ABSTRACT
The drafting of the Directive on the protection of individuals with regard to the processing of personal data, and on the free movement of such data (95/46/EC Data Protection Directive) sparked a vigorous debate in Austria about whether the Data Protection Act from 1978, in force at the time, complied with the Directive. The regulation of data protection is addressed by the Datenschutzgesetz 2000, and in the data protection laws of the different Austrian States (BundesUinder). The Datenschutzgesetz 2000 is a Federal Act which contains constitutional and normal law. The controller (auftraggeber) is the guardian of the data. This is the person who made the decision to process the data for a specific reason. The DSG largely follows the Data Protection Directive as to when processing of personal data is permissible. The test of legitimacy of data use is twofold, and both steps must be cumulatively present for data use to be legitimate.
