|
Constitution:
The Austrian Federal Constitutional Law (en) does not recognize explicitly the right of privacy. Some sections of the Austrian Data Protection Act have constitutional status. The right to the data protection is a fundamental right in Austria, laid down explicitly in a constitutional provision (sect. 1 (1) of the Austrian Data Protection Act 2000).
Omnibus legislation:
Data Protection Act 2000 (Datenschutzgesetz 2000 - DSG 2000).
Sector-based legislation:
• Telecommunication Act 2003 (Telekommunikationsgesetz 2003), Austrian Federal Law Gazette I No. 70/2003, Section 107 deals with spamming.
• Civil Law Code (Allgemeines bürgerliches Gesetzbuch), Section 1328a contains special regulations on damages for infringing the right of privacy.
• Genetic Engineering Act 1994 (Gentechnikgesetz), Austrian Federal Law Gazette No. 510/1994).
• Industrial Code 1994 (Gewerbeordnung 1994), Austrian Federal Law Gazette No. 194/1994, Section 151 Industrial Code 1994 deals with direct marketing.
• Federal Electronic Signature Law (Signaturgesetz)
• E-Commerce Act 2001 (E-Commerce-Gesetz), Austrian Federal Law Gazette I No. 152/2001)
State laws:
Data protection laws of the Austrian states (de) concern manual data processing for certain purposes.
Self-regulatory instruments:
Codes of conduct and other instruments of self-regulation are not common in Austria. Sect. 6 (4) of the Data Protection Act 2000 provides, however, for the possibility for the business community to have Codes of Conduct officially checked by the Federal Chancellery concerning their compatibility with the DP-Act.
At present there is one substantial Code of Conduct in existence which was successfully submitted to this checking procedure, this is a Code of Conduct for direct marketing.
International and regional instruments:
OECD guidelines and directive 95/46 implemented. Convention 108 of the CoE in force since 1988.
Independent authorities:
Data Protection Commission (Datenschutzkommission)
The Commission is responsible for enforcing the DP-Act. The Commission decides in case of complaints against public data controllers and in case of access complaints against any controller. Moreover it licenses transborder data flow and may give recommendations to controllers.
Apart from formal legal decisions the commission acts as a data protection ombudsman (mainly in the private sector) through its Executive Member. Notification is administered by the data processing register, which is part of the DP-Commission.
Since 2004 the DP-Commission has an additional function as special Government Authority, in charge of the management and protection of the electronic identities of the citizens.
The Commission consists of six members, one of which is a judge who presides over the plenary meetings. The Commission appoints one member as the executive member. Independence of all members is guaranteed by special constitutional provision.
Ballhausplatz 1
1014 Vienna
phone: +43 1 531 15 25 25
telefax: +43 1 531 15 26 90
e-mail : dsk@dsk.gv.at
website: www.dsk.gv.at
Notification
Every controller shall notify before commencing a data application. The controller is, simply put, whoever decides to process data. General information on notifications and notification forms (de) can be found at the Data Protection Commission's Web site.
|
