Austria: Draft Data Pro­tec­tion Amend­ment Act 2018

Accor­ding to Ger­ma­ny Austria also sub­mit­ted an imple­men­ta­ti­on law for the GDPR (and the Schen­gen Direc­ti­ve), which Data Pro­tec­tion Amend­ment Act 2018. Unli­ke the Ger­man DSAn­pUG-EU, the Data Pro­tec­tion Amend­ment Act 2018 is limi­t­ed to a con­cise imple­men­ta­ti­on of the GDPR, more or less rest­ric­ted to the mini­mum, which, howe­ver, has to do with the fact that sec­to­ral pro­vi­si­ons can be imple­men­ted later in cor­re­spon­ding sec­to­ral decrees. From the expl­ana­to­ry notes:

While the neces­sa­ry imple­men­ta­ti­on of the GDPR is pre­do­mi­nant­ly car­ri­ed out in the new Data Pro­tec­tion Act (DPA), Ope­ning clau­ses are only direct­ly regu­la­ted in the new DPA to a small ext­ent respec­tively, the­se are regu­la­to­ry lee­way clau­ses which are deli­bera­te­ly not regu­la­ted in the new DPA, as the GDPR alre­a­dy con­ta­ins a basic rule which – as a gene­ral approach – should in prin­ci­ple also be adopted in natio­nal law (e.g. Art. 8(1) DPA with regard to the age limit for a child’s con­sent in rela­ti­on to infor­ma­ti­on socie­ty ser­vices). Howe­ver, the majo­ri­ty of the ope­ning clau­ses do not fall within the scope of gene­ral mat­ters of data pro­tec­tion, the­r­e­fo­re they are not regu­la­ted in the new DPA. Howe­ver, to the ext­ent neces­sa­ry, a cor­re­spon­ding pro­vi­si­on may be made in spe­ci­fic sub­stan­ti­ve laws (e.g., Art. 23 and 88 GDPR).

On the need to imple­ment the GDPR in gene­ral, see Veil, Daten­schutz in der Meh­re­be­nen­fal­le, CRon­line.




Rela­ted articles