Court case W176 2295345-1 – Court Ruling (Austria, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
An Austrian tobacco shop operator faced a ruling for not properly informing customers about CCTV cameras. The court found that the operator violated privacy rules by failing to display appropriate notices and by publicly shaming a customer. This case shows that businesses need to be transparent about surveillance practices.
What happened
The operator installed CCTV cameras without proper notice and displayed a photo of a customer who did not clean up after their dog.
Who was affected
Customers and passersby in front of the tobacco shop who were monitored by the CCTV cameras.
What the authority found
The court ruled that the operator violated multiple GDPR articles by not providing adequate information about the surveillance.
Why this matters
This case highlights the need for businesses to clearly inform people about surveillance measures. It sets a precedent for how privacy laws apply to public monitoring.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On the 20 April 2024, the Austrian DPA (Datenschutzbehörde – DSB) received a complaint filed against the operator of a tobacco shop (the controller). The controller had installed CCTV cameras in front of their shop but did not put up an appropriate notice. Additionally, the controller had screenshotted a woman who hadn’t cleaned up after her dog, printed out the screenshot and stuck it to the window next to the entrance of his tobacco shop. The DSB found that the cameras did not just monitor the entrance to the tobacco shop but also the entrance to an apartment building, the footpath the leading up to it and partly the nearby tram stop. The controller argued that tobacco shops are subject to higher risk of danger. Further, the CCTVs use had already been justified through enabling a vandal to be identified. The monitored public area had been kept to a minimum and the recordings were only stored for a maximum of 24 hours. In response to the printed out picture of the woman, the controller stated that he had put a sticker over her face and that the woman herself had most likely removed the sticker. The controller also brought forward that based on training given by the Office of Criminal Investigation of Lower Austria (Landeskriminalamt Niederösterreich - LKA), he genuinely believed that the pictograms sufficed as an information notice. The DSB held that the controller had violated Article 5(1) (a)(b)&(c) GDPR, Article 6(1)(f) GDPR and Article 13 GDPR and issued a €1,500 fine. The controller appealed the decision to the Federal Administrative Court of Austria (Bundesverwaltungsgericht – BVwG). He stated that thieves and criminals constantly threatened his shop and that he had to fear for his life. He disclosed that roughly a month before the appeal a bomb attack on his shop had been carried out, causing five-digit damage. The DSB requested the controller’s claim to be rejected. The BVwG held that the controller did have a legitimate interest in installing the C
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (0)
No other cases found for Court case W176 2295345-1 in AT
This is the only recorded case for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Court case W176 2295345-1 - Austria (2024). Retrieved from cookiefines.eu
Last updated: