In its decision of July 7, 2021, the data protection authority dealt with e-mail newsletters that were sent by the liquidator to the customers of the acquired company without their consent after the acquisition of the company.
The respondent, a trading company, acquired assets of an insolvent company, including the good will and the customer base, from the liquidator. The respondent then sent e-mail newsletters to the complainant for direct marketing purposes.
First, the data protection authority stated that a violation of the TKG 2003 or the ePrivacy Directive would simultaneously constitute a violation of the right to confidentiality pursuant to Art. 1 Par. 1 DPA and also a breach of those provisions of the GDPR which do not impose any additional obligations on the controller within the meaning of Art. 95 DPA.
Since pursuant to § 107 para. 3 Z 1 TKG 2003, the sending of electronic mail is only lawful if the sender has received the contact information for the message in connection with a sale or service to its customers, and in the present case, due to the lack of universal succession, the complainant is not the respondent’s customer in this sense, the relief under Art. 107 Par. 3 TKG 2003 is not relevant.
As the acquirer of the company in the context of an asset deal, the respondent should therefore have obtained prior consent from the acquired customers to send them newsletters.
In addition, the data protection authority affirmed its jurisdiction in the present proceedings despite a previous UWG proceeding, as neither the subject matter of the proceedings nor the parties to the proceedings were identical. Therefore, the decision of the Graz Higher Regional Court was not binding on the decision of the data protection authority, which differed in its outcome.
The decision is not legally binding.