'Influencer marketing' means taking advantage of bloggers and other persons who have their own social media channels to promote goods and services. While the concept of transmitting arguably hidden advertising is problematic, there are many variations of this and the lines between hidden advertising and personal opinion are often blurred. As such, the Advertising Council recently issued guidelines for dealing with influencer marketing as a specific means of marketing communication.
The EU General Data Protection Regulation (GDPR) has created a new understanding and awareness of data protection. Despite being a directly applicable legal act, the GDPR has created significant work for the Austrian federal legislature, which has chosen to impose it by implementing the narrow but general Data Protection Act and introducing amendments to ordinary legal acts individually. However, these amendments are essentially limited to wording adjustments and restrictions on data subjects' rights.
The Austrian Data Protection Authority (DPA) recently published its first decision on retention periods following the enactment of the General Data Protection Regulation. The decision is final. The DPA had to decide how long a telecoms service provider must retain so-called 'master data' – that is, data required for the controller's legal relationship with the users of its services.
Companies regularly store information about their customers, clients, employees, investors, partners and vendors. Privacy and data security are therefore important aspects of most M&A transactions. Although the risk of non-compliance with privacy laws may result in severe negative consequences, many M&A agreements still lack adequate privacy-related representations and warranties.
Members of Parliament recently filed an application to amend the Data Protection Act 2018 in order to clarify certain aspects which have led to confusion over the past couple of months. In addition to several provisions relating to competence, the proposed act, among other things, contains a rephrased version of the fundamental right to data protection, introduces the mandatory appointment of data protection officers and suggests enabling the matching of images with explicit consent.