Austria’s First GDPR Fine Is For Video Surveillance

Author: Charles Rollet, Published on Jan 29, 2019

Should EU businesses be concerned if police see a business' surveillance cameras filming public areas?

This is what happened with Austria’s first GDPR fine, imposed on a betting shop for filming public areas with its security cameras.

austria gdpr fine

The case racked up a total of almost $6,000 in fines, some of which were for non-GDPR violations. It has been appealed, so is not final. The case is nevertheless an important example of the heightened risk faced by end users in the GDPR era, particularly since it was the GDPR-related fine that was by far the highest.

In this note, we examine:

  • How They Got Caught
  • Alleged Violations
  • GDPR vs non-GDPR Violations
  • How The Fines Were Calculated
  • Why the GDPR Fine was the Highest
  • The frequency of Video Surveillance Fines in Austria
  • Timing & Gravity of Offense
  • Broader Meaning

****** ** ********** ** ********* ** ****** *** * ********' surveillance ******* ******* ****** *****?

**** ** **** ******** **** *******’* ***** **** ****, ******* on * ******* **** *** ******* ****** ***** **** *** security *******.

austria gdpr fine

*** **** ****** ** * ***** ** ****** $*,*** ** fines, **** ** ***** **** *** ***-**** **********. ** *** been ********, ** ** *** *****. *** **** ** ************ an ********* ******* ** *** ********** **** ***** ** *** users ** *** **** ***, ************ ***** ** *** *** GDPR-related **** **** *** ** *** *** *******.

** **** ****, ** *******:

  • *** **** *** ******
  • ******* **********
  • **** ** ***-**** **********
  • *** *** ***** **** **********
  • *** *** **** **** *** *** *******
  • *** ********* ** ***** ************ ***** ** *******
  • ****** & ******* ** *******
  • ******* *******

[***************]

*** *** **** *** ******

********* ** ********** **** *******,***** ****** ******** ******* *** ************ ******* ******* ****** ***** above *** ******** ** * ******* **** ** *** ****** of******** ***** **, ****. (******* ***** *** ****** ** ***** of ****** *** ******* ******* ** * ***** *****/*** ***** patrons *** *** **** ******** ** ***** ****.)

* **** *** ****** ***** *** *********** ** *** ******** data ********** ******,*** ***, ***** *** **, ****, *** **** *** **** *** enacted. **** ** ******* ***** ** *** ****, ******* ***** surveillance ***** **** ******* ** ***** ***********, *** *** ***, the ****** **** ****.

List ** **********

*** *** ****** **** *** ******* **** ********* **** ******** privacy **********:

  1. *** ******** ******* ******* ** *** ****’* ******** ********* * public ******* *** *** ******* *****, ********* ****** ******* ** and ********’ ******* ******.
  2. *** ******* **** *** ********** **** ***********.
  3. ***** ************ ******* *** **** *** ** ********** **** ****** with ** ************* ********. (******** ******* *** ******** ***** ************* for *** ***** ************ ******* ******* ****** **** ** *****.)
  4. ***** *** ** ****** **** ********** **** ***** ************ *** being ****.

*** ******* **** *** ******* ** *** *** **** *** name **********, ******** *** ******* *** ******* ** *** **** of * *****.

GDPR ** ***-**** **********

*** ***** ********* – ******* ****** ***** – *** *** only ****** ****** ** ********* *** ****, **** *** *** highlighting *** ******** ******** ** *** ***:

  • ******* *, ***** ****** **** *** ********** ** ******** **** ** ******* ** **** ** ********* ** ******** ** *** ******** for ***** **** *** *********”. *** *** ***** **** *** betting ****’* ********** *********** *** *** *******’ ******** ******* ** *********** *** entrance.
  • ******* *, ***** **** *** *** ********** *** ****** **********, **** as “*******” *** “********** ********”. *** *** ***** **** *** betting ****’* ******* ********* **** ** ***** **********.

*** ***** ***** ******* **** *** ********** *********’* ******** ******* ***, ***** *** ****** ** ****.

*** ****** ****** *** **** ** ***-**** ***** ** **** “the ******** ** *** ******* ******* ******** ****** ** *** 2018” *.*. *** **** *** **** *** *******. ********* ********** 2, *, *** * **** ******* ***** ******** ******* *********** while *** ***** *** ******* ***** *** ****.

