Regulatory actions, fines, warnings, and enforcement decisions
80 euro boete - Oostenrijkse Autoriteit voor Gegevensbescherming (dsb).
De Oostenrijkse gegevensbeschermingsautoriteit heeft een journalist een boete van 80 euro opgelegd. De verantwoordelijke partij heeft onnodige persoonlijke gegevens van een betrokkene op sociale media gepubliceerd, waaronder hun adres.
€80 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 80 on a Journalist. The controller published unnecessary private data about a data subject on social media, including their address.
600 euro boete - Oostenrijkse Autoriteit voor Gegevensbescherming (dsb).
De Oostenrijkse gegevensbeschermingsautoriteit heeft een boete van 600 euro opgelegd aan de eigenaar van een Tesla-auto. De auto was uitgerust met zeven camera's die beelden maakten tijdens het gebruik en terwijl de auto geparkeerd stond, met als doel mogelijke bedreigingen te detecteren. Het systeem voor het detecteren van bedreigingen zorgde er echter voor dat de auto beelden maakte van mensen die geen bedreiging vormden en dus zonder reden werden gefilmd. Bovendien waren de betrokkenen niet geïnformeerd over het feit dat er gefilmd werd.
€600 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 600 on the owner of a Tesla car. The controller's car had seven cameras installed, which filmed while the car was in use and while it was parked, recognising possible threats. However, the threat recognition system meant that the car filmed people who were not a threat and therefore for no reason. Additionally, data subjects had not been informed about the filming.
€33,500 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 33,500 on a bakery chain. The controller used video surveillance which affected both public areas and areas intended solely for employees. The cameras were installed and operated in a way that did not comply with the principle of data minimisation and was not based on a sufficient legal basis. Additionally, CCTV footage was distributed via a messaging service.
Een boete van 33.500 euro - van de Oostenrijkse Autoriteit voor Gegevensbescherming (DSB).
De Oostenrijkse gegevensbeschermingsautoriteit heeft een bakkerijketen een boete van 33.500 euro opgelegd. De onderneming maakte gebruik van videobewaking die zowel openbare ruimtes als ruimtes die uitsluitend voor werknemers waren bestemd, omvatte. De camera's waren geïnstalleerd en gebruikt op een manier die niet in overeenstemming was met het principe van dataminimalisatie en was niet gebaseerd op een voldoende juridische basis. Bovendien werden beelden van de videobewaking via een berichtenplatform verspreid.
870 euro boete - Oostenrijkse Autoriteit voor Gegevensbescherming (dsb).
De Oostenrijkse gegevensbeschermingsautoriteit heeft een bedrijf een boete van 870 euro opgelegd. Nadat het bedrijf werd geïnformeerd over een datalek, heeft de verantwoordelijke partij adequate maatregelen genomen om de lek te dichten, maar heeft deze de gegevensbeschermingsautoriteit niet op de hoogte gesteld.
€870 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 870 on a company. After being informed of a data breach, the controller took adequate measures to close it but failed to inform the DPA.
€6,200 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 6,200 on a media company. The controller failed to comply with an order from the DPA to implement an adequate cookie banner.
Boete van 6.200 euro - Oostenrijkse Autoriteit voor Gegevensbescherming (dsb).
De Oostenrijkse gegevensbeschermingsautoriteit (DPA) heeft een mediabedrijf een boete van 6.200 euro opgelegd. Het bedrijf had niet voldaan aan een aanwijzing van de DPA om een adequate cookiebanner te implementeren.
€16,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine in the amount of EUR 16,000 on a car park management company. The controller failed to react to communication from the supervisory authority.
16.000 euro boete - Oostenrijkse Autoriteit voor Gegevensbescherming (dsb).
De Oostenrijkse gegevensbeschermingsautoriteit heeft een boete van 16.000 euro opgelegd aan een bedrijf dat parkeerplaatsen beheert. Het bedrijf heeft niet gereageerd op de communicatie van de toezichthoudende autoriteit.
€5,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine on a company. The controller appointed a DPO who had a conflict of interest, meaning the person was not suitable for the role.
