2B Advice
TEL: +1 (858) 366-9750
FREE DOWNLOAD
Privacy News

Record Breaking 18 Million Euro Fine to Post AG

Austrian Supervisory Authority Issues Record Breaking 18 Million Euro Fine to Post AG

Several sources report that the Austrian Datenschutzbehoerde (“DSB”), the national independent Austrian Supervisory Authority (Art 51 GDPR ss.) has imposed an 18 Million Euro fine against the Austrian Post AG. 

As reported previously in this blog (Sie sehen aus wie ein FPOE Waehler), the Austrian Post AG, the privatized and now publicly traded successor to the governmental monopoly for mail and package delivery services in Austria, had drawn the ire of privacy advocates in 2018 when it became known that the Post AG allegedly engaged in pervasive profiling activities to further the accuracy of its lucrative list brokering business. 

Among other things, the Post AG was said to have assessed the likely political leanings and potential investment and savings habits/preferences of all surveyed households and individuals.  Given the Post AG’s monopoly as Austria’s sole mail service provider, it meant that every household, if not every person living in Austria was featured in the Post AG’s database.

Faced with public backlash, the Post AG announced last year that it would terminate or curtail its profiling activities, while insisting that it was acting within its legal rights under its data broker’s license (Section 151 of Austrian Industrial Code).  Not so, apparently in the eyes of the usually low-key and restrained Austrian DSB, which issued the record-breaking 18 Million Euro fine in a ruling against Post AG which is not available on the DSB’s website as of yet.  As Post AG’s attorneys do not tire of emphasizing, this ruling is viewed by their client as incorrectly decided and a flagrant violation of the proportionality principle enshrined in Austria’s Administrative Penal Code, and is, thus, currently on appeal before the administrative court in Vienna. 

A more profound legal analysis is to follow once the text of the ruling is published.  However, already at this stage this is another cautionary tale against excessive, and perhaps wanton, reliance on the “legitimate pursuit of interests” (Art 6(1)(f) GDPR) as sole legal basis for processing personal data. 

Similar Blog Posts

Data protection authorities may prohibit the operation of fan pages Data protection authorities may prohibit the operation of fan pages

In a clarifying ruling, the Federal Administrative Court has further defined the responsibilities of an operator of a Facebook fan page.

California Attorney General Releases First Draft of CCPA Regulations California Attorney General Releases First Draft of CCPA Regulations

The California Attorney General released the first draft of the Regulations for the implementation of the California Consumer Privacy Act (CCPA).

ALL BLOG POSTS IN THIS CATEGORY

Blog Categories

Questions?

CONTACT

2B Advice LLC
7220 Avenida Encinas STE 208
92011 San Diego CA

Tel: +1 858 366 9750
Email: sandiego@2b-advice.com

Thanks for contacting us! One of our representatives will be in contact with you shortly regarding your inquiry.