The European Court of Justice stated that Austria’s data protection authority is not sufficiently independent, and therefore fails to comply with the requirements of the European data protection directive. This is the second time that the European Court of Justice has found a data protection authority to lack independence. The first time involved Germany, where the European Court of Justice found that the regional data protection authorities were not sufficiently independent because of their respective regional governments. In its decision regarding Austria, the European Court of Justice found that the Austrian data protection authority, the DSK, had too many links to the Federal Chancellor’s office. Austrian law provides that the members of the DSK shall not be subject to outside instructions. The court emphasized that the actual functioning of the data protection authority, but also the appearance of independence in how the data protection authority is structured. Thus it was determined that the links between the data protection authority and the Federal Chancellery are too close to satisfy these requirements.
Read more