Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Austria: Federal Administrative Court upholds DSB decision regarding consent obtained for customer loyalty programs
On July 10, 2024, the Austrian data protection authority (DSB) published a summary of the Federal Administrative Court's (BVwG) judgment in Case No. W214 2243436-1/39E of March 27, 2024, in which it upheld the decision of the DSB to impose three fines on legal entities that operate customer loyalty programs in violation of the General Data Protection Regulation (GDPR), however, the BVwG reduced the fine to €700,000.
Background to the decision
The legal entities operating the customer loyalty programs collected consent from those affected by the processing of personal data for the purpose of profiling.
Findings of the BVwG
The BVwG held that the consent requests contained in the registration forms for the customer loyalty program were misleading and did not meet the requirements of Articles 4(11), 5(1)(a), and 7(2) of the GDPR.
Outcomes
In light of the above, the BVwG upheld the decision but reduced the amount of the fine to €700,000 stating that the same was effective, dissuasive, and proportionate. The basis for calculating the fine was not the turnover of the individual company, but that of the entire economic unit, considering the definition of an undertaking within the meaning of Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU).
You can read the summary of the decision, only available in German, here.