Advanced Search

Dsg Amendment To 2014

Original Language Title: DSG-Novelle 2014

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

83. Federal Act to amend the Data Protection Act 2000 (DSG-Novelle 2014)

The National Council has decided:

Article 1

Amendment of the Data Protection Act 2000

The Federal Act on the Protection of Personal Data (Data Protection Act 2000-DSG 2000), BGBl. I n ° 165/1999, as last amended by the Federal Law BGBl. I No 57/2013, shall be amended as follows:

1. In the table of contents, the entry is to § 2:

" § 2

Responsibility "

2. In the table of contents are the entries for § § 30 and 31:

" § 30

Supervisory powers of the Data Protection Authority

Section 31

Complaint to the Data Protection Authority "

3. In the table of contents the entries are in accordance with § § 35 to 40:

" § 35

Data Protection Authority and Data Protection Council

§ 36

Establishment of the Data Protection Authority

Section 37

Organisation and independence of the data protection authority

§ 38

Modesty of the Data Protection Authority

§ 39

Proceedings before the Federal Administrative Court

§ 40

Revision of the Administrative Court "

4. (constitutional provision) In section 2 (2), the term " "Data Protection Commission" by the term "Data Protection Authority" replaced.

5. In § 10 paragraph 2, § 12 para. 4, § 13 para. 1, 2 Z 2, para. 3, 4 and 6, § 16 para. 1, § 17 para. 1, § 18 paragraph 2, § 19 para. 1 Z 6 and para. 2, § 20 para. 2 and 5 Z 2, § 21 paragraph 1 Z 3, § 22 para. 2 and 4, § 22a para. 1, 3 to 5, § 23 para. 2, § 26 para. 2, 5 and 7, § § 30 (5) and (7), § 30 (1), 2, 2a, 4 to 6a, § 31 (1), (2), (5), (6) and (8), § 31a (1) to (3), § 32 (5) to (7), § 34 (3) and (4), § 46 (2) (3) and (3), § 47 (3) and (4), § 48a (2), § 50 (1) and (2), § 50b (2), § 50c (1), § 52 (2) 2 and 3 as well as (5), § 54 (2) and § 61 (8) as well as in the transcripts of § 30 and § 31, the term " "Data Protection Commission" by the term "Data Protection Authority" replaced.

6. The following paragraph 4 is added to § 5:

" (4) The fundamental right to data protection, with the exception of the right to information on civil law, is to be asserted against entities established in the form of private law, insofar as they are not acting in accordance with the law. In all other cases, the Data Protection Authority shall be responsible for the decision, except where the file is subject to legislation or jurisdiction. "

7. In Section 22 (3), the parenthesis shall be "(§ 38)" by the parenthesis expression " (§ 57 of the General Administrative Procedure Act 1991-AVG, BGBl. No. 51/1991) ' replaced.

8. § 31a (4) reads:

" (4) A client of the public sector shall, in the case of a complaint against the data protection authority in breach of the right of information, right to rectify or delete, be based on the provisions of § § 26 (5) or 27 (5) of this Act, after verification the need for secrecy to safeguard the protected public interests in their proceedings. If it considers that the secrecy of processed data has not been justified in relation to the data subject, the disclosure of the data shall be borne in hand. If no complaint has been lodged and the data protection authority is not satisfied within eight weeks, the data protection authority shall carry out the disclosure of the data to the data subject himself and the information requested shall be provided to him by the data protection authority. , or tell him which data has already been corrected or deleted. The first two sentences shall apply in accordance with § 30 of the Regulation. "

9. The heading to § 35 reads:

"Data Protection Authority and Data Protection Council"

10. § 35 (1) reads:

"(1) In order to safeguard data protection, the Data Protection Authority and the Data Protection Council shall be appointed in accordance with the provisions of this Federal Act, without prejudice to the responsibility of the Federal Chancellor and the ordinary courts."

11. (constitutional provision) § 35 para. 2 reads:

" (2) (constitutional provision) The Data Protection Authority shall also exercise its powers in respect of the supreme bodies of enforcement designated in Article 19 B-VG. "

12. § § 36 to 40 together with headings:

" Establishment of the Data Protection Authority

§ 36. (1) The Data Protection Authority shall be a director. This is ordered by the Federal President on a proposal from the Federal Government for a period of five years; the reappointment is admissible. The proposal has to be preceded by an invitation to tender for the general application. The invitation to tender shall be issued by the Federal Chancellor. The function of the head of the data protection authority is to be written on the website "Career Public Service", which was established at the Federal Chancellery. The invitation to tender is also to be published in the "Official Journal of the Wiener Zeitung".

