Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.
Electronic marketing and internet use
Are there rules specifically governing unsolicited electronic marketing (spam)?
Yes. Austrian law sets strict requirements for consent declarations to use personal data for marketing purposes (based on the EU E-Privacy Directive (2002/58/EC), implemented by Section 107 of the Austrian Telecommunications Act).
Electronic messages (eg, email and text messages) that are sent for direct marketing purposes require the recipient’s prior consent (ie, opt-in). A mere opt-out is theoretically sufficient if the following conditions are met:
- The sender has a pre-existing relationship with the customer and initially (ie, at the time of data collection) allowed the customer to refuse further messages. The Supreme Court is strict in enforcing this requirement.
- The communication is transmitted for the purpose of direct marketing of products or services similar to those originally purchased by the customer.
- The customer (whether a natural or legal person) has a clear, distinct opportunity to object – free of charge and in an easy manner – to such use of advertisements in every email.
- A Robinson List is adhered to. This lists the email addresses of persons that do not wish to receive unsolicited marketing emails. The list is provided by the telecoms regulator at www.rtr.at/ecg.
Further, the draft EU ePrivacy Regulation will also provide new regulations for electronic communication and marketing. The draft contains similar provisions for unsolicited electronic marketing as outlined above and foresees same (high) fines as provided by Article 83 of the EU General Data Protection Regulation as applicable.
Yes. All website operators must inform users before collecting personal data through cookies. If personal data is collected, prior consent (an opt-in) is required (usually obtained via a banner at the top of the website). Consent must be based on clear, comprehensive disclosure of:
- the data that will be collected, processed and transferred;
- the legal basis for collection, processing and transfer;
- the purposes for collection, processing and transfer; and
- the retention period for the data.
However, the current draft of the EU ePrivacy Regulation provides that website visitors might consent to cookies through their browser settings. This would lead to facilitation for placing cookies compared to the current consent requirement. As a consequence, banners would no longer be required.
Click here to view the full article.