Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.

Electronic marketing and internet use

Electronic marketing

Are there rules specifically governing unsolicited electronic marketing (spam)?

Yes. Austrian law sets strict requirements for consent declarations to use personal data for marketing purposes (based on the EU ePrivacy Directive (2002/58/EC), implemented by Section 107 of the Austrian Telecommunications Act).

Electronic messages (eg, email and text messages) that are sent for direct marketing purposes require the recipient’s prior consent (ie, opt-in). A mere opt-out is theoretically sufficient if the following conditions are met:

  • The sender has a pre-existing relationship with the customer and initially (ie, at the time of data collection) allowed the customer to refuse further messages. The Supreme Court is strict in enforcing this requirement.
  • The communication is transmitted to directly market products or services similar to those originally purchased by the customer.
  • The customer (whether a natural or legal person) has a clear, distinct opportunity to object – free of charge and in an easy manner – to such use of advertisements in every email.
  • A Robinson List is adhered to. This lists the email addresses of persons that do not wish to receive unsolicited marketing emails. The list is provided by the telecoms regulator at .

Further, the draft EU ePrivacy Regulation will also provide new regulations for electronic communication and marketing. The draft contains similar provisions for unsolicited electronic marketing as outlined above and foresees same (high) fines as provided by Article 83 of the EU General Data Protection Regulation, as applicable.


Are there rules governing the use of cookies?

Yes. All website operators must inform their visitors before collecting personal data through cookies, unless those cookies are absolutely necessary for the functioning of the website.

Further, if personal data is processed or collected through non-functional cookies (especially marketing, tracking or analytics cookies), prior consent (opt-in) is required (usually obtained via a banner on the website). This cookie consent must be based on clear, comprehensive disclosure of:

  • the data that will be collected, processed and transferred;
  • the legal basis for collection, processing and transfer;
  • the purposes for collection, processing and transfer; and
  • the retention period for the data.

However, the current draft of the EU ePrivacy Regulation provides that website visitors might be able to consent to cookies through their browser settings. This would facilitate the use of cookies compared to the current consent requirement. Consequently, banners would no longer be required.

Click here to view the full article.