservice Österreich - Austria (2024). Retrieved from cookiefines.eu
Last updated: