The Austrian data protection authority imposed a fine of 8 million euros on the grocer Rewe. The reason given for the penalty is violations of the GDPR in the customer loyalty program “jö Bonus Club,” which the authority identified. As a result, Rewe announced its intention to take legal action against the decision. Furthermore, it… […]
Health data of a kindergarten teacher
Following an incident in which a public institution was informed by an individual that a kindergarten teacher’s claim of being 50% disabled was not true, the DSB imposed a fine of 600 euros. As evidence of his testimony, the fined party submitted a court report that included health-related data on the subject. The data protection… […]
DSB-D124.024/0008-DSB/2019, Storage period of master data as defined in Art. 97 TKG 2003 by a mobile communications provider
In the decision dated February 11, 2020, the data protection authority had to deal with the question of how long a mobile communications provider may continue to provide services after the termination of aContract may retain master data. Master data is data that is required for the establishment, processing, modification or termination of a contract.of… […]
DSB-D213.1042 (2020-0.0.203.677), March 30, 2020 mandate notice – physician publishes patient data on Facebook.
It was brought to the attention of the data protection authority that a physician was “posting” personal health and patient data in the form of selected excerpts from patient letters, findings or other medical records/protocols on his personal Facebook page as well as on the official Facebook presence of the medical association in order to… […]
DSB-D123.768/0004-DSB/2019, Balancing the right to confidentiality and the right to freedom of expression.
In the decision of December 18, 2019, GZ: DSBD123.768/0004-DSB/2019, the data protection authority had to deal with a balancing of the right to confidentiality against the right to freedom of expression. The complainant belongs to a political party and is a city councilor of an Austrian municipality. In November, the municipality held a meeting on… […]
DSB-2020-0.251.582 (D124.1791), Unauthorized inspection of patient records.
In the decision of May 20, 2020, GZ: DSB-D2020-0.251.582 (D124.1791), the DSB had to deal with the accusation of unauthorized inspection of the patient file of a person concerned by an ordination assistant. In her complaint, the complainant first argued that she had received medical treatment from the respondent. Due to a missed doctor’s appointment,… […]
DSB-D124.720 2020-0.280.699, Violation in the right to secrecy: processing of a photo ID based on an exchange of money for the equivalent of 100 euro
In the decision of May 28, 2020 on GZ: DSB-D124.720 2020-0.280.699, the data protection authority had to deal with a complaint regarding the right to confidentiality (Section 1 of the Data Protection Act) and the Financial Market Money Laundering Act (FMGwG). The complainant wanted to have 100 euros changed into Turkish lira (TRY) at a… […]
Compensation for non-material damages after data protection breach
Because of the processing of data on the “party affinity” of thousands of Austrians by Österreichische Post AG (ÖPAG).a data subject had sued ÖPAG for damages pursuant to Art. 83 DSGVO in the amount of € 2,500 and had the court of first instance award him an amount ofof € 800,- was awarded (Landesgericht Feldkirch,… […]
DSB-2020-0.059.515 (D124.1579), disclosure of tenant data from property management company to subcontractor covered by statute
In the decision dated February 20, 2020, GZ: DSB-2020- 0.059.515(D124.1579), the DSB had to deal with the disclosure of a tenant’s name and telephone data by the property management company to a sub-service provider for conflict resolution. The complainant first notified the property management by telephone of the improper behavior of a tenant. One employeeof… […]