For a short description of the rights referred to the individual [Right to Information, “Auskunftsrecht”] according to section 26 of the Austrian Data Protection Act [original title: Bundesgesetz über den Schutz personenbezogener Daten (Datenschutzgesetz 2000 – DSG 2000)] as well as for a link to German/English version of the law please see my previous post >>here<<.
Very short summary: according to section 26 of the Austrian Data Protection act, every individual (data subject) may ask entities holding (any kind) of information about the data subject, free of charge, once a year and within 8 weeks, to disclose all the information stored about him/her/it.
How it all started: At a legal symposium in early 2009 a speaker mentioned that the Austrian Data Protection act was kind of a LEX IMPERFECTA as it was very difficult to actually get the requested information from from e.g. his bank. So, while waiting for the opinion of the GA I sent out letters to 3 entities, asking them to reveal which kind of information they’ve stored about me.
I’ve tried it anyway, and here is my summary:
Deltavista GmbH: As there was no clear description on the website of the Deltavista GmbH of how to file a request, a week was wasted before tDeltavista received my letter containing all the necessary documents (copy of my driving license). Anyhow, on the 18th of June I received a letter including “all” the information they have stored about me. The information included my name (not the correct / full one) and the addresses at which I’ve lived in Austria. Furthermore it said that this information has not been “used” within the last year and that they do not have a creditworthiness history about me. I have to say I am satisfied with the speed of delivery and the content of the information. It is still interesting to see that in their presentation Deltavista listed one bank to be one of their clients. I have a bank account at this (foreign) bank, but however no information about this bank account didn’t show up in my records presented by Deltavista. I took that as a good sign. Solid and quick.
T-Mobile Austria: Getting the information from T-mobile was not easy but the staff was very nice and helpful, although they honestly didn’t have the slightest clue what I was talking about. After being forwarded to the legal department, after having talked to many nice ladies (one of which tried to convince me that such requests could only be filed by a court order ;), the lady at the legal department asked me what information exactly I was requesting, which was a bit difficult as I didn’t really have a clue what kind of information they might be holding about me in the first place. On the 20th of July I finally received the requested information in the form of dodgy print outs from their computer system. Friendly & helpful, but a bit unorganized.
Bank Austria – Unicredit: Reaching the legal department was by far the hardest bit as the main questions were always “why” and “what exactly”? I guess what saved me was that, as the head of my local branch was continuously very extremly reluctant to assist with my request, I couldn’t help but mention that I am a jurist and that I am submitting my request for research purposes and that I was timing my request and taking down the names of all the people involved (I guess that was after my third conversation with him). As a result he kind of refused to talk to me (“I am not authorised, bla, bla, bla…. “) anymore, but finally promised to forward my request to the legal department of my bank. This was the point at which I signed up for the Domain www.bankaustria-unzufriedene.at. Once having reached the legal department (call them, they won’t inform you that they’ve received your request), everything went quite swiftly and I have to say that when I received the letter from the bank on the 1st of August (the deadline prescribed by law ended on Monday the 3rd of August and I received the letter by express mail on Saturday the 1st) I was more than surprised. Apparently someone had really put some thought into how to prepare the information for their customers. Very, very well done. There was a tiny question left which was answered with a two minute conversation with a friendly employee at my local bank. After managing to get past the head of the branch; not fast but excellent quality.
CONCLUSION: The problem seems to be that companies such as T-mobile and Bank Austria still haven’t informed their first level support staff about the customer rights arising out of section 26 DSG. Once the customer/client has made it to the legal department he/she has already reached his goal 😉