Tag Archives: Austria

Authorities in Austria and Switzerland Rule on Google Street View

Posted on May 3, 2011 by Hunton & Williams LLP

Austrian DPA Gives Green Light Subject to Conditions

On April 21, 2011, the Austrian Data Protection Commission (“Austrian DPA”) published its decision allowing Google to register its Google Street View application on the Austrian DPA’s data processing register.  As part of the registration procedure, Google agreed to blur images of faces and license plates prior to publishing them on the Internet, and to provide information to the public about the right to object to publication of certain images.  Further, the Austrian DPA required Google to: Continue reading…

Tags: , , , , ,

Article 29 Working Party Releases Opinion on EU Data Breach Notification Framework

Posted on April 15, 2011 by Hunton & Williams LLP

On April 5, 2011, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the current EU personal data breach framework and recommendations for future policy developments (the “Opinion”).

In 2009, the revised e-Privacy Directive 2002/58/EC (the “e-Privacy Directive”) introduced a mandatory data breach notification regime for the telecommunications sector.  Pursuant to the e-Privacy Directive, telecommunications and internet service providers are required to report certain data breaches to their national regulator and to affected individuals.

Continue reading…

Tags: , , , , , , ,

European Commission Seeks Germany’s Compliance with ECJ Judgment on DPA Independence

Posted on April 7, 2011 by Hunton & Williams LLP

On April 6, 2011, the European Commission formally requested that Germany immediately comply with a March 9, 2010 judgment (C-518/07) by the European Court of Justice (the “Court”) concerning the independence of German data protection authorities (“DPAs”).
 
As we previously reported, the Court ruled in March 2010 that Germany had failed to properly implement the requirement that DPAs are to act with “complete independence” in exercising the functions entrusted to them, as explicitly provided by the EU Data Protection Directive 95/46/EC. According to the Commission, 15 out of Germany’s 16 federal states have not yet undertaken any action to rectify the violation identified in the Court’s judgment. In its formal notice letter, the Commission ordered Germany to comply with the Court’s judgment within two months or risk a fine or penalty imposed by the Court.

Continue reading…

Tags: , , , , , ,

Announcing the Launch of a New Journal on International Data Protection and Privacy Law

Posted on March 30, 2011 by Hunton & Williams LLP

Oxford University Press recently published the debut issue of the new quarterly journal International Data Privacy Law (“IDPL”), the first and only journal on data protection and privacy law which both focuses on international issues and subjects articles to double-blind peer review.  Hunton & Williams Brussels-based partner Christopher Kuner is the journal’s editor-in-chief, and Professor Fred Cate, Senior Policy Advisor of the Centre for Information Policy Leadership at Hunton & Williams, also serves as an editor.  According to Mr. Kuner, “IDPL has three main missions, namely to be global, to span the gulf between scholarship and practice and to help solidify the position of data protection and privacy law as a central area of importance for the individual, the economy and the development of new technologies.”

Continue reading…

Tags: , , , , , , , ,

EU Agency for Fundamental Rights: Prosecutions and Sanctions for Violations of Data Protection Law Limited or Non-Existent

Posted on May 12, 2010 by Hunton & Williams LLP

According to a report issued by the EU Agency for Fundamental Rights (“FRA”), European data protection authorities lack sufficient independence and funding.  In addition, DPAs impose few sanctions for violations of data protection laws.  DPAs “are often not equipped with full powers of investigation and intervention or the capacity to give legal advice or engage in legal proceedings.”  In a number of countries, including Austria, France, Germany, Latvia, the Netherlands, Poland and the UK, “prosecutions and sanctions for violations are limited or non-existing.”  The report also highlights EU citizens’ limited awareness of the DPAs’ existence.  The FRA Director, Morten Kjaerum, noted that “improvements need to take place concerning the independence, effectiveness, resources and powers of data protection authorities.” 

Tags: , , , , , , ,

Austrian DPA Approves SOX Whistleblowing Hotline but with Limitations

Posted on January 20, 2009 by Hunton & Williams LLP

On December 5, 2008, the Austrian data protection authority ("DPA") issued its first decision on the implementation of a whistleblowing hotline as required by the Sarbanes-Oxley Act ("SOX"), to be administered by the Austrian subsidiary of a U.S.-based company. The DPA partly approved the data transfers from the Austrian entity to the U.S. entity for the purpose of enabling it to prosecute "serious incidents" caused by the behavior of executive managers. The DPA ordered the Austrian subsidiary to implement a contract guarantying data subjects the ability to exercise their rights through the service provider managing the hotline. The DPA did not consider SOX to provide a legal basis for the transfer, but rather found that the legal basis was provided by the legitimate interests of the Austrian subsidiary, as conveyed by instructions of the employer, admissible in the context of an employment relationship, including a Code of Conduct. The conditions placed on the hotline are based on the recommendations issued by the Article 29 Working Party in its Working Paper 117. Full text of the decision is available in German here.

Tags: , ,