(2) The Head of the Data Protection Authority shall:

1.

to have completed the study of law or the studies on the law and the state of the state,

2.

to demonstrate personal and professional competence by means of appropriate training and relevant professional experience in the matters to be provided by the Data Protection Authority;

3.

have an excellent knowledge of Austrian data protection law, EU law and fundamental rights, and

4.

have at least five years of legal professional experience.

(3) The head of the data protection authority shall not be appointed:

1.

Members of the federal government, state secretaries, members of a state government, members of the National Council, the Bundesrat or otherwise a general representative body or the European Parliament, also people's lawyers and the president of the the Court of Auditors,

2.

persons who have exercised one of the functions referred to in Z 1 within the last two years, and

3.

Persons excluded from eligibility to the National Council.

(4) The head of the data protection authority shall not exercise any activity for the duration of his duties, which could cause doubts as to the independent performance of his duties or the presumption of a partiality, or which he/she may have in the performance of his or her service. Duties impede or jeopardise essential service interests. He is obliged to inform the Federal Chancellor without delay of any activities which he/she exercises in addition to his duties as head of the Data Protection Authority.

(5) The function of the head of the data protection authority shall end with time lapse, death, renunciation or loss of eligibility to the National Council.

(6) In the event of termination of the function of the head of the data protection authority, a new head shall be appointed without delay in accordance with the conditions laid down in paragraphs 1 to 3.

(7) A deputy of the Head of the Data Protection Authority shall be appointed by the Federal President on a proposal from the Federal Government in accordance with the conditions laid down in paragraphs 1 to 3. The deputy of the head of the data protection authority shall be subject to paragraphs 4 to 6 in accordance with the relevant provisions. He represents the head of the data protection authority in his absence.

Organisation and independence of the data protection authority

§ 37. (1) The head of the data protection authority shall be independent in the performance of his duties and shall not be bound by any instructions.

(2) The Data Protection Authority shall be a service authority and a personnel office. In the Federal Finance Act, the necessary equipment and staffing equipment must be ensured. The officials of the Data Protection Authority shall be subject only to the instructions of the Head of the Data Protection Authority. The Head of the Data Protection Authority shall exercise the Diensthoness of the officials of the Data Protection Authority.

(3) The Federal Chancellor may inform himself at the head of the data protection authority about the items of the management. The head of the data protection authority shall be deemed to comply with this only in so far as this does not result in the complete independence of the supervisory authority within the meaning of Article 28 (1) (2) of Directive 95 /46/EC on the protection of individuals with regard to processing of personal data and on the free movement of such data, OJ No. OJ L 281, 23.11.1995 p. 31.

(4) The data protection authority is before the release of federal laws that directly affect essential questions of data protection directly, as well as regulations of the federal government, which are based on this federal law or other essential questions of the Data protection directly related to the hearing.

(5) By 31 March each year, the Data Protection Authority shall draw up a report on its activities during the previous calendar year, to submit it to the Federal Chancellor and to publish it in an appropriate manner. The report is to be submitted by the Federal Chancellor to the National Council and the Federal Council.

(6) Decisions of the Data Protection Authority of fundamental importance to the general public shall be published in an appropriate manner by the Data Protection Authority, having regard to the requirements of the official secrecy.

Modesty of the Data Protection Authority

§ 38. (1) Party in proceedings before the Data Protection Authority shall also be the contracting entities of the public sector.

(2) When the legal or actual conditions for the granting of the permit, in particular also as a result of an authorisation, have been approved in accordance with § 13 of the transfer or the transfer of data abroad, it shall be revoked. in accordance with § 55 of the Federal Chancellor ' s customer, no longer exists.

(3) Parties pursuant to paragraph 1 may lodge a complaint with the Federal Administrative Court.

Proceedings before the Federal Administrative Court

§ 39. (1) The Federal Administrative Court shall decide in proceedings concerning complaints against proceedings and for violation of the decision-making obligation in the affairs of this Federal Law by Senate.

(2) The Senate consists of a chairperson and a competent lay judge from the circle of employers and from the circle of employees. The competent lay judges are appointed on a proposal from the Austrian Chamber of Commerce and the Federal Chamber of Commerce and the Federal Chamber of Workers and Employees. Appropriate precautions must be taken to ensure that a sufficient number of competent lay judges is available on a timely basis.

(3) The competent lay judges shall have at least five years of relevant professional experience and special knowledge of the data protection law.

(4) The Chairman shall immediately communicate all documents relevant to the decision to the competent lay judges or, if this is strictly necessary in order to ensure the confidentiality of documents, to make available to them.

Revision of the Administrative Court

§ 40. Revision of the Administrative Court may also apply to parties pursuant to Section 38 (1). "

13. § 41 (2) (4a) is deleted.

14. § 41 (2) Z 1 reads as follows:

" 1.

, the Data Protection Council may consider issues of fundamental importance for data protection in consultation, and may issue or commission opinions on this matter; "

Article 44 (6) reads as follows:

" (6) The head of the data protection authority shall be entitled to attend the meetings of the Data Protection Council or its working committees. He does not have the right to vote. "

16. § 44 (8) reads:

" (8) The members of the data protection council, the head of the data protection authority and the experts assigned to the meeting in accordance with paragraph 2 shall be made aware of the secrecy of all of them exclusively from their activities in the data protection council. If the secrecy is in the public interest or in the interests of a party, it is obliged to do so. "

17. The following paragraph 7 is added to § 60:

" (7) The contents list, § 5 paragraph 4, § 10 para. 2, § 12 para. 4, § 13 para. 1, 2 Z 2, para. 3, 4 and 6, § 16 para. 1, § 17 para. 1, § 18 para. 2, § 19 para. 1 Z 6 and para. 2, § 20 para. 2 and 5 Z 2, § 21 para. 1 Z 3, § 22 para. 2 to 4, § 22a para. 1, 3 to 5, § § Article 23 (2), section 26 (2), (5) and (7), § 27 (5) and (7), the title of § 30, § 30 (1), 2, 2a, 4 to 6a, the title of § 31, § 31 (1), 2, 5, 6 and 8, § 31a, § 32 (5) to (7), § 34 (3) and (4), the title of § 35, § 35 (1), § § 36 to 40. including transcripts, § 41 para. 2 Z 1, § 44 para. 6 and 8, § 46 para. 2 Z 3 and para. 3, § 47 para. 3 and 4, § 48a para. 2, § 50 para. 1 and 2, § 50b para. 2, § 50c para. 1, § 52 para. 2 Z 2 and 3 as well as para. 5, § 54 para. 2 and § 61 (8) to (10) in the version of the Federal Law BGBl. I No 83/2013 will be 1. Jänner 2014 in force. At the same time, Section 41 (2) (4a) and the DSK Remuneration Regulation (DSK), BGBl. II No 145/2006, except for force. The organisational and personnel measures necessary for the appointment of the head of the data protection authority and its deputy can already be taken before the Federal Law BGBl enters into force. I No 83/2013. '

18. (constitutional provision) The following paragraph 8 is added to Section 60:

" (8) (constitutional provision) § 2 (2) and § 35 (2) in the version of the Federal Law BGBl. I No 83/2013 will be 1. Jänner 2014 in force. "

19. The following paragraphs 9 and 10 are added to § 61:

" (9) With the expiry of 31 December 2013, the Data Protection Authority shall replace the Data Protection Commission. At the time of the entry into force of the Federal Law BGBl. I No. 83/2013 of the Data Protection Commission are subject to the provisions of this Federal Law in the version of the Federal Law BGBl. I No 83/2013 shall be continued by the Data Protection Authority. The data protection commission shall be deemed to have received the relevant data from the Data Protection Authority. The provisions of the Administrative Court Transitional Law, BGBl. I No 33/2013, shall remain unaffected. After the termination of the proceedings before the Administrative Court concerning the communication or the abatment of the Data Protection Commission or the Constitutional Court concerning the decision of the Data Protection Commission, the proceedings shall be of the following: data protection authority.

(10) The staff of the Data Protection Commission shall be subject to the entry into force of the BGBl. I n ° 83/2013 as a staff member of the Data Protection Authority. "

Article 2

Adjustment provisions

(1) Where reference is made in federal laws to the term "data protection commission", the entry into force of the BGBl. I No 83/2013 replace the term 'data protection authority'. This does not apply to the use of this term in conclusion and transitional provisions as well as in in-and outside-force regulations.

(2) This Article shall enter into force 1. Jänner 2014 in force.

Fischer

Faymann