Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Austria: Federal Administrative Court upholds DSB decision regarding consent obtained for customer loyalty programs

On July 10, 2024, the Austrian data protection authority (DSB) published a summary of the Federal Administrative Court's (BVwG) judgment in Case No. W214 2243436-1/39E of March 27, 2024, in which it upheld the decision of the DSB to impose three fines on legal entities that operate customer loyalty programs in violation of the General Data Protection Regulation (GDPR), however, the BVwG reduced the fine to €700,000. 

Background to the decision

The legal entities operating the customer loyalty programs collected consent from those affected by the processing of personal data for the purpose of profiling. 

Findings of the BVwG

The BVwG held that the consent requests contained in the registration forms for the customer loyalty program were misleading and did not meet the requirements of Articles 4(11), 5(1)(a), and 7(2) of the GDPR.

Outcomes

In light of the above, the BVwG upheld the decision but reduced the amount of the fine to €700,000 stating that the same was effective, dissuasive, and proportionate. The basis for calculating the fine was not the turnover of the individual company, but that of the entire economic unit, considering the definition of an undertaking within the meaning of Articles 101 and 102 of the Treaty on the Functioning of the European Union (TFEU).

You can read the summary of the decision, only available in German, here.