How *** ***** **** **********

*** *** **** *********, *** **** *** ***** *,*** ***** ($2,717). *** ***** *****, ***-**** ********** ******** ***** ** *** euros **** ($***), ** **** *** ** ******** ******** ******* law.*** ***** ** ***** *** **** *,*** ***** ($*,***). * 10% ***** *** *** *****, ******** *** ***** ** *,*** euros ** $*,***.

(**********: “**** ** *****”, “******* ** **** ***** *** *** collected”, “************ ******”, “[*****] *********”)

GDPR ****** ****** *****

*** **** **** *** **** ********* *** ***** *** *,*** euros ***** *** ***-**** ***** **** **** *** ***** ** not * ***********.

*** ***'* ****** **** ******* ******* ********* ** **** (******** added):

********* ********, *** **** ****** ****** ****** **(*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR.

************, *********** ************* ************************* ***** **** ** ************ ** *** **** ** *** offender; * ***** ******* **** ***** *** ** ******* **** the ******* **** ****, ***** *** ***** ** ******* ***** or *% ** ****** ****** *******.

*** **** ** ** *************. *** *******, * ****** **** a ******** *** *** ** ****** ****** ** **,*** ***** [$45,300] **** * **-*******-**** **** [$** *******].

Frequency ** ***** ************ ***** ** *******

**** ** *** *** ***** **** ******* ***** ************ ** fined ** *******. ******** ** *** *** ******* **********, ******* told **** **** ***** *** * "****** **********", ****** *** after *** ****:

*** ******** ** *** ****** ***** ******* *** ******** ******* use ** ****.

Timing/Gravity ** *******

*** ****** ************* ** *** ******* **** ***** ** ***** 2018 *** *** ***** **** ********* ** ********* ****. *** shop *** ******** *** **** *** *** *** ** *******’* federal *****, ***** *** *** ** **** ** **, *** DSB ********* ** ****.

*** *** **** ********* **** **** ** *******’* ***** **** fine. *** ******-**** ***** ** **** ***** ***** **** *** fact **** **** ********** *** ***** ******* * ******* ** cases ***** ***** **** ****** *** ****’* *********.

*** *** ****** *** ****’* ******* ** ** “*********” ****** “mitigating” ** “***********”. **** ** ******* *** ******* **** ****’* have *** ******** ****** ** **********, ******* *** ******* *** months-long ***** ************.

**********

**** **** ******** * ************ ************ ******* ** *** ***** can ** ****** ****** ** *** ****.* $*,*** **** *** * ****** ***** **** *** ** quite * *********** ******, *** ** ** ****** **** *** total **** ***** **** **** ****** *** *** *** ********** taken ***** ***** *** ****’* ********* ** *** **.

**** ** ********* *** *****, ***********, *** *** ****** ********** video ************ **** ****** ****** **** ** ****.

Comments (28)

Donald Erickson

01/29/19 11:55am

**** *****.

Avatar

Sean Nelson

Nelly Security | 01/29/19 03:32pm

* **** *** "******* Public *****"???

"*** ******* **** *** registered **** ***********"

*** ****!

Avatar

Charles Rollet

In reply to Sean Nelson | 01/30/19 03:22am

***** ** *** **, however ** ******* **** have *** * **** time ********* ***** ************ much **** *********** (*** this ******** *** ****.) For ******* ** ****** the ******************** ************** **** ********** ******** cameras **** **** ****** areas, "**** ** **** want ** ****** *** security ** ***** ******* parked ** ***** ** their ****.”

Undisclosed Integrator #1

01/29/19 05:07pm

"***** *****" ** *** ****....

Undisclosed #5

In reply to Undisclosed Integrator #1 | 01/30/19 11:15pm

************** *********, *** ***** *** ****** ** ***** ******* “*******” tracking ******** ** ****** ***** ******. *** ** ***** *** of ****...

Undisclosed #2

01/29/19 05:12pm

*** ****** ****** *** GDPR ** ***-**** ***** is **** “*** ******** of *** ******* ******* occurred ****** ** *** 2018” *.*. *** **** the **** *** *******. Therefore ********** *, *, and * **** ******* under ******** ******* *********** while *** ***** *** charged ***** *** ****.

**** ******* **** *** the *************************** ** **** **** just *** **** **** of $*,*** ***** **** been ******; *** **********, had *********************** ** ****, **** just *** * $*** fines ***** **** **** imposed.

** **** ** **, why ** *** *** that

** *** *** ****-******* fine **** *** ** far *** *******.

**** ** **** ****** to **** ** $****, just **** *** ***-**** spread **** ***** *****, but **** *** *** same *******?

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 03:14am

****, *** ** *******. What *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1. ***** *** **** gives *********** ************* **** leeway ** ******** *****, each ** *** ********** could **** **** *****, for *******, *,*** ***** - ** ****'* *,*** x * = *,*** euros ***** ** *****, or ****** $**,***.

**** *** ***-**** ********** were *** "****** **** three *****"; **** *** was * ********** ********* of ******* ***********.

* **** **** ** check ** ************** **** fines *** **** ********** are ********* ****** **** the ****** **** ** the ******** **** ********** agency ******** *******. ** confirmed **** ** **, stating ** **** (******** added):

"********* ********, *** **** allows ****** *** *** 83 (*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR. In addition, in this particular case, the Austrian DPA had to take transitional provisions into account, which ******* *** ***** ***** ***** ** *** ******** ***** ********* prior to the GDPR in which the infringing action started before the 25th of Mai 2018."

Undisclosed #2

In reply to Charles Rollet | 01/30/19 04:35am

**** *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1.

** *** *** ****** that******** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ***************** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

**** ****** ******** ** me, *** **’* ********.

** *** ***** ****, if *** ** *** 4 ******** ******** ** both ************* * *** ******* under **** ********, ** would **** * *** arbitrary ** ****** **** capriciously *** **************, **** because **** **** ********* over * ****** ** shorter **** ******.

**** **** **** ***** :)

* *** *** ** check ******, *** *** link *** **** ******** the ******* “*** ***** wurde ***** ********”...

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 06:44am

** *** *** ****** that******** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ***************** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

*** **** ***** **** "most ** *** ******* misconduct ******** ****** *** 25." ** ********** *, 3, *** * **** found ** *********** ****** the ****, *** ********* 1 *** **** ********* afterwards. ******* ********** *-* were ******* ***** ************ prior ** ****, *** shop ***'* ** ********** for *** **** ******* post-GDPR. ***** ** ** mention ** *** **** registering *******, ******* ** signs, ***.

* *** *** ** check ******, *** *** link *** **** ******** the ******* “*** ***** wurde ***** ********”...

** ***, * ***** the **** ** *** article. *** *** ********* ****.

Undisclosed End User #3

01/29/19 05:33pm

* **** * *** ****** **** ****** *** **** **** drive ** ** *******, ** ****** ***'* **** ** **** drive ******* ***. *** **** ***** *** ***** **** **** teenagers ******* ** *** ** *** ****.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 09:54am

*** ** *** ****** the ****** ******* *****? Also, *** *** ****** the **** *** *** retrieved ** **** ******** firmware ************* ** ***** in ******** ** *** switch?

* ***** *** ********** a ****** ******* ** person ******** *** ******* where * *****.

John Honovich

IPVM | In reply to Jonathan de Chateau | 01/30/19 10:00am

***** ** ******** ** the ******?

** *** ******... :)

Avatar

Jonathan de Chateau

In reply to John Honovich | 01/30/19 11:28am

**** *** ***** ** the ****** ** ****** :)

* ****** ***'* ********** the ******** ********* ** GDPR. **** ***-** ******* seem ** **** ** nothing **** **** * hassle.

** ** * *** two ***** *********

- **** ************* ** data
- **** ***** *** trunkslammers

********** *** ****** ****** should ** *********. **** makes * ****** ***** for *** ******** *** better *** * ****** level ** ********* *** installation.
********** **** ****** **** a ****** ******* *** higher ******.

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 12:14pm

******* ****, ****** ******* design, *** **** **** the *********** ******, (**** up *** *** **).

* **** * ****** that's ***** ** ** driveway ** ***, * see *** **** ** cars ******* **, *** no ****** **** **** turn **** ** ********. It *****'* *** *** of ***** *****, *********, or ***** *****. **'* a "***** ************" ** if * ******* *** angle ** **** ****** driving ** **** ******'* mind.

* ****** **** *** of ** ********* *** a *** ******* **' off *** ****** ** the **** ** ***** house, ****** **** ** don't ** * **** comes **** ****. ******* just ******* ** ** neighborhood *** * ***** wifi ****** *** **** in ******* **** **** decided ** **** ******** of * ***** **** student ******* ******* ***** backyard **** ***** ******** them. *** *** *******'* of **** *****, *** posting ** ** *** towns ******* ******** ***** (over ** ******* ** see) *** ****** ** get **** ** ******* for ****.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 12:35pm

* **** * *** camera **** ****** *** cars **** ***** ** my *******, ** ****** don't **** ** **** drive ******* ***.

* ****** **** **** message ** *** ********* all ***, ***** *** no ********* ** **** driveway ******** ***** ********.

** **'* **** ******** you *** ****** *** rights, **** **** *** the *** *******. ** argument *****.

**'* *** ****** ** not ****** * ****** of ***** ******, ** public ***** ** ******* looking ** ** **** private ********. **** *** enter ******** ******* ******** you ***'* **** *** say ** ***** ****** choices. *********** **** *** need ** ** ***** though... * ***'* ***** agree **** **** ****

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 01:22pm

** ******* **** ** odd ******, * ******* road **** **** ******* to ** ** *** property **** ******* *** of *** *********, ** someone **** *** **** to ***** **** *** vs *** ***** * entrances ** *** ***** they **** ** ** that's ***** ******.

** *** ** *****, my *** ****** ****** on * ****** ****, I *** *** **** of ***** ***, *** only *** ***** ** the **** **** **** down ** ********, **** if **'* **** ** turn ******. ****** * PTZ *** * ****** story **** *** **** into ****** * ******* isn't *** **** ** a ***** ****** **** sees * ******** ****.

*** ** *** ****** who **** ** *****/******** of ****** ** ***** backyard ** ********, ** my ******** ** * felt *** **** ** shame ****** ****** ** would ** ******* **** issues ** *** ***. I'm *** **** ** the **, *** ** the ******, **** ** intended ** ** **** private, *** ********* ****** to ********.

Undisclosed #5

In reply to Undisclosed End User #3 | 01/30/19 05:42pm

******** *** ******** ** *** *** *** ******** ********* ******.

Avatar

Michael Votaw

In reply to Jonathan de Chateau | 02/14/19 01:32pm

******, ***** *** ********* ******* **** ********** ***** **.

Undisclosed Integrator #4

01/29/19 06:46pm

**** *** ******** ****** registration, ** **** ****** like * *** *** the **** ** **** knowledge *** ****** ** all ******* **** * view ** *** ****** without ****** ** ***/******* themselves. ** ***** ** crooked ******** ***** ** in *** ******* **** the **** ** ******* to ****.

****, * ***** ***** a **** ** *********** if *** ******* *** in ***** ****. **** me *********** ** *** want

Avatar

Charles Rollet

In reply to Undisclosed Integrator #4 | 01/30/19 03:18am

**** **** ** ************** on * ********* *****, however, *****'* ** ********* anywhere ** *** **** or ******** ** ******* laws **** ***** ******** video ************ *** *** required ** **** ** the ******* *** ** plain ****. (*** *** see ***: * *********** may ***** ***** ******* are ****** ******* **** many ******** ***'* **** bother ** **** ** and ****** ****).

Carl Kristoffersen

In reply to Charles Rollet | 02/03/19 02:59pm

*** * **** ** eye ***** *** **** won't **** *** **.

**** ** *****, "***'** on ******".

Avatar

Jonathan de Chateau

In reply to Undisclosed Integrator #4 | 01/30/19 09:49am

* *** ********** *** feel **** ***, *** what ******* **** **** not ** ******** ********* installs ******* ** *** house, ******* ** *** road *** **** ******* at **** ****** *** private ****?

**** ** * ******, but * **** ***** for *** *** ****

Undisclosed #2

In reply to Jonathan de Chateau | 01/31/19 03:18pm

...*** **** ******* **** your *** ** ******** neighbour ******** ******* ** his *****, ******* ** the **** *** **** looking ** **** ****** and ******* ****?

****?

Undisclosed #5

01/30/19 06:39pm

* ******* ****** *********** ** **** ***** ***** **** *****, and * ******** *** ********* ********* ** ***** ***** *** laws ** *** *****. *** ************ ** ********** ************ ** everyday **** ** ********* ** * ********** **** *******.

Avatar

Alf Katz

01/30/19 09:49pm

*'* ****** **** **** we ***'* **** **** laws ** *********, ***** private ******* ** ***** that ****** ** **** the ******** ** ***** of *** ***** **** been ******* *********** *** the ************ ** * rapist/murderers, *** ******* * number ** ***** ******. The ****** ********* **** on ******* **** *****.

** ** **** **** other ****** **** ****** encryption ******.

John Honovich

IPVM | In reply to Alf Katz | 01/30/19 11:06pm

***, **** *****. * similar ******** ****** ** the ** **** ******* to ***** ******* ******* to **** ***** ****** cases. ******, ** *** US, * ****** ** local ****** *********** ***** databases ** ******* ******* to **** ***** ******. It ** ** ** interesting ******** ******* *******, security, *** **** (*.*., those ******* ******* *** much **** ********* **** building *** ********** ****** systems).

