Monday

18th Mar 2019

Austria accused of undermining new EU data law

  • Some 24 EU states are still not ready for the general data protection regulation (GDPR), which is due to come in at the end of May (Photo: Pixabay)

Three years ago Austria's justice minister complained that the EU's forthcoming data protection rules were too weak. Today, the right-wing government in Vienna says they are too strong.

Austria's governing conservative OVP and far-right FPO parties passed a law last month that critics have said complicates enforcement of new EU-wide data protection rules set for an end of May launch.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 18 year's of archives. 30 days free trial.

... or join as a group

German Green MEP Jan Philipp Albrecht, who steered the new rules through the European Parliament, told EUobserver on Thursday (3 May) the changes reflect the conservative government under chancellor Sebastian Kurz.

"Before it was OVP and SPO, who were still very much in the mood of having strong data protection along with Austrian standards, which are very high... now, with the Kurz and the FPO, I think the policy has completely changed," he said.

Albrecht said the governing parties in Vienna are trying to turn the country into a sort of 'safe haven' - by complicating enforcement of the new EU data rules, known as the general data protection regulation (GDPR).

Those new EU rules will be enforced as of 25 May by the national data protection authorities and aim, among other things, to hand back the control of personal data to citizens.

Austria's data protection authority (DPA) is led by Andrea Jelinek - who is also slated to become the head of the upcoming European Data Protection Board.

The board will be key to imposing the new rules.

New law

But the new Austrian law demands Jelinek first issues warnings before launching sanctions against violating firms. Heise.de, which first reported the last minute amendments, said it means most infringements will go unpunished.

Imposing such a rule may be seen as government encroachment or as an effort to sow confusion given data authorities are supposed to be entirely independent. The move was also noticeably praised by Austrian trade associations.

"In the end it really doesn't make a big difference," admitted Albrecht, noting that the DPA will still be able to issue sanctions without warnings if there is a very severe infringement.

But he pointed out that the GDPR says sanctions are imposed by DPAs without any condition, and without a room for specification, or changes to member states' law.

Matthias Schmidl, deputy head of the Austrian Data Protection Authority, told EUobserver in an email that they will still decide on a case-by-case basis whether to impose administrative fines or not - even if it is the first violation.

He also said that "the wording of the said provision is very open and allows an interpretation" within the EU regulation.

Lack of preparation?

But such issues and others are also raising serious concerns on how prepared those meant to enforce the new data rules will actually be.

Earlier this year, EU commissioner for justice Vera Jourova warned that only Austria and Germany had so far passed the national laws needed to ensure data protection authorities are fully equipped to give GDPR teeth.

Sweden and Slovakia have since passed similar laws - while everyone else is lagging behind, according to the International Association of Privacy Professionals (IAPP).

It noted, in a blog post last week, that EU states need to spell out exemptions in national laws, regarding certain categories of data dealing with things such as ethnic origin or religious beliefs.

Among the biggest laggards, it also noted, are home countries to EU justice commissioner Jourova (Czech Republic) and digital commissioner Mariya Gabriel (Bulgaria).

This article was updated at 10:55 on Monday (7 May). The original article stated that Belgium had updated its national law to ensure its data protection authority is ready to enforce GDPR, when in fact it is Sweden.

26 EU states not ready for data law

The European Commission on Wednesday said only Austria and Germany have passed the relevant draft laws needed to ensure the launch of the EU's general data protection regulation on 25 May:

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Focus

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

News in Brief

  1. Blow for May as third vote on Brexit deal ruled out
  2. Three killed in possible 'terror' gun attack in Utrecht
  3. Third Brexit vote this week only if DUP will support it
  4. Germany's two largest banks confirm merger talks
  5. Serbian pro-democracy protests reach 15th week
  6. 'Yellow Vest' riots leave Paris shops vandalised
  7. European woman older when having first baby
  8. Majority of Germans want Merkel to stay on

Stakeholders' Highlights

  1. Nordic Council of MinistersNew Secretary General: Nordic co-operation must benefit everybody
  2. Platform for Peace and JusticeMEP Kati Piri: “Our red line on Turkey has been crossed”
  3. UNICEF2018 deadliest year yet for children in Syria as war enters 9th year
  4. Nordic Council of MinistersNordic commitment to driving global gender equality
  5. International Partnership for Human RightsMeet your defender: Rasul Jafarov leading human rights defender from Azerbaijan
  6. UNICEFUNICEF Hosts MEPs in Jordan Ahead of Brussels Conference on the Future of Syria
  7. Nordic Council of MinistersNordic talks on parental leave at the UN
  8. International Partnership for Human RightsTrial of Chechen prisoner of conscience and human rights activist Oyub Titiev continues.
  9. Nordic Council of MinistersNordic food policy inspires India to be a sustainable superpower
  10. Nordic Council of MinistersMilestone for Nordic-Baltic e-ID
  11. Counter BalanceEU bank urged to free itself from fossil fuels and take climate leadership
  12. Intercultural Dialogue PlatformRoundtable: Muslim Heresy and the Politics of Human Rights, Dr. Matthew J. Nelson

Stakeholders' Highlights

  1. Platform for Peace and JusticeTurkey suffering from the lack of the rule of law
  2. UNESDASoft Drinks Europe welcomes Tim Brett as its new president
  3. Nordic Council of MinistersNordic ministers take the lead in combatting climate change
  4. Counter BalanceEuropean Parliament takes incoherent steps on climate in future EU investments
  5. International Partnership For Human RightsKyrgyz authorities have to immediately release human rights defender Azimjon Askarov
  6. Nordic Council of MinistersSeminar on disability and user involvement
  7. Nordic Council of MinistersInternational appetite for Nordic food policies
  8. Nordic Council of MinistersNew Nordic Innovation House in Hong Kong
  9. Nordic Council of MinistersNordic Region has chance to become world leader when it comes to start-ups
  10. Nordic Council of MinistersTheresa May: “We will not be turning our backs on the Nordic region”
  11. International Partnership for Human RightsOpen letter to Emmanuel Macron ahead of Uzbek president's visit
  12. International Partnership for Human RightsRaising key human rights concerns during visit of Turkmenistan's foreign minister

Join EUobserver

Support quality EU news

Join us