International Day of privacy (courtesy of VIBE! AT )
In Austria The International Data Protection Day on 28 January 2009, passed largely unnoticed. As in 2008, the Data Protection (DSK) and the Data Protection (DSR) have again held a joint event for a strictly limited number of interested participants (100 participants), in which
European and international developments in data protection were present. In contrast
to 2008, where the organizers were faced with well over 100 applications, the event this year was announced very bad. The homepage of the DSK and the home of Europe to the International Data Protection Day, the event was not even mentioned.
This situation is somewhat symptomatic of data protection in Austria. Privacy is usually not for the general public, it is an administrative act, which includes more formal decisions as public debates and open discussions. It is a pity that the organizers of this year's event have decided to maintain the access restrictions as they are. An opening for a larger group of participants the opportunity for a development towards an annual event
Austrian Data Protection Authorities have opened. For this year, this opportunity is missed, but next year it is this chance again. We will keep you informed.
The following paragraphs provide a summary of key developments of the last year data privacy violations in the areas of legislative initiatives, monitoring trends and important. Finally, an outlook on the following years.
legislative initiatives:
On 6 December 2007, the Austrian Parliament adopted a reform of the Security Police Act
. Ten minutes before midnight that day (the last parliamentary year of the trial), members of the governing parties (SPÖ and ÖVP) introduced an amendment that the surveillance capabilities of the security police
has expanded significantly. Here, the current parliamentary workflow Abänderunsanträge before the vote in Committee was competent to discuss ignored.
result of this amendment is that mobile telephony and Internet provider
location information of mobile phones and IP addresses of computers at the request of
Police must submit. A court order is not required!
In the first five weeks of 2008 requested location data of 82 mobile phone users and the identity of holders of 2766 following the police. An article in the daily newspaper Die Presse daily that there are 32 such requests. Members who have tabled the amendment mentioned in Parliament were given, but the Big Brother Award 2008
.
were at the Constitutional Court proposed a number of complaints against the Security Police Act.
In April 2008 a draft
reform of the Privacy Act 2000 was published. Key elements are legal requirements for operators of private
CCTV , a new requirement for companies from 20 employees the position of a data protection officer be established and the harmonization of responsibilities (all data protection skills are transferred to the State). Currently it is up to approve the Data Protection Commission, the commissioning of CCTV systems from private operators. Under the reform proposal video monitoring will be allowed in future
when have occurred within the last 10 years in the relevant area dangerous attacks, or expensive items with a value of more than 100,000 EUR or the extraordinary artistic value to be protected. Video surveillance, according to the draft must be announced sufficiently and will be prohibited in toilets and changing rooms. Furthermore, the reform proposal includes a central database of all private video surveillance systems set up. If necessary, it will be the police allowed to access the data from these systems. Basically, the
allowable storage time of video data is limited to 48 hours, this can be extended to the DSK via the application. In future it will not be required to report real-time video monitoring to the DSK.
police access to the data highway video surveillance are planned and chance finds may carabines for law enforcement purposes.
result of the early election of the Austrian Parliament in 2008 could not complete the reform of the Data Protection Act 2000 its way through the parliamentary process. It is expected that the interest will come alive on the amendment again in 2009.
On the proposal of the European Commission for use of passenger data
(Passenger Name Records) SPÖ MPs have tabled a motion in Parliament. They suggested it to await the decision of the European Court of Justice for structurally similar
Data Retention Directive and the Treaty of Lisbon. Furthermore, recommended they be based on the opinion of the Article 29 working group (which is the joint working group of EU data protection authorities) to the Commission proposal, as there is in this matter serious privacy concerns.
retention : EU Data Retention Directive in Austria is still not implemented. There are no announced plans to do so in the near future.
to
biometric data in passports the Council of Ministers decided in June 2008 that the prints of both index fingers (if any) on an RFID chip in the passport will be saved. In addition, these data for up to four months stored in the State printing, which produces the passports. On 21.01.2009, the National Council, the relevant law, passed by a vote of all represented parties except the Greens. The Federal Council has voted on 27.01.2009, the day before the International Day of data protection. There was no objection.
