Austria

cookielaws

ATsmall Austria

Data Protection Authority

Austrian Data Protection Authority (Österreichische Datenschutzbehörde, DSB).

Guidance

No guidance exists for the practical implementation of Austria’s cookie law. However, a lot can be learned from the narrow implementation of the law.

Compliance Method: Cookie Banners

In Austria, consent only has to be given for the storing or access to personal data on user’s devices. Compared to the implementation in other Member States and to the ePrivacy Directive, this significantly narrows the scope of the provision. In Austrian data protection law, pseudonymous data are not considered as personal data.

If one is not sure whether the data one is processing is considered personal data in Austria or not, the safest option is to make use of cookie banners which link to a detailed cookie page, using the further browsing model of providing consent. It needs to mention what cookies are being used for, and that continuing to browse the website indicates consent. The processing of information is only permissible upon receiving consent, so cookies need to be dropped only after the user has decided to browse further.

On the comprehensive information page, detailed technical details must be given about the cookies used, such as the length of time they remain on computers, and an option to opt-out must be given.

Implementing Legislation

Article 96 (3) of the Telecommunications Act implements the cookie provision into Austrian law. The wording of the Article differs a bit from the Directive’s, starting from the point of view that operators of public communications services and providers of information society services are obliged to inform users about the personal data they collect, process, and transmit. Additionally, they are obliged to inform users about the legal basis of the activities, the purposes of processing, and the period of time data is stored. The Article creates the consent rule by stating that the collection of these data is only permissible upon receiving consent from the user.

The fact that the Article only covers the processing of personal data raises the question about the definition of personal data. It may be tempting to presume that it does not apply to the processing of pseudonymous or pseudonymised data. However, in lieu of clarity on this issue, the safest option is to use cookie banners for consent if one is not sure if the data collected from cookies is considered personal data or not.

Personal data, as defined in the Article 4 (1) of the Data Protection Act, is any information relating to identified or identifiable persons. In the definition, it also provides that data is indirectly personal when a processor, controller or recipient of a transmission cannot establish the identity of the data subject by legal means. As this does not provide a sufficient degree of clarity as to whether the cookie provision is applicable, is advisable to err on the side of caution and to use a cookie banner.

Consent is defined under Article 4 (14) of the Data Protection Act as a valid declaration of intention given without constraint. The legislator’s explanatory remarks indicate that consent for cookies has to be given prior to processing.

Table of National Implementations

 

ATsmall

Austria

BEsmall

Belgium

BGsmall

Bulgaria

CHsmall

Switzerland

CYsmall

Cyprus

CZsmall

Czech
Republic

DEsmall

Germany

DKsmall

Denmark

EEsmall

Estonia

ELsmall

Greece

ESsmall

Spain

FIsmall

Finland

FRsmall

France

HRsmall

Croatia

HUsmall

Hungary

IEsmall

Ireland

ITsmall

Italy

LTsmall

Lithuania

LUsmall

Luxembourg

LVsmall

Latvia

MTsmall

Malta

NLsmall

Netherlands

NOsmall

Norway

PLsmall

Poland

PTsmall

Portugal

ROsmall

Romania

SEsmall

Sweden

SIsmall

Slovenia

SKsmal

Slovakia

UKsmall

UK

 

Return to Overview

 

X

Thank you for your interest in our article. We’d love to get in touch with you to find out how you are using our research. If you don’t mind us sending you an email to ask you if the article was helpful, then please enter your email address and download the report.

We promise we won’t spam you!

Login

Become a Member Lost your password?