A highly controversial, but somehow “heart-warming presentation” was held at the 3rd Austrian IT-Law congress by a representative of a credit-worthiness database-company who explained the audience that their service was absolutely essential to mankind as without an entry in their database people just wouldn’t be able to conclude any contracts (e.g. signing up for a mobile-phone contract or opening a bank account) any more. Yes, they appear all to be truly altruistic at heart ans I reckon they just have to “sell” the data to cover their fix-costs. To sum it up what the gentleman from the Deltavista GmBH and a representative of the Austrian Kreditschutzverband, sitting in the audience, said: As grown up human being I shall be no longer contractually capable, unless I am registered in a creditworthiness database!
After the presentations I chatted with my colleagues about the reality of Data protection / creditworthiness databases in Austria and I was told that it is pretty pointless to try to get information from your bank and that the last colleague who tried to do so, in the end changed his bank.
As I am a curious person myself I took a look at the central section Section 26 of the Austrian Federal Act concerning the Protection of Personal Data (de/en version) which states:
“Sect. 26 (1) The controller [Auftraggeber]shall provide the data subject [Betroffener] with information about the data being processed and relating to him, if the data subject so requests in writing and proves his identity in an appropriate manner. Subject to the agreement of the controller, the request for information can be made orally. The information shall contain the processed data, the available information about their origin, the recipients or categories of recipients [Empfängerkreise] of transmissions [Übermittlungen], the purpose of the use of data [Datenverwendung] as well as its legal basis in an intelligible form. Upon request of the data subject, the names and addresses of processors [Dienstleister] shall be disclosed in case they are charged with processing data relating to him. With the consent of the data subject, the information may be provided orally alongside with the possibility to inspect and make duplicates or photocopies instead of being provided in writing.”
(3) Upon inquiry, the data subject has to cooperate in the information procedure to a reasonable extent to prevent an unwarranted and disproportionate effort on the part of the controller.
(4) Within eight weeks of the receipt of the request, the information shall be provided or a reason given in writing why the information is not or not completely provided. The information may be refused if the data subject has failed to cooperate in the procedure according to para. 3 or has not reimbursed the cost.
(6) The information shall be given free of charge if it concerns the current data files [Datenbestand] of a use of data and if the data subject has not yet made a request for information to the same controller regarding the same application purpose [Aufgabengebiet] in the current year. In all other cases a flat rate compensation of 18,89 Euro may be charged; deviations are permitted to cover actually incurred higher expenses. A compensation already paid shall be refunded, irrespective of any claims for damages, if data have been used illegally or if the information has otherwise led to a correction.
Taking all these things into account I approached my bank ( 08.06.2009), my mobile-phone provider (11.06.2009) as well as the Deltavista GmbH (letter posted on the 15.06.2009 as I’ve received no answer to my email). So, let’s see what will happen. I’ll keep you informed!