€1,500,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 1,500,000 on a company, that is part of a group. The controller installed video surveillance devices that did not comply with the GDPR, resulting in the company being fined.
€1,500,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 1,500,000 on IKEA. The controller used excessive video surveillance, including in public spaces and the checkout area. Additionally, the video surveillance captured customers entering their credit card PINs when making payments. The controller appealed against the decision to the Austrian Federal Administrative Court, which upheld the DPA's decision in its ruling on 25 June 2025. June 2025.
€100,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 100,000 on a Covid 19 test lab. The controller failed to implement sufficient technical and organisational measures, resulting in a data breach. Furthermore, the controller refused to inform the data subjects of the breach. The DPA also found that the controller processed certain data without a sufficient legal basis, used a processor without the necessary contract, failed to designate a suitable DPO, and failed to report the designation to the DPA.
€10,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine in the amount of EUR 11,000 on a website operator. An individual had filed a complaint with the DPA because the controller had failed to comply with the data subject's request to delete their data.
€15,200 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 15,200 on a media company. The company failed to react to requests by the DPA.
€5,900 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA fined a controller EUR 5,900 for failing to report a data breach in a timely manner and for not cooperating with the DPA.
€10,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 10,000 on a physician. The physician had responded to an online review regarding their practice, disclosing personal health data of a patient
€1,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 1,000 on a private individual. The controller had sent data subjects electoral advertising without a valid legal basis.
€28,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 50,700 on a political party. The controller had sent two emails in an open distribution list. This allowed the recipients to view the email addresses of all other recipients and to determine the workplace and political affiliation of the data subjects. --- Update --- The Austrian Federal Administrative Court has reduced the amount of the fine from EUR 50,700 to EUR 28,000 due to the current financial situation of the controller.
€25,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 25,000 on an operator of a public toilet. The controller had installed a video surveillance camera on the restrooms and secretly recorded people using the toilets. The DPA found that the controller had no legal basis for installing the cameras. In assessing the fine, the fact that the privacy of the data subjects had been significantly violated was taken into account as an aggravating factor.
€8,000,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 8 million on REWE International AG. Just in the summer of 2021, the subsidiary 'Unser Ö-Bonus Club GmbH' received a fine of EUR 2 million. According to the 'Salzburger Nachrichten' newspaper, the fine is based on various violations of the GDPR. Further details about the incident are not known at the moment.
€9,500,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA imposed a fine of EUR 9.5 million on the Austrian Post on September 28, 2021. The main accusation is that, in addition to the contact options used by Austrian Post via mail, web contact form and customer service, data protection-related inquiries should also be allowed via e-mail. According to the newspaper 'Der Standard', the Austrian Post had only introduced a contact form for data protection inquiries, in order to automate the process of inquiries and to obtain all informatio
€500,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 500,000 on an address broker. The controller provided a form for data subjects to exercise their rights. The controller regularly did not allow data subjects to exercise their rights in another way, always referring them to the form. Only when a data subject actively refused to use the form did the controller respond to requests to exercise data subjects rights which did not use the form. The DPA decided that this limited the exercise of data subjects'
€600 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 600 on a private individual. A private individual had sent a document obtained in a court case between the data subject and himself to the data subject's employer. This document contained information regarding health-related data of the data subject. At no time had the data subject consented to the forwarding of the document to her employer.
€500,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 2,000,000 on Rewe affiliate Ö-Bonus Club GmbH. When signing up for the customer loyalty program jö Bonus Club, the controller is said to have failed to properly explain that customers' data and shopping behavior are used to create individual profiles, and that the information is also passed on to partner companies. According to the GDPR, the clarification must be easily accessible and in simple language. However, the controller had designed the registra
€3,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has fined a company EUR 3,000 for failing to provide information requested by the DPA during an investigation.
Austrian Data Protection Authority (dsb)
The Austrian DPA has fined a private individual. The individual had installed a video surveillance system which, among other things, also recorded the public space and stored the images excessively long.
