Wednesday

14th Apr 2021

Austria accused of undermining new EU data law

  • Some 24 EU states are still not ready for the general data protection regulation (GDPR), which is due to come in at the end of May (Photo: Pixabay)

Three years ago Austria's justice minister complained that the EU's forthcoming data protection rules were too weak. Today, the right-wing government in Vienna says they are too strong.

Austria's governing conservative OVP and far-right FPO parties passed a law last month that critics have said complicates enforcement of new EU-wide data protection rules set for an end of May launch.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

German Green MEP Jan Philipp Albrecht, who steered the new rules through the European Parliament, told EUobserver on Thursday (3 May) the changes reflect the conservative government under chancellor Sebastian Kurz.

"Before it was OVP and SPO, who were still very much in the mood of having strong data protection along with Austrian standards, which are very high... now, with the Kurz and the FPO, I think the policy has completely changed," he said.

Albrecht said the governing parties in Vienna are trying to turn the country into a sort of 'safe haven' - by complicating enforcement of the new EU data rules, known as the general data protection regulation (GDPR).

Those new EU rules will be enforced as of 25 May by the national data protection authorities and aim, among other things, to hand back the control of personal data to citizens.

Austria's data protection authority (DPA) is led by Andrea Jelinek - who is also slated to become the head of the upcoming European Data Protection Board.

The board will be key to imposing the new rules.

New law

But the new Austrian law demands Jelinek first issues warnings before launching sanctions against violating firms. Heise.de, which first reported the last minute amendments, said it means most infringements will go unpunished.

Imposing such a rule may be seen as government encroachment or as an effort to sow confusion given data authorities are supposed to be entirely independent. The move was also noticeably praised by Austrian trade associations.

"In the end it really doesn't make a big difference," admitted Albrecht, noting that the DPA will still be able to issue sanctions without warnings if there is a very severe infringement.

But he pointed out that the GDPR says sanctions are imposed by DPAs without any condition, and without a room for specification, or changes to member states' law.

Matthias Schmidl, deputy head of the Austrian Data Protection Authority, told EUobserver in an email that they will still decide on a case-by-case basis whether to impose administrative fines or not - even if it is the first violation.

He also said that "the wording of the said provision is very open and allows an interpretation" within the EU regulation.

Lack of preparation?

But such issues and others are also raising serious concerns on how prepared those meant to enforce the new data rules will actually be.

Earlier this year, EU commissioner for justice Vera Jourova warned that only Austria and Germany had so far passed the national laws needed to ensure data protection authorities are fully equipped to give GDPR teeth.

Sweden and Slovakia have since passed similar laws - while everyone else is lagging behind, according to the International Association of Privacy Professionals (IAPP).

It noted, in a blog post last week, that EU states need to spell out exemptions in national laws, regarding certain categories of data dealing with things such as ethnic origin or religious beliefs.

Among the biggest laggards, it also noted, are home countries to EU justice commissioner Jourova (Czech Republic) and digital commissioner Mariya Gabriel (Bulgaria).

This article was updated at 10:55 on Monday (7 May). The original article stated that Belgium had updated its national law to ensure its data protection authority is ready to enforce GDPR, when in fact it is Sweden.

26 EU states not ready for data law

The European Commission on Wednesday said only Austria and Germany have passed the relevant draft laws needed to ensure the launch of the EU's general data protection regulation on 25 May:

Eight countries to miss EU data protection deadline

The EU starts enforcing its general data protection regulation on 25 May - but Belgium, Bulgaria, Cyprus, Czech Republic, Greece, Hungary, Lithuania and Slovenia won't be ready. The delay will cause legal uncertainty.

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

News in Brief

  1. EU states make progress on Covid-19 'travel certificates'
  2. Michel pledges to protect von der Leyen's 'dignity' in future
  3. Libya frees UN-sanctioned human trafficker
  4. European court: jailed Turkish writer's rights violated
  5. EU set to miss 1m electric charging points by 2025 target
  6. Lavrov expects Iran nuclear deal to be saved
  7. France suspends flights from Brazil due to Covid variant
  8. Johnson & Johnson delays roll-out of vaccine in EU

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Stakeholders' Highlights

  1. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  2. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance
  3. Nordic Council of MinistersThe Nordic Region can and should play a leading role in Europe’s digital development
  4. Nordic Council of MinistersNordic Council to host EU webinars on energy, digitalisation and antibiotic resistance
  5. UNESDAEU Code of Conduct can showcase PPPs delivering healthier more sustainable society
  6. Nordic Council of MinistersWomen benefit in the digitalised labour market

Latest News

  1. Nato and US urge Russia to back off on Ukraine
  2. Future EU platform seeks to 'stay clean' of hate speech
  3. Denmark threatens Syria deportations amid EU concerns
  4. MEPs raise concerns on vaccine 'travel certificates'
  5. Will Romania be EU's Green Deal laggard?
  6. Muslims, Ramadan, and myths facing 'European civilisation'
  7. Europe & Africa - rebuilding the future
  8. How the pandemic became an EU goldmine for crime

Join EUobserver

Support quality EU news

Join us