Approximately one year before the General Data Protection Regulation will come fully into force, the Austrian legislature has officially started a six-week consultation process for the national Data Protection Amendment Act 2018. If and to what extent the legislature will make use of the competencies provided for by the 'opening clauses' in the General Data Protection Regulation is highly relevant to companies, and the amendment act has answered this question.
A draft law amending the Federal Act against Unfair Competition 1984 and the Price Labelling Act was recently published for public consultation. The draft law intends to introduce a ban on most-favoured nation clauses in contracts between online travel agencies and hotel operators. Commercially, the draft law puts online travel agencies' business model at risk and may even deter innovation and investments beyond this niche industry.
The Austrian registry operator recently initiated the launch process for approximately 5,000 one and two-character domain names under the top-level domain (TLD) '.at'. Owners of trademarks consisting of one or two characters should consider requesting delegation of their short trademarks as domains under the '.at' TLD in order to use them or at least prevent unauthorised third parties from taking advantage of their marks.
Employers are increasingly keen to introduce a 'bring your own device' (BYOD) policy, which allows them to assign company device management to employees and, by doing so, save manpower and costs on device support and maintenance. However, there is a downside: BYOD involves allowing employees to access (sometimes sensitive) company data through their private devices.
The European Commission recently published a new regulation on the measures applicable to the notification of personal data breaches under the EU Directive on Privacy and Electronic Communications. When the regulation enters into force, national rules that are in contradiction to European law must cease to apply. This raises some substantial questions with regard to the application of the Austrian Telecommunications Act.
Mobile applications are convenient, entertaining, easy to handle, cheap and versatile. However, the processing of other people's personal data through an app triggers full responsibility under data protection laws. Users would thus be well advised to consider whether they would wish to have their own data processed in the same way before processing other people's data through an app.
The European Court of Justice (ECJ) recently ruled that the Austrian Data Protection Authority is not a sufficiently independent regulatory body and therefore is not in line with the respective requirements of the EU Data Protection Directive. In particular, the ECJ took offence at the fact that the day-to-day business of the authority is managed by a federal official.
Following European Commission proceedings against Austria for breaching EU law by failing to implement the EU Data Retention Directive, and a related European Court of Justice ruling against Austria, the government has now decided to implement the directive. The draft legislation implements the minimum requirements set out by the directive by providing for a retention period of only six months.
In early 2010 substantial revisions to the Data Protection Act entered into force. Among other things, the revised act introduced to the data protection regime a notification duty requiring every data controller in Austria to inform data subjects accordingly should they become aware of systematic and seriously unlawful misuses of personal data.