Approximately one year before the General Data Protection Regulation will come fully into force, the Austrian legislature has officially started a six-week consultation process for the national Data Protection Amendment Act 2018. If and to what extent the legislature will make use of the competencies provided for by the 'opening clauses' in the General Data Protection Regulation is highly relevant to companies, and the amendment act has answered this question.
It is common knowledge that the European Court of Justice (ECJ) has found the EU Data Retention Directive to be invalid. However, the spotlight should be on the ECJ's considerations on data security, as these may have an impact beyond the case that triggered the ruling, potentially influencing the privacy aspects of international data transfers as they are known today.
The European Court of Justice (ECJ) recently declared the EU Data Retention Directive, which has been the subject of much debate, invalid. The ECJ held that the directive interferes with the fundamental rights to respect for private life and the protection of personal data. If this decision reflects the ECJ's general stance on the matter, it will have an impact that goes far beyond telecommunications data retention considerations.
The European Commission recently published a new regulation on the measures applicable to the notification of personal data breaches under the EU Directive on Privacy and Electronic Communications. When the regulation enters into force, national rules that are in contradiction to European law must cease to apply. This raises some substantial questions with regard to the application of the Austrian Telecommunications Act.