Austria Data Protection Fail

October 15, 2012

In EU Commission v The Republic of Austria (Case C-614/10), the Court (Grand Chamber) has declared that, by failing to take all of the measures necessary to ensure that the legislation in force in Austria meets the requirement of independence with regard to the Datenschutzkommission (Data Protection Commission), the Republic of Austria has failed to fulfil its obligations under the second subparagraph of Article 28(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The specific failures relate to Austria laying down a regulatory framework under which:

– the managing member of the Datenschutzkommission is a federal official subject to supervision,

– the office of the Datenschutzkommission is integrated with the departments of the Federal Chancellery, and

– the Federal Chancellor has an unconditional right to information covering all aspects of the work of the Datenschutzkommission.

The Republic of Austria was ordered to pay the costs of the Commission.