Privacy Laws

Austrian data protection compared to the GDPR

The flag of Austria with a blue sky, a lake and mountains in the background.
© mdworschak / stock.adobe.com | #372658970

General overview

Austria has utilized the option to enact regulations that deviate from the GDPR (so-called “opening clauses”). The Austrian Data Protection Act (DSG) contains specific provisions that differ from the GDPR.

GDPR opening clauses

Austria has availed of the GDPR's opening clauses to establish specific regulations for data processing in the public sector, data processing for scientific purposes, and data processing in the healthcare sector.

Key differences and national specifics

Consent of children

According to § 4 (4) DSG, a child's consent to an offer of information society services is lawful if the child has reached the age of fourteen. This differs from the GDPR, which sets a minimum age of sixteen.

Image recordings and video surveillance

Under the broad concept of “image recordings,” the legislator has introduced regulations for video surveillance in § 12 f DSG. This demonstrates Austria's particular emphasis on privacy protection concerning image and video recordings.

Data processing for specific purposes

The DSG contains specific standards for data processing for certain purposes, such as processing in the public interest for archiving, scientific, or historical research purposes, as well as for statistical purposes and in emergencies.

Immediate deletion of data

A significant difference from the GDPR can be found in § 4 (4) DSG. According to this provision, immediate deletion is not required if it is only possible at certain times for economic or technical reasons.

Compatibility with the GDPR

It remains to be seen how the European Court of Justice (ECJ) will assess this provision and whether it is compatible with the GDPR. Companies should be aware of these differences and ensure compliance with all relevant data protection provisions.

Conclusion

Austria has specific regulations in its Data Protection Act that differ from the GDPR. Companies operating in Austria or engaging in business with Austrian citizens should ensure that they fully understand and comply with both the GDPR and Austrian data protection law.