By the Editorial Board.
Austria – The platform of investigative journalism Addendum launched on January 7 in the morning put a cat among the pigeons. The news that at first looks like what is commonly called a fake news is not one…
Our Austrian colleagues from the Addendum platform have triggered a huge scandal about how some companies manage the notion of data protection. The Austrian Post (Österreichische Post) – of which the Austrian Federal State still indirectly holds 52.9% of the shares – has since 2001 marketed mailing files that mail companies use to address the advertising mail of various companies. This is generally known and almost everyone has allowed the post office to do it – as the law stipulates it – without paying too much attention to the forms – to redirect one’s mail for example.
What was not known by the general public – at least until January – is that the post office – in addition to name, first names, address, telephone, sex and age – also collected other information, including the supposed political affinities of about 2.2 millions of users. The first thing one can wonder then is how the post office got this kind of information that people rarely talk about with an attendant at the post office… The answer is quite simple. The post office based its profiling on various criteria (election results in the polling station to which the address is linked, polls, statistics, etc.) and thus determined – by calculation of likelihood – an assumed political affinity and sold the addresses according to these results in particular to political parties seeking to target their mail during election periods. As the post office did not deny but actually acknowledged the facts, they can be considered as established.
Many data protection experts see this practice as illegal. Thus, the lawyer Axel Anderl (Dorda cabinet Vienna) stated that “this use [of data] is clearly prohibited. Onee consciously provides a third party with an estimate of [people’s] political orientation, so that the latter can target their advertising actions”.
However, Article 9 of the General Data Protection Regulation (GDPR) expressly provides that the registration and dissemination of certain data relating to “racial and ethnic origins, political opinions, religious or philosophical convictions, sexual orientation” etc. is prohibited unless the data subject has expressly consented to it. Even in this case, national or European legislation may, where appropriate, stipulate the prohibition.
The director of the Austrian Data Protection Authority (Datenschutzbehörde), Andrea Jelinek, told the radio on January 8 that the authorities have decided to open an investigation about postal practices in this field. Following this announcement, the Austrian Post management decided on January 9 to immediately stop this practice and to delete as soon as possible in its files all the data relating to the supposed political opinions of its users.
