In recent years there has been an increased use of technologies that match a person's digital image to a picture database. While the Austrian legal system does not expressly permit the use of such technology, the Ministry of the Interior uses it to identify unknown perpetrators suspected of intentionally committing a criminal offence. Austrian privacy experts worry that without an explicit legal basis, the use of facial recognition software may result in the gradual extension of powers.
Dashcams have become increasingly popular in recent years and a built-in dashcam is now the most sought-after feature among car buyers. Buyers' primary motivation is self-explanatory: recorded footage can be used as evidence in case of an accident. However, whether dashcams are incompatible with privacy and data protection law and thus illegal on Austrian roads is a tricky question.
Parliament recently enacted the Third, Fourth and Fifth COVID-19 Acts. Although these laws have significantly changed the Austrian legal framework, none of them include data protection provisions. Thus, the legislature appears to have overlooked a significant data protection issue arising from the new law – namely, the conflict of interests between the amended Social Insurance Act and the EU General Data Protection Regulation.
Due to the COVID-19 pandemic, telecoms providers must now send mass alerts (eg, regional access prohibitions) via text message on order of the government and provide traffic and location data for the purposes of evaluating whether individuals are complying with quarantine orders. In addition, a number of legislative developments have taken place with respect to data protection. This article outlines these recent changes.
With the adoption of the EU General Data Protection Regulation, the EU legislature intended to strengthen the rights of individuals (ie, data subjects or applicants) by giving them greater control over how their personal data is used. Applicants must be informed of the processing of their personal data and be able to verify whether such processing is lawful. Accessing documents is not necessary to achieve that goal. This view is supported by two recent Austrian decisions.