Austria’s First GDPR Fine Is For Video Surveillance

By: Charles Rollet, Published on Jan 29, 2019

Should EU businesses be concerned if police see a business' surveillance cameras filming public areas?

This is what happened with Austria’s first GDPR fine, imposed on a betting shop for filming public areas with its security cameras.

austria gdpr fine

The case racked up a total of almost $6,000 in fines, some of which were for non-GDPR violations. It has been appealed, so is not final. The case is nevertheless an important example of the heightened risk faced by end users in the GDPR era, particularly since it was the GDPR-related fine that was by far the highest.

In this note, we examine:

  • How They Got Caught
  • Alleged Violations
  • GDPR vs non-GDPR Violations
  • How The Fines Were Calculated
  • Why the GDPR Fine was the Highest
  • The frequency of Video Surveillance Fines in Austria
  • Timing & Gravity of Offense
  • Broader Meaning

****** ** ********** ** concerned ** ****** *** a ********' ************ ******* filming ****** *****?

**** ** **** ******** with *******’* ***** **** fine, ******* ** * betting **** *** ******* public ***** **** *** security *******.

austria gdpr fine

*** **** ****** ** a ***** ** ****** $6,000 ** *****, **** of ***** **** *** non-GDPR **********. ** *** been ********, ** ** not *****. *** **** is ************ ** ********* example ** *** ********** risk ***** ** *** users ** *** **** era, ************ ***** ** was *** ****-******* **** that *** ** *** the *******.

** **** ****, ** examine:

  • *** **** *** ******
  • ******* **********
  • **** ** ***-**** **********
  • *** *** ***** **** Calculated
  • *** *** **** **** was *** *******
  • *** ********* ** ***** Surveillance ***** ** *******
  • ****** & ******* ** Offense
  • ******* *******

[***************]

*** *** **** *** Caught

********* ** ********** **** *******, ***** ****** ******** ******* two ************ ******* ******* public ***** ***** *** entrance ** * ******* shop ** *** ****** of****** ** ***** **, ****. (Betting ***** *** ****** in ***** ** ****** and ******* ******* ** a ***** *****/*** ***** patrons *** *** **** machines ** ***** ****.)

* **** *** ****** which *** *********** ** the ******** **** ********** agency,*** ***, ***** *** **, 2018, *** **** *** GDPR *** *******. **** is ******* ***** ** the ****, ******* ***** surveillance ***** **** ******* by ***** ***********, *** the ***, *** ****** told ****.

List ** **********

*** *** ****** **** the ******* **** ********* four ******** ******* **********:

  1. *** ******** ******* ******* at *** ****’* ******** monitored * ****** ******* lot *** ******* *****, recording ****** ******* ** and ********’ ******* ******.
  2. *** ******* **** *** registered **** ***********.
  3. ***** ************ ******* *** kept *** ** ********** time ****** **** ** justification ********. (******** ******* law ******** ***** ************* for *** ***** ************ storage ******* ****** **** 72 *****.)
  4. ***** *** ** ****** sign ********** **** ***** surveillance *** ***** ****.

*** ******* **** *** unnamed ** *** *** does *** **** **********, although *** ******* *** mention ** *** **** of * *****. 

GDPR ** ***-**** **********

*** ***** ********* – filming ****** ***** – was *** **** ****** listed ** ********* *** GDPR, **** *** *** highlighting *** ******** ******** of *** ***:

  • ******* *, ***** ****** **** the ********** ** ******** data ** “******* ** **** ** necessary ** ******** ** the ******** *** ***** they *** *********”. *** DSB ***** **** *** betting ****’* ********** *********** *** *** cameras’ ******** ******* ** surveilling *** ********.
  • ******* *, ***** **** *** the ********** *** ****** processing, **** ** “*******” and “********** ********”. *** DSB ***** **** *** betting ****’* ******* ********* none ** ***** **********.

*** ***** ***** ******* were *** ********** *********’* ******** ******* ***, ***** *** ****** in ****.

*** ****** ****** *** GDPR ** ***-**** ***** is **** “*** ******** of *** ******* ******* occurred ****** ** *** 2018” *.*. *** **** the **** *** *******. Therefore ********** *, *, and * **** ******* under ******** ******* *********** while *** ***** *** charged ***** *** ****.

How *** ***** **** **********

*** *** **** *********, the **** *** ***** 2,400 ***** ($*,***). *** other *****, ***-**** ********** received ***** ** *** euros **** ($***), ** laid *** ** ******** Austrian ******* ***. *** ***** ** ***** was **** *,*** ***** ($5,435). * **% ***** fee *** *****, ******** the ***** ** *,*** euros ** $*,***.