€700,000 fine - Austrian Data Protection Authority (dsb)
According to the newspaper 'Der Standard', the Austrian DPA has imposed a fine of EUR 1.2 million on a customer loyalty program in 2021. Further information has not yet been disclosed. - UPDATE - The controller appealed the decision to the Austrian Federal Administrative Court, which reduced the original fine from EUR 1,200,000 to EUR 700,000.
€600 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA imposed a fine of EUR 600 on a private individual. The individual had contacted a public institution to draw their attention to the fact that the statement of a kindergarten teacher that she was 50% disabled did not correspond to reality. For this purpose, the person submitted a court report that contained health-related data of the data subject. In the course of its investigation, the DPA found that the transmission of the court report constituted an unlawful processing of the
€4,000,000 fine - Austrian Data Protection Authority (dsb)
Original fine summary: The Austrian DPA has imposed a fine of EUR 4,000,000 on a credit institution. The controller had stored an Excel file containing personal data, such as customers' account information, on an internal drive for the purpose of internal administration of bank customers. The file could be accessed and viewed by all branch employees as needed. The Excel file was neither encrypted nor protected by other adequate measures against unauthorized access or unintentional disclosure to
€150 fine - Austrian Data Protection Authority (dsb)
The private individual recorded a female person while she was using one of the WC cabins by placing a cell phone (smartphone with camera function) under the WC cabin partition wall, with the screen pointing upwards and the front camera of the cell phone being active during the entire process.
€600 fine - Austrian Data Protection Authority (dsb)
Between February and June 2020, a private individual published information about patients on his personal Facebook page. The information included health data in terms of Art. 4 (15) GDPR. In detail, the published data comprised patient names, diagnostic findings, medical diagnoses, medication data, data on hospital admissions and discharges, patients' social security numbers and the names of the treating physicians.
€100 fine - Austrian Data Protection Authority (dsb)
A bank employee made a copy of the identity card of a bank client who wanted to exchange EUR 100 in foreign currency and justified this with money laundering charges. However, these only apply to a sum of EUR 1000 and above.
€16,000,000 fine - Austrian Data Protection Authority (dsb)
The Austrian DPA has imposed a fine of EUR 16,000,000 on the Austrian Post. The controller had sold information regarding the political affinity to third parties without a sufficient legal basis. Update: After the Austrian Federal Administrative Court canceld the fine with ruling from 2020-11-26, it again decided in the case and upheld the fine regarding the legal issue, but reduced the total amount from EUR 18,000,000 to EUR 16,000,000.
€25,000 fine - Austrian Data Protection Authority (dsb)
The (none-final) fine was imposed on a company in the medical sector for non-compliance with information obligations and for not appointing a data protection officer. Update: The original fine of EUR 50,000 was reduced to EUR 25,000 by the Austrian Federal Administrative Court.
€11,000 fine - Austrian Data Protection Authority (dsb)
The fine was imposed on a soccer coach who had secretly filmed female players while they were naked in the shower cubicle for years.
€2,200 fine - Austrian Data Protection Authority (dsb)
The fine was imposed against a private person who was using CCTV at his home. The video surveillance covered areas which are intended for the general use of the residents of the multi-party residential complex, namely: parking lots, sidewalks, courtyard, garden and access areas to the residential complex; in addition, the video surveillance covered garden areas of an adjacent property. The video surveillance subject of the proceedings is therefore not limited to areas which are under the exclusi
€4,800 fine - Austrian Data Protection Authority (dsb)
Video surveillance was not sufficiently marked and a large part of the sidewalk of the facility was recorded. Surveillance of the public space in this way, i.e. on a large scale by private individuals, is not permitted.
€300 fine - Austrian Data Protection Authority (dsb)
A Dashcam was unlawfully used.
€1,800 fine - Austrian Data Protection Authority (dsb)
CCTV was unlawfully used. Sufficient information about the video surveillance was missing. In addition, the storage period of 14 days was too long and therefore against the principle of data minimization. Addendum: Fine has been reduced to EUR 1500 by court, see link