Court case W176 2295345-1 – Court Ruling (Austria, 2024)

On the 20 April 2024, the Austrian DPA (Datenschutzbehörde – DSB) received a complaint filed against the operator of a tobacco shop (the controller). The controller had installed CCTV cameras in front of their shop but did not put up an appropriate notice. Additionally, the controller had screenshotted a woman who hadn’t cleaned up after her dog, printed out the screenshot and stuck it to the window next to the entrance of his tobacco shop. The DSB found that the cameras did not just monitor the entrance to the tobacco shop but also the entrance to an apartment building, the footpath the leading up to it and partly the nearby tram stop. The controller argued that tobacco shops are subject to higher risk of danger. Further, the CCTVs use had already been justified through enabling a vandal to be identified. The monitored public area had been kept to a minimum and the recordings were only stored for a maximum of 24 hours. In response to the printed out picture of the woman, the controller stated that he had put a sticker over her face and that the woman herself had most likely removed the sticker. The controller also brought forward that based on training given by the Office of Criminal Investigation of Lower Austria (Landeskriminalamt Niederösterreich - LKA), he genuinely believed that the pictograms sufficed as an information notice. The DSB held that the controller had violated Article 5(1) (a)(b)&(c) GDPR, Article 6(1)(f) GDPR and Article 13 GDPR and issued a €1,500 fine. The controller appealed the decision to the Federal Administrative Court of Austria (Bundesverwaltungsgericht – BVwG). He stated that thieves and criminals constantly threatened his shop and that he had to fear for his life. He disclosed that roughly a month before the appeal a bomb attack on his shop had been carried out, causing five-digit damage. The DSB requested the controller’s claim to be rejected. The BVwG held that the controller did have a legitimate interest in installing the C