“Austria became an independent republic in 1955 after the Second World War and since 1995 has been a Member of the European Union (EU). As a Member State of the EU, Austria is obliged to implement laws issued by the EU within its legal framework to ensure compliance at the national level with EU law.
The enactment of the right of access to data is covered in the regulations on data protection. The data protection law in Austria aims to regulate the free flow of data and, most importantly, to protect data privacy of citizens.
The first data protection laws in Europe were enacted in the late 1960s as a response to the emergence of the electronic data processing. The German State of Hessen passed the world’s first regional data protection law in 1970 (Room, 2007, pp. 7–8).
An important role of the EU is to provide directives, which serve as guidance for all EU Member States to follow. At the European level, Directive 95/46/EC, commonly known as the Data Protection Directive, is the main reference within the EU pertaining to the protection of personal data of citizens in EU Member States. The Directive was adopted in 1995 and states that EU Member States shall provide the data subject with “the existence of the right of access to and the right to rectify the data concerning him”. Article 12 of the Directive provides the data subject’s right of access to their personal data (Publications Office of the European Union, 1995, pp. 31–42).
The implementation of the EU directive on Data Protection differs in EU Member States as EU directives are not legally binding, however, only set out the basic standards and recommendations for EU Members to incorporate them into their national legislation.
The right to the protection of data is also recognized by the EU Charter of Fundamental Rights, which was proclaimed in 2000 and became a statutory law through the Treaty of Lisbon in 2009. Article 8 of the EU Charter states that “
- Everyone has the right to the protection of personal data concerning him or her” and in addition:
- “Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law.
- Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified” (Publications Office of the European Union, 2000, p. 10).
Prior to Austria joining the EU in 1995, a privacy protection law was already in place since 1978. The regulatory authority for data protection in Austria is the Austrian Data Protection Commission, which was founded in 1980 as one of Europe’s oldest data protection authority. The Austrian Data Protection Commission is a governmental authority responsible for ensuring compliance of data regulations, as required by the Data Protection Act (Österreichische Datenschutzkommission, 2013).
After becoming a Member of the EU, Austria was requested to harmonize its existing laws in accordance with EU directives and regulations. Consequently, in 1999 the old Austrian privacy protection law from 1978 was amended to comply with the EU Directive 95/46/EC. The result of this amendment was the Federal Act concerning the Protection of Personal Data (DSG 2000), still the current legislation governing data protection in Austria (Österreichische Datenschutzkommission, 2013).
Personally I have never exercised my right to access my own personal data. However, I am aware that access to personal information in Austria requires a person to submit a written request under § 26 DSG 2000 to the organization or entity concerned. The organisation must respond to the request within eight weeks. This request is free of charge, unless there was a similar request sent for information in that same year (Österreichische Datenschutzkommission, 2013).
The currently existing EU Data Protection Directive is under discussion to be amended and streamlined to address the differences in data protection legislations implemented by individual EU Member States to guarantee same level of protection for personal data. As a result, the European Commission envisages a uniform common European law on data protection to be regulated by the relevant national supervisory authority. However, there is still a long way to go before completion of the discussions on a consistent application of data protection legislation across the EU (European Parliament, 2013, p. 2).
European Parliament. (2013). Data protection day: is your private life safe?, p. 2. Brussels.
Österreichische Datenschutzkommission. (2013). Welcome to the Website of the Austrian Data Protection Commission. Österreichische Datenschutzkommission. Retrieved February 9, 2013, from http://www.dsk.gv.at
Publications Office of the European Union. (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281).
Publications Office of the European Union. (2000). Charter of Fundamental Rights of the European Union (2000/C 364/01).
Publications Office of the European Union. (2007). Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community, signed at Lisbon, 13 December 2007 (OJ C 306).
Room, S. (2007). Data Protection & Compliance in Context. United Kingdom: British Information Society Limited.” – Elfriede Bosch – Vienna, Austria