In 2007, interior and justice ministries at the
covert use of remote forensic software (so-called Federal Trojans) have agreed and set up a working group to develop the technical and legal details. In April 2008, this
Working Group has published its final report. The experts argued that from a constitutional point of view, Series of fundamental rights affected by the use of such software, which would be the implementation of such online searches and would be restricted due liabilities for the state.
monitoring trends
Video Surveillance: - are compared to the automatic recording of license plate number when the data collected with wanted list
- - For the auto-vignette control
enforcement of speed limits (Section Control) - this may already by the present decision of supreme courts only to specific case-related arrangement of the minister including a detailed description of the actual operating conditions are used.
- trains in the Vienna U-Bahn - data is stored for 48 hours.
- in trains of ÖBB
- in housing estates where the Statdt Vienna garages, elevators and garbage rooms are monitored. The pilot phase of the so-called dustbin monitoring was approved by the DSC and will last until the end of 2009. Objective is to protect against vandalism.
Major data breaches :
In 2008, the case of a young asylum seeker and her family a lot of media attention. As the pressure on the Home Office was too strong, are personal Data of a family member from the police information system and the police files EKIS Index leaked to the public. Images from these files were published together with a corresponding press release from a high-ranking officials of the Ministry of Interior on the web. The police investigation into the leakage of data are ongoing.
The management of the residential buildings of the city of Vienna, Vienna Accommodation, sent to all 220 000 tenants of their apartments to a questionnaire in which they queried their opinion about their home, their neighbors, the neighborhood, the security situation, their administration and the city of Vienna. Wiener Wohnen offered here is that the questionnaire also returned anonymously
could be by ausschwärzt the printed surname. The relevant City Council said that the bar code would be used on the second page of the questionnaire only as a reference to the administrative region that covered the relevant questionnaire response. This representation was at best misleading, since the bar code containing the complete account number of each tenant, resulting in a subsequent personalization of the responses was possible. The Director of Housing in Vienna and was awarded the Austrian
Big Brother Award 2008 View:
After the premature Elections in 2008, was sworn in last year a new government. The government's program includes the following topics relevant for data protection:
The police use of remote forensic software (so-called Federal Trojans) will be allowed. It will be clear that the DSK to cases in which the criminal investigation in the field of criminal justice is not working, is responsible.
The cooperation with the Schengen-partners will be intensified, joint visa and biometric centers will be established, possible cooperation with external service providers (outsourcing) will be analyzed.
A DNA-offensive is aimed at the nationwide collection and analysis of DNA evidence to use as the basis for new applications.
Electronic health records will gain increasing importance.
The implementation of the Directive on data retention will not
government program mentioned.
A decision of the Constitutional Court on the complaints against the security police
law is expected for 2009.
At this year's election to the Austrian Student Union in May 2009 the Federal Government to carry out e-voting experiment. The Austrian Student Union decided to speak because of unresolved legal and technical issues against these plans. Also, the Data Protection has recommended that plans to take distance. This Pilotversucht is generally regarded as a test case for the use of e-voting in national elections.
(Michael Hofer and Andreas Krisch -
VIBE AT )
Data Protection Commission Datenschutzrat € Europe - International Day of privacy Security Police Act Austrian Big Brother Awards for the Security Police Act the press for access to location data and IP addresses by the security police:
"Police Surveillance: thousands of cases" reform proposal to the Data Protection Act 2000 resolution on PNR data Parliamentary decision to biometric passports final report of the working group on remote forensic software (so-called Federal Trojans) Big Brother Awards Austria: Data abuse relating to asylum seekers government program of the Austrian Federal Government opinion of the Privacy Council to e-voting at the student union elections
