Court case W256 2248861-1/8E – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A court ruled that a lawyer improperly shared explicit video content of a woman without her consent. The woman claimed her privacy was violated when the lawyer sent the material unsecured via email. This case underlines the need for secure handling of sensitive data and clear consent from individuals.
What happened
A lawyer sent explicit video material of a woman to her ex-partner without her consent, using an unsecured email.
Who was affected
The woman whose explicit video content was shared without her permission.
What the authority found
The Austrian Data Protection Authority ruled that the lawyer acted within a legitimate interest but did not adequately protect the woman's sensitive data.
Why this matters
This ruling highlights the importance of secure data transmission and obtaining clear consent when handling sensitive information, especially in legal contexts.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject filed a complaint on the 25 March 2021 against the controller, her former partner’s lawyer, with the Austrian DPA (DSB). The data subject alleged that the controller had violated her right to privacy under [https://www.jusline.at/gesetz/dsg/paragraf/artikel1zu1 paragraph 1(1) of the Austrian Data Protection Act (Datenschutzgesetz – DSG]). Since 2020, the controller and the data subject’s lawyer have been engaged in settling the divorce proceedings. The data subject’s former partner demonstrated detailed knowledge of the data subject’s extramarital affair which made her conclude that he may still have access to the video surveillance cameras in her home. The data subject’s lawyer therefore requested the controller to submit the recorded video material through a data carrier. The controller responded to this request by sending an unsecured zip file in an email containing 41 files showing the data subject engaging in explicit actions. In her complaint, the data subject argued primarily that she did not expect the transmission of such explicit content and therefore had not consented to this processing of her data. Further, she argued that the unsecured transmission of the data via email as well as the disclosure of the material to employees of the controller was unnecessary. She further argued that the transmission of the highly sensitive data should have been carried out in person, directly by her ex-partner. The DSB held that the controller processed the data to give effect to a legitimate interest under Article 6(1)(f) GDPR and that under Article 32 GDPR a data subject is not entitled to select which security measures are implemented for the processing. The data subject appealed the decision to the Federal Administrative Court (Bundesverwaltungsgericht – BVwG). The court recalled, that the data subject had alleged only a breach of [https://www.jusline.at/gesetz/dsg/paragraf/artikel1zu1 paragraph 1(1) of the Austrian Data Protection Act (§1(1)
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W256 2248861-1/8E in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W256 2248861-1/8E - Austria (2024). Retrieved from cookiefines.eu
Last updated: