Austria’s First GDPR Fine Is For Video Surveillance

By: Charles Rollet, Published on Jan 29, 2019

Should EU businesses be concerned if police see a business' surveillance cameras filming public areas?

This is what happened with Austria’s first GDPR fine, imposed on a betting shop for filming public areas with its security cameras.

austria gdpr fine

The case racked up a total of almost $6,000 in fines, some of which were for non-GDPR violations. It has been appealed, so is not final. The case is nevertheless an important example of the heightened risk faced by end users in the GDPR era, particularly since it was the GDPR-related fine that was by far the highest.

In this note, we examine:

  • How They Got Caught
  • Alleged Violations
  • GDPR vs non-GDPR Violations
  • How The Fines Were Calculated
  • Why the GDPR Fine was the Highest
  • The frequency of Video Surveillance Fines in Austria
  • Timing & Gravity of Offense
  • Broader Meaning

****** ** ********** ** concerned ** ****** *** a ********' ************ ******* filming ****** *****?

**** ** **** ******** with *******’* ***** **** fine, ******* ** * betting **** *** ******* public ***** **** *** security *******.

austria gdpr fine

*** **** ****** ** a ***** ** ****** $6,000 ** *****, **** of ***** **** *** non-GDPR **********. ** *** been ********, ** ** not *****. *** **** is ************ ** ********* example ** *** ********** risk ***** ** *** users ** *** **** era, ************ ***** ** was *** ****-******* **** that *** ** *** the *******.

** **** ****, ** examine:

  • *** **** *** ******
  • ******* **********
  • **** ** ***-**** **********
  • *** *** ***** **** Calculated
  • *** *** **** **** was *** *******
  • *** ********* ** ***** Surveillance ***** ** *******
  • ****** & ******* ** Offense
  • ******* *******

[***************]

*** *** **** *** Caught

********* ** ********** **** *******, ***** ****** ******** ******* two ************ ******* ******* public ***** ***** *** entrance ** * ******* shop ** *** ****** of****** ** ***** **, ****. (Betting ***** *** ****** in ***** ** ****** and ******* ******* ** a ***** *****/*** ***** patrons *** *** **** machines ** ***** ****.)

* **** *** ****** which *** *********** ** the ******** **** ********** agency,*** ***, ***** *** **, 2018, *** **** *** GDPR *** *******. **** is ******* ***** ** the ****, ******* ***** surveillance ***** **** ******* by ***** ***********, *** the ***, *** ****** told ****.

List ** **********

*** *** ****** **** the ******* **** ********* four ******** ******* **********:

  1. *** ******** ******* ******* at *** ****’* ******** monitored * ****** ******* lot *** ******* *****, recording ****** ******* ** and ********’ ******* ******.
  2. *** ******* **** *** registered **** ***********.
  3. ***** ************ ******* *** kept *** ** ********** time ****** **** ** justification ********. (******** ******* law ******** ***** ************* for *** ***** ************ storage ******* ****** **** 72 *****.)
  4. ***** *** ** ****** sign ********** **** ***** surveillance *** ***** ****.

*** ******* **** *** unnamed ** *** *** does *** **** **********, although *** ******* *** mention ** *** **** of * *****. 

GDPR ** ***-**** **********

*** ***** ********* – filming ****** ***** – was *** **** ****** listed ** ********* *** GDPR, **** *** *** highlighting *** ******** ******** of *** ***:

  • ******* *, ***** ****** **** the ********** ** ******** data ** “******* ** **** ** necessary ** ******** ** the ******** *** ***** they *** *********”. *** DSB ***** **** *** betting ****’* ********** *********** *** *** cameras’ ******** ******* ** surveilling *** ********.
  • ******* *, ***** **** *** the ********** *** ****** processing, **** ** “*******” and “********** ********”. *** DSB ***** **** *** betting ****’* ******* ********* none ** ***** **********.

*** ***** ***** ******* were *** ********** *********’* ******** ******* ***, ***** *** ****** in ****.

*** ****** ****** *** GDPR ** ***-**** ***** is **** “*** ******** of *** ******* ******* occurred ****** ** *** 2018” *.*. *** **** the **** *** *******. Therefore ********** *, *, and * **** ******* under ******** ******* *********** while *** ***** *** charged ***** *** ****.

How *** ***** **** **********

*** *** **** *********, the **** *** ***** 2,400 ***** ($*,***). *** other *****, ***-**** ********** received ***** ** *** euros **** ($***), ** laid *** ** ******** Austrian ******* ***. *** ***** ** ***** was **** *,*** ***** ($5,435). * **% ***** fee *** *****, ******** the ***** ** *,*** euros ** $*,***.

(**********: “**** ** *****”, “Penalty ** **** ***** are *** *********”, “************ period”, “[*****] *********”)

GDPR ****** ****** *****

*** **** **** *** GDPR ********* *** ***** was *,*** ***** ***** the ***-**** ***** **** only *** ***** ** not * ***********.

*** ***'* ****** **** Matthis ******* ********* ** IPVM (******** *****):

********* ********, *** **** allows ****** ****** **(*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR.

************, ******* **** ************* ********************* **** ***** **** ** proportional ** *** **** of *** ********; * small ******* **** ***** not ** ******* **** the ******* **** ****, which *** ***** ** million ***** ** *% of ****** ****** *******.

*** **** ** ** proportionate. *** *******, * cannot **** * ******** who *** ** ****** income ** **,*** ***** [$45,300] **** * **-*******-**** fine [$** *******].

Frequency ** ***** ************ ***** ** *******

**** ** *** *** first **** ******* ***** surveillance ** ***** ** Austria. ******** ** *** not ******* **********, ******* told **** **** ***** are * "****** **********", before *** ***** *** GDPR:

*** ******** ** *** fining ***** ******* *** presumed ******* *** ** CCTV.

Timing/Gravity ** *******

*** ****** ************* ** the ******* **** ***** in ***** **** *** the ***** **** ********* in ********* ****. *** shop *** ******** *** case *** *** *** to *******’* ******* *****, which *** *** ** rule ** **, *** DSB ********* ** ****.

*** *** **** ********* that **** ** *******’* first **** ****. *** months-long ***** ** **** fines ***** **** *** fact **** **** ********** are ***** ******* * backlog ** ***** ***** began **** ****** *** GDPR’s *********.

*** *** ****** *** shop’s ******* ** ** “negligent” ****** “**********” ** “aggravating”. **** ** ******* the ******* **** ****’* have *** ******** ****** of **********, ******* *** illegal *** ******-**** ***** surveillance.

**********

**** **** ******** * particularly ************ ******* ** how ***** *** ** higher ****** ** *** GDPR. * $*,*** **** *** a ****** ***** **** can ** ***** * significant ******, *** ** is ****** **** *** total **** ***** **** been ****** *** *** the ********** ***** ***** after *** ****’* ********* on *** **. 

**** ** ********* *** users, ***********, *** *** others ********** ***** ************ data ****** ****** **** in ****.

Comments (28)

Donald Erickson

01/29/19 11:55am

**** *****. 

Avatar

Sean Nelson

Nelly Security | 01/29/19 03:32pm

* **** *** "******* Public *****"???

"*** ******* **** *** registered **** ***********"

*** ****!

Avatar

Charles Rollet

In reply to Sean Nelson | 01/30/19 03:22am

***** ** *** **, however ** ******* **** have *** * **** time ********* ***** ************ much **** *********** (*** this ******** *** ****.) For ******* ** ****** the ******************** **** ********** **** ********** ******** cameras **** **** ****** areas, "**** ** **** want ** ****** *** security ** ***** ******* parked ** ***** ** their ****.”

Undisclosed Integrator #1

01/29/19 05:07pm

"***** *****" ** *** best....

Undisclosed #5

In reply to Undisclosed Integrator #1 | 01/30/19 05:45pm

************** *********, *** ***** are ****** ** ***** unknown “*******” ******** ******** of ****** ***** ******. Out ** ***** *** of ****...

Undisclosed #2

01/29/19 05:12pm

*** ****** ****** *** GDPR ** ***-**** ***** is **** “*** ******** of *** ******* ******* occurred ****** ** *** 2018” *.*. *** **** the **** *** *******. Therefore ********** *, *, and * **** ******* under ******** ******* *********** while *** ***** *** charged ***** *** ****.

**** ******* **** *** the *************************** ** **** **** just *** **** **** of $*,*** ***** **** been ******; *** **********, had *********************** ** ****, **** just *** * $*** fines ***** **** **** imposed.

** **** ** **, why ** *** *** that

** *** *** ****-******* fine **** *** ** far *** *******.

**** ** **** ****** to **** ** $****, just **** *** ***-**** spread **** ***** *****, but **** *** *** same *******?

 

 

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 03:14am

****, *** ** *******. What *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1. ***** *** **** gives *********** ************* **** leeway ** ******** *****, each ** *** ********** could **** **** *****, for *******, *,*** ***** - ** ****'* *,*** x * = *,*** euros ***** ** *****, or ****** $**,***.

**** *** ***-**** ********** were *** "****** **** three *****"; **** *** was * ********** ********* of ******* ***********.

* **** **** ** check ** ************** **** fines *** **** ********** are ********* ****** **** the ****** **** ** the ******** **** ********** agency ******** *******. ** confirmed **** ** **, stating ** **** (******** added):

"********* ********, *** **** allows ****** *** *** 83 (*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR. In addition, in this particular case, the Austrian DPA had to take transitional provisions into account, which ******* *** ***** ***** ***** ** *** ******** ***** ********* prior to the GDPR in which the infringing action started before the 25th of Mai 2018."

Undisclosed #2

In reply to Charles Rollet | 01/30/19 04:35am

**** *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1.

** *** *** ****** that******** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ***************** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

**** ****** ******** ** me, *** **’* ********.

** *** ***** ****, if *** ** *** 4 ******** ******** ** both ************* * *** ******* under **** ********, ** would **** * *** arbitrary ** ****** **** capriciously *** **************, **** because **** **** ********* over * ****** ** shorter **** ******.

**** **** **** ***** :)

* *** *** ** check ******, *** *** link *** **** ******** the *******  “*** ***** wurde ***** ********”...

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 06:44am

** *** *** ****** that ***** *** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ******** ****** *** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

*** **** ***** **** "most ** *** ******* misconduct ******** ****** *** 25." ** ********** *, 3, *** * **** found ** *********** ****** the ****, *** ********* 1 *** **** ********* afterwards. ******* ********** *-* were ******* ***** ************ prior ** ****, *** shop ***'* ** ********** for *** **** ******* post-GDPR. There ** ** ******* of *** **** *********** cameras, ******* ** *****, etc.

* *** *** ** check ******, *** *** link *** **** ******** the ******* “*** ***** wurde ***** ********”...

** ***, * ***** the **** ** *** article. *** *** ********* ****.

Undisclosed End User #3

01/29/19 05:33pm

* **** * *** camera **** ****** *** cars **** ***** ** my *******, ** ****** don't **** ** **** drive ******* ***. *** cops ***** *** ***** when **** ********* ******* up *** ** *** cars.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 09:54am

*** ** *** ****** the ****** ******* *****? Also, *** *** ****** the **** *** *** retrieved ** **** ******** firmware ************* ** ***** in ******** ** *** switch?

* ***** *** ********** a ****** ******* ** person ******** *** ******* where * *****.

John Honovich

IPVM | In reply to Jonathan de Chateau | 01/30/19 10:00am

***** ** ******** ** the ******?

** *** ******... :)

Avatar

Jonathan de Chateau

In reply to John Honovich | 01/30/19 11:28am

**** *** ***** ** the ****** ** ****** :)

* ****** ***'* ********** the ******** ********* ** GDPR. **** ***-** ******* seem ** **** ** nothing **** **** * hassle.

** ** * *** two ***** *********

- **** ************* ** data
- **** ***** *** trunkslammers

********** *** ****** ****** should ** *********. **** makes * ****** ***** for *** ******** *** better *** * ****** level ** ********* *** installation.
********** **** ****** **** a ****** ******* *** higher ******.

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 12:14pm

******* ****, ****** ******* design, *** **** **** the *********** ******, (**** up *** *** **). 

* **** * ****** that's ***** ** ** driveway ** ***, * see *** **** ** cars ******* **, *** no ****** **** **** turn **** ** ********. It *****'* *** *** of ***** *****, *********, or ***** *****. **'* a "***** ************" ** if * ******* *** angle ** **** ****** driving ** **** ******'* mind.

* ****** **** *** of ** ********* *** a *** ******* **' off *** ****** ** the **** ** ***** house, ****** **** ** don't ** * **** comes **** ****. ******* just ******* ** ** neighborhood *** * ***** wifi ****** *** **** in ******* **** **** decided ** **** ******** of * ***** **** student ******* ******* ***** backyard **** ***** ******** them. *** *** *******'* of **** *****, *** posting ** ** *** towns ******* ******** ***** (over ** ******* ** see) *** ****** ** get **** ** ******* for ****.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 12:35pm

* **** * *** camera **** ****** *** cars **** ***** ** my *******, ** ****** don't **** ** **** drive ******* ***.

* ****** **** **** message ** *** ********* all ***, ***** *** no ********* ** **** driveway ******** ***** ********.

** **'* **** ******** you *** ****** *** rights, **** **** *** the *** *******. ** argument *****.

**'* *** ****** ** not ****** * ****** of ***** ******, ** public ***** ** ******* looking ** ** **** private ********. **** *** enter ******** ******* ******** you ***'* **** *** say ** ***** ****** choices. *********** **** *** need ** ** ***** though... * ***'* ***** agree **** **** ****

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 01:22pm

** ******* **** ** odd ******, * ******* road **** **** ******* to ** ** *** property **** ******* *** of *** *********, ** someone **** *** **** to ***** **** *** vs *** ***** * entrances ** *** ***** they **** ** ** that's ***** ******.

** *** ** *****, my *** ****** ****** on * ****** ****, I *** *** **** of ***** ***, *** only *** ***** ** the **** **** **** down ** ********, **** if **'* **** ** turn ******. ****** * PTZ *** * ****** story **** *** **** into ****** * ******* isn't *** **** ** a ***** ****** **** sees * ******** ****. 

*** ** *** ****** who **** ** *****/******** of ****** ** ***** backyard ** ********, ** my ******** ** * felt *** **** ** shame ****** ****** ** would ** ******* **** issues ** *** ***. I'm *** **** ** the **, *** ** the ******, **** ** intended ** ** **** private, *** ********* ****** to ********.

Undisclosed #5

In reply to Undisclosed End User #3 | 01/30/19 05:42pm

******** *** ******** ** law *** *** ******** different ******.

Avatar

Michael Votaw

In reply to Jonathan de Chateau | 02/14/19 01:32pm

******, ***** *** ********* already **** ********** ***** us.

Undisclosed Integrator #4

01/29/19 06:46pm

  **** *** ******** camera ************, ** **** sounds **** * *** for *** **** ** have ********* *** ****** to *** ******* **** a **** ** *** public ******* ****** ** pay/install **********. ** ***** is ******* ******** ***** on ** *** ******* that *** **** ** wanting ** ****.

  ****, * ***** think * **** ** unnecessary ** *** ******* are ** ***** ****.  Call ** *********** ** you ****

Avatar

Charles Rollet

In reply to Undisclosed Integrator #4 | 01/30/19 03:18am

**** **** ** ************** on * ********* *****, however, *****'* ** ********* anywhere ** *** **** or ******** ** ******* laws **** ***** ******** video ************ *** *** required ** **** ** the ******* *** ** plain ****. (*** *** see ***: * *********** may ***** ***** ******* are ****** ******* **** many ******** ***'* **** bother ** **** ** and ****** ****).

Carl Kristoffersen

In reply to Charles Rollet | 02/03/19 02:59pm

*** * **** ** eye ***** *** **** won't **** *** **.

**** ** *****, "***'** on ******".

 

Avatar

Jonathan de Chateau

In reply to Undisclosed Integrator #4 | 01/30/19 09:49am

* *** ********** *** feel **** ***, *** what ******* **** **** not ** ******** ********* installs ******* ** *** house, ******* ** *** road *** **** ******* at **** ****** *** private ****?

**** ** * ******, but * **** ***** for *** *** ****

Undisclosed #2

In reply to Jonathan de Chateau | 01/31/19 03:18pm

...*** **** ******* **** your *** ** ******** neighbour ******** ******* ** his *****, ******* ** the **** *** **** looking ** **** ****** and ******* ****?

****?

Undisclosed #5

01/30/19 05:39pm

* ******* ****** *********** of **** ***** ***** they *****, *** * advocate *** ********* ********* in ***** ***** *** laws ** *** *****.  The ************ ** ********** surveillance ** ******** **** is ********* ** * notionally **** *******.

Avatar

Alf Katz

01/30/19 09:49pm

*'* ****** **** **** we ***'* **** **** laws ** *********, ***** private ******* ** ***** that ****** ** **** the ******** ** ***** of *** ***** **** been ******* *********** *** the ************ ** * rapist/murderers, *** ******* * number ** ***** ******.  The ****** ********* **** on ******* **** *****.

** ** **** **** other ****** **** ****** encryption ******.

 

John Honovich

IPVM | In reply to Alf Katz | 01/30/19 11:06pm

***, **** *****. * similar ******** ****** ** the ** **** ******* to ***** ******* ******* to **** ***** ****** cases. ******, ** *** US, * ****** ** local ****** *********** ***** databases ** ******* ******* to **** ***** ******. It ** ** ** interesting ******** ******* *******, security, *** **** (*.*., those ******* ******* *** much **** ********* **** building *** ********** ****** systems).

Undisclosed End User #6

02/01/19 02:26am

*********** *******, ****** **** them ****** ** *** learn ***** **** ********** and *****.  **** *** knowledge ** **** **** privacy **** *** ***** in *** ****** ****** and ***** *********.

*********: 

****** ********* * ******* privacy ***

****** ******* *** *** on *******

Avatar

Michael Votaw

02/14/19 01:33pm

******* ********* ******* ** the ********** ******* **** and *********.  ** **** really ***** **** *** people ***** *** ****** are ***** ** ****** with ***** *** ***********.  I'm *** *** **** practices, ******** ******* *** controlling ** ******** ****, but ****** **** ** be ********* ***** **** makes ***** *** ***** are **** *** *** ones **** ****** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Milestone "GDPR-ready" Certification Claim Critiqued on Aug 12, 2019
Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'. However, our investigation raises significant...
Hikvision Global News Reports Directory on Aug 11, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Australia Security Full Show Report on Jul 25, 2019
IPVM went to Australia attending the 3 days of the Australia Security Exhibition: This was held at the ICC Sydney, as shown below: In this...
New GDPR Guidelines for Video Surveillance Examined on Jul 18, 2019
The highest-level EU data protection authority has issued a new series of provisional video surveillance guidelines. While GDPR has been in...
First Video Surveillance GDPR Fine In France on Jul 08, 2019
The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing...
RaySharp Revealed - Major China OEM For Western Consumer Video Surveillance on Jul 02, 2019
RaySharp is mostly unknown, even among people in the video surveillance industry, though it is a major supplier of OEM surveillance equipment such...

Most Recent Industry Reports

TMA Apologizes to Amazon / Ring on Aug 23, 2019
Not only is Amazon / Ring making major incursions into the residential security market, the organization representing the biggest incumbents, The...
China Dahua Replaces Their Software With US Pepper on Aug 22, 2019
What does a US government banned company do to improve its security positioning in the US? Well, Dahua is unveiling a novel solution, partnering...
Security Integrators Outlook On Remaining Integrators In 2025 on Aug 22, 2019
The industry has changed substantially in the last decade, with the rise of IP cameras and the race to the bottom. Indeed, more changes may be...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
JCI Sues Wyze on Aug 21, 2019
The mega manufacturer / integrator JCI has sued the fast-growing $20 camera Seattle startup Wyze. Inside this note: Share the court...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact