Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues


The Federal Government's online platform "Digital Austria" offers comprehensive information about e-government applications in Austria, prioritising "the integration of all citizens, data protection management, and customer orientation".1

The central element of e-government in Austria is the citizen card (Bürgerkarte), an electronic identification concept (and not a physical object), which uniquely identifies a person by digital means and can inter alia be used to deal with administrative authorities securely or functions as an online ID as well as a secure and qualified online signature.2 The unique identification of a natural person – the only kind of person entitled to hold a citizen card – is effected by an identity link established with the help of a particular source identification number (Stammzahl or sourcePIN).3 The sourcePIN is usually derived from that person's registration number in the Central Register of Residents and secured by using strong cryptography.4 The Data Protection Commission (DSK) acts as the sourcePIN register.5 For security reasons, the sourcePIN is stored permanently only in the citizen card; however, it can be regenerated by the sourcePIN register whenever required. In a next step the sector-specific ssPIN (bereichsspezifisches Personenkennzeichen or bPK) is derived from the sourcePIN of a natural person. The ssPIN's use is then limited to a specific sector of State activity.6

Austrian privacy organisations have strongly criticised the DSK's role, for it acts as its own supervisory body and no independent mechanism of control has been established at the heart of this national identification system.

Electronic delivery can be chosen as an additional service, which is carried out by (private) electronic delivery services. The providers have to prove their reliability, especially with respect to data protection, and are subsequently licensed by the Federal Chancellery.7

In 2007, the reform of the electoral law extended the franchise by lowering the age limit to 16 years and introduced voting by mail from within the country.8 As a reaction to a decision by the Constitutional Court (VfGH), absentee voting had been introduced in 1990, allowing Austrians living abroad to exercise their franchise by mail.9 E-voting and the extension of voting by mail have been subject to lively discussions ever since. As of 2007, voting by mail no longer requires a witness to prove the personal exercise of the right to vote. Instead, the voter signs a statutory declaration on the outside of the envelope (Wahlkarte). Sealing the envelope also covers the signature. Later the perforated seal can be opened in a way that allows identifying the voter without at the same time disclosing the ballot, which is sealed in a second envelope.

However, there is no constitutional basis for e-voting. Neither voting through the Internet nor the use of electronic voting machines at the polling station is admissible in national, regional, or local elections. The first elections offering an e-voting option were the Austrian Student Union (Österreichische Hochschülerschaft) elections in 2009. A turnout of 0.9 percent of online voters led the Ministry of Science to temporarily abandon its support for the e-voting experiment. Moreover, certain malfunctions led to successful challenges of the elections at the universities of Vienna and Salzburg.10 Hence, the 2011 elections will go back to the traditional ballot.

Finally it has to be mentioned that before the reform of the electoral law in 2007, the Austrian Constitution allowed the States (Bundesländer) to introduce compulsory voting in State elections.11

This "Transparency Database" has been a matter of political dispute for more than a year; however, it's only recently that the government agreed in principle on the features of this database. The draft law12 is now subject to expert opinions. It will establish a database which will be run by the BRZ limited (Bundesrechenzentrum GmbH) for the federal government. It will contain net income and social benefits for individuals and state aid, subsidies, and tax benefits (e.g. resulting from group taxation) for companies, and state aid as well as subsidies for agriculturists. The database will be accessible for the data subject only and the granting of further benefits will require forwarding an electronic copy, which – in exceptional cases – will contain information on the applicant’s entire household. The government can authorise aggregated and anonymous analyses by the BRZ limited.

Open government

The Freedom of Information Act (Auskunftspflichtgesetz[160]) compels federal authorities to provide information concerning their areas of responsibility insofar as there is no conflicting obligation to maintain confidentiality. However, no right to access documents is granted and the duty to provide information is limited in scope, as other tasks of the administration should not be seriously affected. Similar laws exist in the nine states (Bundesländer).

The Security of Information Act (Informationssicherheitsgesetz or InfoSiG13) aims at implementing obligations under international law concerning the secure use of classified information. Persons (e.g. civil servants etc.) disclosing classified information which they gained access to based on this law and which could impair Austria's public security, national defence, or foreign relations, commit a criminal offence. The penalty ranges from a fine to imprisonment up to six months, in special cases up to one year. Sanctions against journalists etc. who spread such information are not stipulated in the law. When the law was drafted it was criticised for being poorly formulated and there were concerns that it might adversely affect the free flow of information. The fact that any official14 could classify his/her files raised fears that this tool could be used to restrict public scrutiny.15 When the law was finally adopted those fears had been widely put aside.

Today, "industrial security" is a most important field of application of the InfoSiG. A commission in the Federal Chancellery issues "Facility Security Clearances" for companies or research centres who make bids on international tenders that involve classified official information.16

Other recent factual developments (with an impact on privacy)

Due to an amendment to the Austrian Broadcasting Corporation Act (ORF-Gesetz) the public broadcaster ORF (Österreichischer Rundfunk) had to shut down its "special interest" online platform "Futurezone" as of 1 October 2010.17 Futurezone, which had been dealing with net politics, data protection, and civil rights for 11 years, was among the most renowned German-language institutions in the field.18 According to the ORF, the archives will be maintained and at some point publicly available.19

Non-government organisations' advocacy work

Among the organisations that actively advocate data protection and privacy in Austria, there is "ARGE DATEN", a non-profit, non-governmental organisation, which is examining the interaction between usage of computer science, information law, and society. Its aim is the human and socially responsible use of information technology and telecommunications.20 Another organisation is "Quintessenz," a platform whose mission is the restoration of civil rights that have been abolished by technical means during the first stage of the information revolution.21 "VIBE!AT" is an association promoting the responsible and self-determined use of the Internet. It actively tries to create public awareness of attempts to overly limit this freedom.22

The initiative "Open Government Data Austria", which was newly formed in 2010, is campaigning for free and better access to public, non-personal data (e.g. census data, environmental data, traffic data, etc) through mash-ups, new user interfaces, and a standardised format (Linked Open Data or LOD). The initiative, which is supported by researchers and universities, aims at cooperating with public authorities and their e-government ambitions to the benefit of citizens, economy, and administration.23

International obligations and International cooperation

Austria has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and its First Optional Protocol, which establishes an individual complaint mechanism.24

Austria is a member of the Council of Europe and the ECHR forms part of the Austrian Constitution.25 Austria has signed and ratified the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data26 as well as the Additional Protocol regarding supervisory authorities and cross border data flows.27 It has also signed but not yet ratified the Convention on Cybercrime ("Budapest Convention").28

As a member of the OECD, Austria also cooperates with this organisation. Finally, Austria has bi- and multilateral treaty obligations with ramifications on privacy and data protection.29

As a member of the European Union Austria has a duty to transpose the content of EU privacy and data protection legal instruments (e.g. the Data Protection Directive (1995/46/EC), the Directive on Privacy and Electronic Communications (2002/58/EC), the E-Commerce Directive (2000/31/EC)) into its national legal order. Relevant Austrian institutions also have a general duty to interpret national law in conformity with EU law.