Employers generally need to process data on their employees and candidates as part of the employment process. However, there are limitations on the processing of personal data in Austria, which employers must be aware of.
Austria’s data protection laws
Austria’s main data protection law is the Data Protection Act (Datenschutzgesetz or DSG). It’s based on the EU’s General Data Protection Regulation (GDPR). Other laws governing data protection in Austria include:
- The Austrian Constitutional Act (Arbeitsverfassungsgesetz or ArbVG).
- The Act on the Adaption of Employment Contracts (Arbeitsvertragsrechts-Anpassungsgesetz or AVRAG).
What employers need to know about Austria’s data protection law
Under the GDPR and the Austrian Data Protection Act, employers in Austria must have a legal basis for processing employee data. For example, they can generally process data of candidates or employees if it is necessary for the creation of the employment contract.
In practice, employers often ask employees for consent to process data. However, this can put employers in a vulnerable position, since the GDPR requires consent to be given freely, which is questionable in this case due to the imbalance of power inherent to the employment relationship.
Another problem is that employees and candidates can withdraw their consent at any time, meaning that the employer must not process any further data. This means that relying on consent as a legal ground for data processing is inadvisable.
Employee monitoring and surveillance in Austria
Employers in Austria may only use monitoring and control systems with the agreement of the works council. If there is no works council, they must have the individual agreement of each employee. This includes things like video surveillance and systems that monitor internet usage.
Data protection and background checks in Austria
Austria’s data protection laws put certain limitations on the background checks employers can perform on potential employees. For example, processing data related to criminal records is only allowed if the employer has a legitimate interest in determining whether a candidate has a criminal history.
This depends on the position the candidate is applying for. For example, it would usually be allowed if the position was in the financial services sector or involved working with children. Employers cannot require criminal records checks for all employees simply because they don’t want to employ people with criminal records.