DSB - 2020-0.083.190

From GDPRhub
DSB - 2020-0.083.190
LogoAT.png
Authority: DSB (Austria)
Jurisdiction: Austria
Relevant Law: Article 82(6) GDPR
Article 83 GDPR
AVG
§ 29 DSG
VStG
Type: Other
Outcome: n/a
Decided: 21.02.2020
Published:
Fine: None
Parties: n/a
National Case Number/Name: 2020-0.083.190
European Case Law Identifier: ECLI:AT:DSB:2020:2020.0.083.190
Appeal: Not appealed
Original Language(s): German
Original Source: RIS (in DE)
Initial Contributor: Max Schrems

Under Austrian procedural law a successful complainant is not a party to the penal procedure, when a penalty under the GDPR is imposed.

English Summary[edit | edit source]

Facts[edit | edit source]

A complainant has succeed in a complaints procedure to get access to his data. Under Austrian law the complaints procedure is governed by the General Administrative Procedural Act ("AVG") and any additional penalty is governed by the Administrative Penal Procedural Act ("VStG").

While the complainant was a party to the procedure that ensured access to his data, the lawyer representing the complainant was applying to be a party to the penal procedure too.

Dispute[edit | edit source]

Is a complainant party to the penal procedure, following a GDPR violation?

Holding[edit | edit source]

The Austrian DPA ("DSB") held that while the complainant is a party to the complaints procedure, that ensures that his personal right to access is enforced, the complainant is not a party to the penal procedure that concerns the state-imposed penalty. This would be different, if any rights "inter partes" would form the procedure.

Comment[edit | edit source]

Austrian procedural law strictly defines the party roles, based the question if personal rights of a potential party (e.g. the right to data protection) are infringed. A complainant is a party to the procedure insofar as his/her right to data protection is determined, but not when it comes to the state-imposed penalty. This is consistent with existing procedural law and doctrines.

Further Resources[edit | edit source]

Share blogs or news articles here!

English Machine Translation of the Decision[edit | edit source]

The decision below is a machine translation of the German original. Please refer to the German original for more details.

Deciding authority

Data Protection Authority
Decision date

21.02.2020
Business figures

2020-0.083.190
Contestation with the BVwG/VwGH/VfGH

This decision is final.

Text

GZ: 2020-0.083.190 from 21.2.2020

Note Processor: Names and companies, legal forms and product names, addresses (including URLs, IP and e-mail addresses), file numbers (and similar), etc., as well as their initials and abbreviations may be abbreviated and/or changed for reasons of pseudonymisation. Obvious spelling, grammar and punctuation errors have been corrected].

DECISION

SPEAK

The data protection authority decides on the application of Dr. Alfons A*** (applicant), represented by D*** & Partner Rechtsanwälte GmbH & Co KG, dated 20 January 2020, to grant him party status and access to the files in possible administrative criminal proceedings against Dr. Elfriede A***, as follows

- The motion is dismissed.

Legal bases: Sections 17, 32 para 1, 56 para 2, 57 para 1 of the Administrative Criminal Act 1991 - VStG, Federal Law Gazette No 52/1991 as amended; Article 82 para 6 of Regulation (EU) 2016/679 (Basic Data Protection Regulation - DSGVO), OJ L 207, 30.12.2009, p. 1. No. L 119 of 4.5.2016, p. 1; section 29 Data Protection Act - DSG, Federal Law Gazette I No. 165/1999 as amended; section 17 General Administrative Procedure Act 1991 - AVG, Federal Law Gazette No. 51/1991 as amended.

EXPLANATIONS

A. Submission

The applicant submits the following in its application:

"In its decision of 26 January 2018 (ref. no.: DSB-D122.756/0005-DSB/2017), the data protection authority found (amended by the decision of the Federal Administrative Court on 25 June 2019 (ref. no.: W258 2187426-1/40E / W 258 2188466-1/36E) that Dr Elfriede A*** (respondent) had violated the applicant, Dr Alfons A*** (complainant), in his right to information.

On the basis of the legally binding decision of the data protection authority, it is to be assumed that the data protection authority has initiated administrative criminal proceedings against Dr. Elfriede A*** (complainant). As the aggrieved party, the applicant has a legal interest in the administrative criminal prosecution of Dr. Elfriede A***.

The claimant therefore submits the

Motion,

1. to be granted party status in any administrative criminal proceedings against Dr. Elfriede A*** and

2. to inspect the files in these administrative penal proceedings."

B. From a legal standpoint, it follows that

In its ruling of 27 February 2019, Ra 2017/10/0121, the Administrative Court expressly stated that the parties to administrative criminal proceedings are a closed circle of persons defined by law by virtue of express provisions of the VStG.

These are the accused (see § 32 (1) VStG), the private prosecutor (see § 56 (2) VStG) and the private party (see § 57 (1) VStG). In addition, § 17 VStG provides for a party status for the owner of an object threatened with forfeiture who is different from the accused.

The applicant is not listed as an accused party in administrative criminal proceedings before the data protection authority in connection with the above-mentioned preliminary proceedings.

In any case, the present case does not constitute a violation of honour, so the applicant is not qualified as a private prosecutor within the meaning of the VStG. Moreover, this would not be a fact which the data protection authority would have to disregard.

Nor can the applicant in the present case be regarded as a person accused by (possible) different owners of an object threatened with forfeiture.

For a person to be able to obtain party status as a private party in administrative criminal proceedings, it is a prerequisite that the administrative criminal authority must also decide on the private-law claims derived from an administrative violation in accordance with individual administrative provisions in the penal code. However, the provisions of Art. 83 DSGVO and Art. 62 DSG that standardise the elements of administrative offences do not provide for anything in this regard.

For the above-mentioned reasons, the data protection authority is thus prevented from granting third parties - beyond the cases provided for by law - party status. Consequently, no inspection of files can be granted.

It was therefore appropriate to make a ruling in accordance with the Rules of Procedure.
European Case Law Identifier

ECLI:AT:DSB:2020:2020.0.083.190