(**********: “**** ** *****”, “Penalty ** **** ***** are *** *********”, “************ period”, “[*****] *********”)

GDPR ****** ****** *****

*** **** **** *** GDPR ********* *** ***** was *,*** ***** ***** the ***-**** ***** **** only *** ***** ** not * ***********.

*** ***'* ****** **** Matthis ******* ********* ** IPVM (******** *****):

********* ********, *** **** allows ****** ****** **(*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR.

************, ******* **** ************* ********************* **** ***** **** ** proportional ** *** **** of *** ********; * small ******* **** ***** not ** ******* **** the ******* **** ****, which *** ***** ** million ***** ** *% of ****** ****** *******.

*** **** ** ** proportionate. *** *******, * cannot **** * ******** who *** ** ****** income ** **,*** ***** [$45,300] **** * **-*******-**** fine [$** *******].

Frequency ** ***** ************ ***** ** *******

**** ** *** *** first **** ******* ***** surveillance ** ***** ** Austria. ******** ** *** not ******* **********, ******* told **** **** ***** are * "****** **********", before *** ***** *** GDPR:

*** ******** ** *** fining ***** ******* *** presumed ******* *** ** CCTV.

Timing/Gravity ** *******

*** ****** ************* ** the ******* **** ***** in ***** **** *** the ***** **** ********* in ********* ****. *** shop *** ******** *** case *** *** *** to *******’* ******* *****, which *** *** ** rule ** **, *** DSB ********* ** ****.

*** *** **** ********* that **** ** *******’* first **** ****. *** months-long ***** ** **** fines ***** **** *** fact **** **** ********** are ***** ******* * backlog ** ***** ***** began **** ****** *** GDPR’s *********.

*** *** ****** *** shop’s ******* ** ** “negligent” ****** “**********” ** “aggravating”. **** ** ******* the ******* **** ****’* have *** ******** ****** of **********, ******* *** illegal *** ******-**** ***** surveillance.

**********

**** **** ******** * particularly ************ ******* ** how ***** *** ** higher ****** ** *** GDPR. * $*,*** **** *** a ****** ***** **** can ** ***** * significant ******, *** ** is ****** **** *** total **** ***** **** been ****** *** *** the ********** ***** ***** after *** ****’* ********* on *** **. 

**** ** ********* *** users, ***********, *** *** others ********** ***** ************ data ****** ****** **** in ****.

Comments (28)

Donald Erickson

01/29/19 11:55am

**** *****. 

Avatar

Sean Nelson

Nelly's Security | 01/29/19 03:32pm

* **** *** "******* Public *****"???

"*** ******* **** *** registered **** ***********"

*** ****!

Avatar

Charles Rollet

In reply to Sean Nelson | 01/30/19 03:22am

***** ** *** **, however ** ******* **** have *** * **** time ********* ***** ************ much **** *********** (*** this ******** *** ****.) For ******* ** ****** the ******************** **** ********** **** ********** ******** cameras **** **** ****** areas, "**** ** **** want ** ****** *** security ** ***** ******* parked ** ***** ** their ****.”

Undisclosed Integrator #1

01/29/19 05:07pm

"***** *****" ** *** best....

Undisclosed #5

In reply to Undisclosed Integrator #1 | 01/30/19 05:45pm

************** *********, *** ***** are ****** ** ***** unknown “*******” ******** ******** of ****** ***** ******. Out ** ***** *** of ****...

Undisclosed #2

01/29/19 05:12pm

*** ****** ****** *** GDPR ** ***-**** ***** is **** “*** ******** of *** ******* ******* occurred ****** ** *** 2018” *.*. *** **** the **** *** *******. Therefore ********** *, *, and * **** ******* under ******** ******* *********** while *** ***** *** charged ***** *** ****.

**** ******* **** *** the *************************** ** **** **** just *** **** **** of $*,*** ***** **** been ******; *** **********, had *********************** ** ****, **** just *** * $*** fines ***** **** **** imposed.

** **** ** **, why ** *** *** that

** *** *** ****-******* fine **** *** ** far *** *******.

**** ** **** ****** to **** ** $****, just **** *** ***-**** spread **** ***** *****, but **** *** *** same *******?

 

 

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 03:14am

****, *** ** *******. What *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1. ***** *** **** gives *********** ************* **** leeway ** ******** *****, each ** *** ********** could **** **** *****, for *******, *,*** ***** - ** ****'* *,*** x * = *,*** euros ***** ** *****, or ****** $**,***.

**** *** ***-**** ********** were *** "****** **** three *****"; **** *** was * ********** ********* of ******* ***********.

* **** **** ** check ** ************** **** fines *** **** ********** are ********* ****** **** the ****** **** ** the ******** **** ********** agency ******** *******. ** confirmed **** ** **, stating ** **** (******** added):

"********* ********, *** **** allows ****** *** *** 83 (*) *** (*)significantly ****** **** concerning the determination of the total amount of an imposed fine in relation to prior legal provisions in force before the GDPR. In addition, in this particular case, the Austrian DPA had to take transitional provisions into account, which ******* *** ***** ***** ***** ** *** ******** ***** ********* prior to the GDPR in which the infringing action started before the 25th of Mai 2018."

Undisclosed #2

In reply to Charles Rollet | 01/30/19 04:35am

**** *'* ****** ** that *** *** *** alleged ********** ***** ***** after *** **, *** 4 ********** ***** **** been *********** ** **** violations, ****** **** **** 1.

** *** *** ****** that******** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ***************** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

**** ****** ******** ** me, *** **’* ********.

** *** ***** ****, if *** ** *** 4 ******** ******** ** both ************* * *** ******* under **** ********, ** would **** * *** arbitrary ** ****** **** capriciously *** **************, **** because **** **** ********* over * ****** ** shorter **** ******.

**** **** **** ***** :)

* *** *** ** check ******, *** *** link *** **** ******** the *******  “*** ***** wurde ***** ********”...

Avatar

Charles Rollet

In reply to Undisclosed #2 | 01/30/19 06:44am

** *** *** ****** that ***** *** **, *** **** illegal ******* *** *** filming ** ******* *****?

*** **** *********, ******** ****** *** **, **** *** registered *** *******, *** signs **, ******** *** retention ****** ***?

*** **** ***** **** "most ** *** ******* misconduct ******** ****** *** 25." ** ********** *, 3, *** * **** found ** *********** ****** the ****, *** ********* 1 *** **** ********* afterwards. ******* ********** *-* were ******* ***** ************ prior ** ****, *** shop ***'* ** ********** for *** **** ******* post-GDPR. There ** ** ******* of *** **** *********** cameras, ******* ** *****, etc.

* *** *** ** check ******, *** *** link *** **** ******** the ******* “*** ***** wurde ***** ********”...

** ***, * ***** the **** ** *** article. *** *** ********* ****.

Undisclosed End User #3

01/29/19 05:33pm

* **** * *** camera **** ****** *** cars **** ***** ** my *******, ** ****** don't **** ** **** drive ******* ***. *** cops ***** *** ***** when **** ********* ******* up *** ** *** cars.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 09:54am

*** ** *** ****** the ****** ******* *****? Also, *** *** ****** the **** *** *** retrieved ** **** ******** firmware ************* ** ***** in ******** ** *** switch?

* ***** *** ********** a ****** ******* ** person ******** *** ******* where * *****.

John Honovich

IPVM | In reply to Jonathan de Chateau | 01/30/19 10:00am

***** ** ******** ** the ******?

** *** ******... :)

Avatar

Jonathan de Chateau

In reply to John Honovich | 01/30/19 11:28am

**** *** ***** ** the ****** ** ****** :)

* ****** ***'* ********** the ******** ********* ** GDPR. **** ***-** ******* seem ** **** ** nothing **** **** * hassle.

** ** * *** two ***** *********

- **** ************* ** data
- **** ***** *** trunkslammers

********** *** ****** ****** should ** *********. **** makes * ****** ***** for *** ******** *** better *** * ****** level ** ********* *** installation.
********** **** ****** **** a ****** ******* *** higher ******.

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 12:14pm

******* ****, ****** ******* design, *** **** **** the *********** ******, (**** up *** *** **). 

* **** * ****** that's ***** ** ** driveway ** ***, * see *** **** ** cars ******* **, *** no ****** **** **** turn **** ** ********. It *****'* *** *** of ***** *****, *********, or ***** *****. **'* a "***** ************" ** if * ******* *** angle ** **** ****** driving ** **** ******'* mind.

* ****** **** *** of ** ********* *** a *** ******* **' off *** ****** ** the **** ** ***** house, ****** **** ** don't ** * **** comes **** ****. ******* just ******* ** ** neighborhood *** * ***** wifi ****** *** **** in ******* **** **** decided ** **** ******** of * ***** **** student ******* ******* ***** backyard **** ***** ******** them. *** *** *******'* of **** *****, *** posting ** ** *** towns ******* ******** ***** (over ** ******* ** see) *** ****** ** get **** ** ******* for ****.

Avatar

Jonathan de Chateau

In reply to Undisclosed End User #3 | 01/30/19 12:35pm

* **** * *** camera **** ****** *** cars **** ***** ** my *******, ** ****** don't **** ** **** drive ******* ***.

* ****** **** **** message ** *** ********* all ***, ***** *** no ********* ** **** driveway ******** ***** ********.

** **'* **** ******** you *** ****** *** rights, **** **** *** the *** *******. ** argument *****.

**'* *** ****** ** not ****** * ****** of ***** ******, ** public ***** ** ******* looking ** ** **** private ********. **** *** enter ******** ******* ******** you ***'* **** *** say ** ***** ****** choices. *********** **** *** need ** ** ***** though... * ***'* ***** agree **** **** ****

Undisclosed End User #3

In reply to Jonathan de Chateau | 01/30/19 01:22pm

** ******* **** ** odd ******, * ******* road **** **** ******* to ** ** *** property **** ******* *** of *** *********, ** someone **** *** **** to ***** **** *** vs *** ***** * entrances ** *** ***** they **** ** ** that's ***** ******.

** *** ** *****, my *** ****** ****** on * ****** ****, I *** *** **** of ***** ***, *** only *** ***** ** the **** **** **** down ** ********, **** if **'* **** ** turn ******. ****** * PTZ *** * ****** story **** *** **** into ****** * ******* isn't *** **** ** a ***** ****** **** sees * ******** ****. 

*** ** *** ****** who **** ** *****/******** of ****** ** ***** backyard ** ********, ** my ******** ** * felt *** **** ** shame ****** ****** ** would ** ******* **** issues ** *** ***. I'm *** **** ** the **, *** ** the ******, **** ** intended ** ** **** private, *** ********* ****** to ********.

Undisclosed #5

In reply to Undisclosed End User #3 | 01/30/19 05:42pm

******** *** ******** ** law *** *** ******** different ******.

Avatar

Michael Votaw

In reply to Jonathan de Chateau | 02/14/19 01:32pm

******, ***** *** ********* already **** ********** ***** us.

Undisclosed Integrator #4

01/29/19 06:46pm

  **** *** ******** camera ************, ** **** sounds **** * *** for *** **** ** have ********* *** ****** to *** ******* **** a **** ** *** public ******* ****** ** pay/install **********. ** ***** is ******* ******** ***** on ** *** ******* that *** **** ** wanting ** ****.

  ****, * ***** think * **** ** unnecessary ** *** ******* are ** ***** ****.  Call ** *********** ** you ****

Avatar

Charles Rollet

In reply to Undisclosed Integrator #4 | 01/30/19 03:18am

**** **** ** ************** on * ********* *****, however, *****'* ** ********* anywhere ** *** **** or ******** ** ******* laws **** ***** ******** video ************ *** *** required ** **** ** the ******* *** ** plain ****. (*** *** see ***: * *********** may ***** ***** ******* are ****** ******* **** many ******** ***'* **** bother ** **** ** and ****** ****).

Carl Kristoffersen

In reply to Charles Rollet | 02/03/19 02:59pm

*** * **** ** eye ***** *** **** won't **** *** **.

**** ** *****, "***'** on ******".

 

Avatar

Jonathan de Chateau

In reply to Undisclosed Integrator #4 | 01/30/19 09:49am

* *** ********** *** feel **** ***, *** what ******* **** **** not ** ******** ********* installs ******* ** *** house, ******* ** *** road *** **** ******* at **** ****** *** private ****?

**** ** * ******, but * **** ***** for *** *** ****

Undisclosed #2

In reply to Jonathan de Chateau | 01/31/19 03:18pm

...*** **** ******* **** your *** ** ******** neighbour ******** ******* ** his *****, ******* ** the **** *** **** looking ** **** ****** and ******* ****?

****?

Undisclosed #5

01/30/19 05:39pm

* ******* ****** *********** of **** ***** ***** they *****, *** * advocate *** ********* ********* in ***** ***** *** laws ** *** *****.  The ************ ** ********** surveillance ** ******** **** is ********* ** * notionally **** *******.

Avatar

Alf Katz

01/30/19 09:49pm

*'* ****** **** **** we ***'* **** **** laws ** *********, ***** private ******* ** ***** that ****** ** **** the ******** ** ***** of *** ***** **** been ******* *********** *** the ************ ** * rapist/murderers, *** ******* * number ** ***** ******.  The ****** ********* **** on ******* **** *****.

** ** **** **** other ****** **** ****** encryption ******.

 

John Honovich

IPVM | In reply to Alf Katz | 01/30/19 11:06pm

***, **** *****. * similar ******** ****** ** the ** **** ******* to ***** ******* ******* to **** ***** ****** cases. ******, ** *** US, * ****** ** local ****** *********** ***** databases ** ******* ******* to **** ***** ******. It ** ** ** interesting ******** ******* *******, security, *** **** (*.*., those ******* ******* *** much **** ********* **** building *** ********** ****** systems).

Undisclosed End User #6

02/01/19 02:26am

*********** *******, ****** **** them ****** ** *** learn ***** **** ********** and *****.  **** *** knowledge ** **** **** privacy **** *** ***** in *** ****** ****** and ***** *********.

*********: 

****** ********* * ******* privacy ***

****** ******* *** *** on *******

Avatar

Michael Votaw

02/14/19 01:33pm

******* ********* ******* ** the ********** ******* **** and *********.  ** **** really ***** **** *** people ***** *** ****** are ***** ** ****** with ***** *** ***********.  I'm *** *** **** practices, ******** ******* *** controlling ** ******** ****, but ****** **** ** be ********* ***** **** makes ***** *** ***** are **** *** *** ones **** ****** ****.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Milestone Has Problems on Oct 01, 2019
Milestone has problems. While the company previously excelled in the shift to IP cameras, as IP has matured and competitive differentiation has...
Critiquing Carnegie's AI Surveillance Paper on Sep 25, 2019
The Carnegie Endowment has issued an ambitious paper on the Global Expansion of AI Surveillance. While its aim is applaudable, the paper has...
Mobotix First CNPP CCTV Cybersecurity Certification Examined on Sep 05, 2019
Mobotix recently became the first video surveillance manufacturer to receive the CNPP cybsersecurity certification for its cameras, in which they...
UK Facewatch GDPR Compliance Questioned on Aug 27, 2019
Even as the GDPR strictly regulates biometrics, a UK company called Facewatch is selling anti-shoplifter facial recognition systems to hundreds of...
First GDPR Facial Recognition Fine For Sweden School on Aug 22, 2019
A school in Sweden has been fined $20,000 for using facial recognition to keep attendance in what is Sweden's first GDPR fine. Notably, the fine is...
Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
Suprema Biometric Mass Leak Examined on Aug 19, 2019
While Suprema is rarely discussed even within the physical security market, the South Korean biometrics manufacturer made global news this past...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Milestone "GDPR-ready" Certification Claim Critiqued on Aug 12, 2019
Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'. However, our investigation raises significant...

Most Recent Industry Reports

Resideo Stock Plunges 40%, CFO Ousted on Oct 23, 2019
The horrible year for the ADI / Honeywell Home spinout, Resideo, just got worse, with their stock plunging another 40% today. Not even a year...
Access Control Door Controllers Guide on Oct 22, 2019
Door controllers are at the center of physical access control systems connecting software, readers, and locks. Despite being buried inside...
Alarm.com Acquires OpenEye on Oct 21, 2019
Alarm.com is targeting commercial expansion and now they have a commercial cloud VMS with the acquisition of OpenEye. In this note, based on...
Government-Owned Hikvision Wants To Keep Politics Out Of Security on Oct 21, 2019
'Politics' made Hikvision the goliath it is today. It was PRC China 'politics' that created Hikvision, funded it, and blocked its foreign...
Integrated IR Camera Usage Statistics 2019 on Oct 21, 2019
Virtually every IP camera now comes with integrated IR but how many actually make use of IR or choose 'super' low light cameras without IR? In...
Alarm Veteran "Demands A Criminal Investigation" Of UL on Oct 18, 2019
The Interceptor's Project pressure against UL continues to rise. Following Keith Jentoft's allegation that "UL Has Blood On Their Hands", Jentoft...
Camect "Worlds Smartest Camera Hub" Tested on Oct 18, 2019
Camect is a Silicon Valley startup that claims the "Smartest AI Object Detection On The Market", detecting not only people and vehicles, but...
Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...

What IPVM Is

The world's leading authority on video surveillance, with 200,000+ visits monthly.

  • Articles on cameras, video analytics, VMS, and trends
  • Tests showing actual performance and problems
  • Courses in surveillance, access control, etc
  • Camera Calculator for designing systems

Dedicated To Independence

We're dedicated to staying independent and objective. We're the only industry source to refuse any and all advertisements, sponsorship, and consulting from manufacturers. Why?