Latest updates

DPA's strict view on retention periods
Schoenherr Attorneys at Law
  • Austria
  • 25 September 2018

The Austrian Data Protection Authority (DPA) recently published its first decision on retention periods following the enactment of the General Data Protection Regulation. The decision is final. The DPA had to decide how long a telecoms service provider must retain so-called 'master data' – that is, data required for the controller's legal relationship with the users of its services.

Privacy-related representations in M&A agreements
Schoenherr Attorneys at Law
  • Austria
  • 15 May 2018

Companies regularly store information about their customers, clients, employees, investors, partners and vendors. Privacy and data security are therefore important aspects of most M&A transactions. Although the risk of non-compliance with privacy laws may result in severe negative consequences, many M&A agreements still lack adequate privacy-related representations and warranties.

Proposals to alter national Data Protection Act
Schoenherr Attorneys at Law
  • Austria
  • 24 April 2018

Members of Parliament recently filed an application to amend the Data Protection Act 2018 in order to clarify certain aspects which have led to confusion over the past couple of months. In addition to several provisions relating to competence, the proposed act, among other things, contains a rephrased version of the fundamental right to data protection, introduces the mandatory appointment of data protection officers and suggests enabling the matching of images with explicit consent.

Draft Data Protection Amendment Act 2018 in appraisal
Schoenherr Attorneys at Law
  • Austria
  • 30 May 2017

Approximately one year before the General Data Protection Regulation will come fully into force, the Austrian legislature has officially started a six-week consultation process for the national Data Protection Amendment Act 2018. If and to what extent the legislature will make use of the competencies provided for by the 'opening clauses' in the General Data Protection Regulation is highly relevant to companies, and the amendment act has answered this question.

Ban on most-favoured nation clauses in online travel sector – end of online booking services?
Schoenherr Attorneys at Law
  • Austria
  • 01 November 2016

A draft law amending the Federal Act against Unfair Competition 1984 and the Price Labelling Act was recently published for public consultation. The draft law intends to introduce a ban on most-favoured nation clauses in contracts between online travel agencies and hotel operators. Commercially, the draft law puts online travel agencies' business model at risk and may even deter innovation and investments beyond this niche industry.

One and two-character domain names available under ccTLD '.at'
Schoenherr Attorneys at Law
  • Austria
  • 06 September 2016

The Austrian registry operator recently initiated the launch process for approximately 5,000 one and two-character domain names under the top-level domain (TLD) '.at'. Owners of trademarks consisting of one or two characters should consider requesting delegation of their short trademarks as domains under the '.at' TLD in order to use them or at least prevent unauthorised third parties from taking advantage of their marks.

'.insurance' – new gTLD targeting insurance sector
  • International
  • 10 May 2016

Sub-level domain names under the new generic top-level domain '.insurance' will soon be available – a development that will be of particular interest for the insurance sector, as it will allow domain names such as '[Yourbrand].insurance' and '[Yourproduct].insurance'. The '.insurance' domain names are expected to become generally available in June 2016, preceded by a sunrise period in May 2016.

Territoriality principle on horizon
  • European Union
  • 28 October 2014

It is common knowledge that the European Court of Justice (ECJ) has found the EU Data Retention Directive to be invalid. However, the spotlight should be on the ECJ's considerations on data security, as these may have an impact beyond the case that triggered the ruling, potentially influencing the privacy aspects of international data transfers as they are known today.

OnDemand Compliance and the cloud
Schoenherr Attorneys at Law
  • Austria
  • 21 October 2014

Austria has no specific data security rules for cloud computing. However, depending on the data categories involved, specific data-related security regulations may apply. To date, there has not been a homogenous market approach to tackling the risks connected to cloud services, although companies are starting to become aware of the related risks.

ECJ declares Data Retention Directive invalid
  • European Union
  • 29 April 2014

The European Court of Justice (ECJ) recently declared the EU Data Retention Directive, which has been the subject of much debate, invalid. The ECJ held that the directive interferes with the fundamental rights to respect for private life and the protection of personal data. If this decision reflects the ECJ's general stance on the matter, it will have an impact that goes far beyond telecommunications data retention considerations.

BYOD and data protection – incompatible or manageable?
Schoenherr Attorneys at Law
  • Austria
  • 04 March 2014

Employers are increasingly keen to introduce a 'bring your own device' (BYOD) policy, which allows them to assign company device management to employees and, by doing so, save manpower and costs on device support and maintenance. However, there is a downside: BYOD involves allowing employees to access (sometimes sensitive) company data through their private devices.

Under pressure: data breach notification must be made within 24 hours
Schoenherr Attorneys at Law
  • Austria
  • 20 August 2013

The European Commission recently published a new regulation on the measures applicable to the notification of personal data breaches under the EU Directive on Privacy and Electronic Communications. When the regulation enters into force, national rules that are in contradiction to European law must cease to apply. This raises some substantial questions with regard to the application of the Austrian Telecommunications Act.

Rise in mobile apps triggers data protection concerns
Schoenherr Attorneys at Law
  • Austria
  • 26 March 2013

Mobile applications are convenient, entertaining, easy to handle, cheap and versatile. However, the processing of other people's personal data through an app triggers full responsibility under data protection laws. Users would thus be well advised to consider whether they would wish to have their own data processed in the same way before processing other people's data through an app.

ECJ finds Austrian Data Protection Authority insufficiently independent
Schoenherr Attorneys at Law
  • Austria
  • 30 October 2012

The European Court of Justice (ECJ) recently ruled that the Austrian Data Protection Authority is not a sufficiently independent regulatory body and therefore is not in line with the respective requirements of the EU Data Protection Directive. In particular, the ECJ took offence at the fact that the day-to-day business of the authority is managed by a federal official.

Austria implements EU Data Retention Directive at long last
Schoenherr Attorneys at Law
  • Austria
  • 15 March 2011

Following European Commission proceedings against Austria for breaching EU law by failing to implement the EU Data Retention Directive, and a related European Court of Justice ruling against Austria, the government has now decided to implement the directive. The draft legislation implements the minimum requirements set out by the directive by providing for a retention period of only six months.

New amendments to data protection law
Schoenherr Attorneys at Law
  • Austria
  • 09 November 2010

In early 2010 substantial revisions to the Data Protection Act entered into force. Among other things, the revised act introduced to the data protection regime a notification duty requiring every data controller in Austria to inform data subjects accordingly should they become aware of systematic and seriously unlawful misuses of personal data.

Christian Schmelz
Schoenherr
  • Vienna
  • Austria
Stefanie Stegbauer
Schoenherr
  • Vienna
  • Austria
Günther Leissler
Schoenherr
  • Vienna
  • Austria
Adolf Zemann
Schoenherr
  • Vienna
  • Austria