Undisclosed End User #6

02/01/19 02:26am

*********** *******, ****** **** them ****** ** *** learn ***** **** ********** and *****. **** *** knowledge ** **** **** privacy **** *** ***** in *** ****** ****** and ***** *********.

*********:

****** ********* * ******* privacy ***

****** ******* *** *** on *******

Avatar

Michael Votaw

02/14/19 01:33pm

******* ********* ******* ** the ********** ******* **** and *********. ** **** really ***** **** *** people ***** *** ****** are ***** ** ****** with ***** *** ***********. I'm *** *** **** practices, ******** ******* *** controlling ** ******** ****, but ****** **** ** be ********* ***** **** makes ***** *** ***** are **** *** *** ones **** ****** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

19 Facial Recognition Providers Profiled on Apr 23, 2019
IPVM interviewed 19 facial recognition providers at ISC West to understand their claimed accuracy, success and positioning. 9 from China, where...
UK Camera Commissioner Calls for Regulating Facial Recognition on Apr 15, 2019
IPVM interviewed Tony Porter, the UK’s surveillance camera commissioner after he recently called for regulations on facial recognition in the...
How China's Pay By Facial Recognition Works on Apr 02, 2019
Many social media posts have variously celebrated or warned about the growing use of facial recognition for payments in China. An example of one...
Bezos-Funded Deep Sentinel Tested on Mar 28, 2019
Backed by Jeff Bezos, the Silicon Valley startup, Deep Sentinel, has declared: No One Does Home Security Like We Do Our Surveillance Team has...
IBM / Genetec Surveillance System Investigated Over Philippines Human Rights Abuses on Mar 22, 2019
A lengthy investigation into an IBM video surveillance project in the Philippines, raising concerns IBM helped local police conduct a bloody...
Genetec Security Center 5.8 Tested on Mar 19, 2019
Genetec has released Version 5.8. This comes after a wait of more than a year that caused frustrations for many Genetec partners. Our previous...
City Physical Security Manager Interview on Mar 14, 2019
This physical security pro is the Physical Security Manager for the City of Calgary. He is a criminologist by training with an ASIS CPP credential....
US City Sued For Hiding Surveillance Camera Map on Mar 08, 2019
Should maps of public surveillance camera locations be kept a secret? That is what one US city is trying to do. Though the city admits the...
Church Technology Director Security Interview on Mar 07, 2019
With 40+ years of experience in IT from a wide array of verticals, including US and foreign military, and large corporate and industrial settings,...
Huawei Sues US Government Over NDAA Ban on Mar 07, 2019
Chinese telecom giant Huawei is suing the US government over the NDAA ban, arguing that key provisions in it are unconstitutional.  NDAA Section...

Most Recent Industry Reports

Ex-Integrator Now Growth Strategist Interviewed on Apr 24, 2019
For more than a decade, Scot MacTaggart was a security integrator (at PA-based PSX). In late 2018, he left the industry. He is now a Growth...
19 Facial Recognition Providers Profiled on Apr 23, 2019
IPVM interviewed 19 facial recognition providers at ISC West to understand their claimed accuracy, success and positioning. 9 from China, where...
Locking Down Network Connections Guide on Apr 23, 2019
Accidents and inside attacks are risks when network connections are not locked down. Security and video surveillance systems should be protected...
Hikvision Admits USA Sales Falling on Apr 22, 2019
Hikvision, in a new Chinese financial filing, has admitted that its USA sales are now falling. Less than a year after the US government passed a...
Speco Ultra Intensifier Tested on Apr 22, 2019
While ISC West 2019 named Speco's Ultra Intensifier the best new "Video Surveillance Cameras IP", IPVM testing shows the camera suffers from...
Arecont Favorability Results 2019 on Apr 22, 2019
Arecont's net negativity remained the same in IPVM's 2019 integrator study, though integrator's feeling became relatively more neutral compared to...
H.265 Usage Statistics on Apr 19, 2019
H.265 has been available in IP cameras for more than 5 years and, in the past few years, the number of manufacturers supporting this codec has...
ACRE Acquires RS2, Explains Acquisition Strategy on Apr 19, 2019
ACRE continues to buy, now acquiring RS2, just 5 months after buying Open Options. One is a small access control manufacturer from Texas, the...
Access Control Course Spring 2019 - Last Chance on Apr 19, 2019
 Register for the Spring 2019 Access Control Course----Closed IPVM offers the most comprehensive access control course in the industry. Unlike...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact