Austria has issued its first fine for GDPR violation, sanctioning the owner of a retail establishment with EUR 4,800, Digital Freshfields report. The reason is that the entrepreneur has placed a surveillance camera which not only captures too much of the sidewalk in front of the establishment, but it was not properly marked as conducting video surveillance.
The Austrian case does not surprise us with the fine’s amount – it is consistent with the annual income of the retailer. However, what can be considered as a surprise here is that the Austrian Data Protection Authority (DSB) didn’t first issue a reprimand, followed by a warning (a procedure described in the Austrian Data Protection Act), but directly issued a fine.
Matthias Schmidl, deputy director of DSB, presented an overview of the regulator’s work during the first 100 days after the GDPR became applicable:
- 115 fine proceedings were already pending before the DSB (79 of which were already pending prior to 25 May 2018);
- the DSB had initiated 58 "ex officio" investigations;
- 252 data breaches had been notified to the DSB (which seems to be quite on the lower end of the spectrum compared to other jurisdictions, e.g. the UK)
- 721 data subject complaints were pending before the DSB at this date.
Since May 25, when the European Union officially accepted the General Data Protection Regulation, the GDPR abbreviation is a hot topic EU-wide and throws society into panic. The new data privacy law allows consumers to better control their personal data and give regulators the power to impose fines of up to 4% of global revenue or 20 million euros (whichever is higher) for violations.
There is enormous rise of complaints about violations and queries for clarification about the new data privacy law. Giovanni Buttarelli, European Data Protection Supervisor, commented the phenomenon in an interview for Reuters. He said that France and Italy alone have reported 53% more complaints than last year.
“I expect first GDPR fines for some cases by the end of the year. Not necessarily fines but also decisions to admonish the controllers, to impose a preliminary ban, a temporary ban or to give them an ultimatum,” Buttarelli added.