Austria’s data strategy is derived from the European data strategy. It aims to improve the framework conditions for the data economy and to promote the secure exchange and broad use of data.
Three strategic goals were established: (1) developing sustainable data infrastructures, (2) activating the potential for responsible data use, and (3) establishing an innovative data culture and strengthening data skills. At present, the strategy is driven by the implementation of the Data Governance Act and the Data Act.
The Data Governance Act – Regulation (EU) 2022/868 – is intended to create a framework for improved data-sharing in the public sector applicable from September 2023. The public sector is called upon to enable the use of protected data (in a controlled, secure processing environment). To this end, structures are to be created that, on the one hand, ensure that protected data can be found more easily and, on the other hand, support public authorities in making protected datasets available. From an economic and social point of view, the registration of data brokering services (intermediaries) and recognized data altruism organizations should contribute to a further strengthening of the European data economy.
The Data Act – Regulation (EU) 2023/2854 – particularly addresses manufacturers of connected products and services (Internet of Things). The purpose of the Data Act is to regulate access to data and its use within the EU for B2B and B2C for personal and non-personal data becoming directly applicable from September 12, 2025. The aim of the Data Act is to enable the sharing of and access to data for users of such products. The regulation also stipulates that users can share this data with third parties. This is particularly relevant for, for example, repairs or maintenance of networked products (e.g., cars).
The Data Act also protects SMEs from unfavorable contractual terms that could be imposed by larger companies (e.g., contractual clauses that are unilaterally determined and unfairly prohibited and shall be considered not binding). Therefore, agreements and general terms and conditions of entities involved must also be reviewed for void clauses under the Data Act in addition to void clauses under Austrian civil law. However, many clauses considered unfavorable under the Data Act might already be considered void by local Austrian law.
Of relevance is also the Open Data Directive (EU) 2019/1024 which sets out minimum requirements for the improved reuse of public sector data based on the principles of transparency and non-discrimination. A core element is the establishment of the commercial usability of published public sector data. The directive defines basic conditions for fees, formats, licenses, and the interoperability of data that apply in all EU member states.
Intensive preparations are currently underway to implement the Data Governance Act and the Data Act in Austria. Especially, the competent authorities and the sanction systems for non-compliance must be determined. Drafts are not yet available.
In connection with the Data Governance Act, a draft of an Austrian Data Access Act is available, which provides the basis for enabling national governance for the secure and further anonymized and reuse of protected public sector data.
On January 31, 2024, the new Freedom of Information Act (Informationsfreiheitsgesetz) was passed, ending official secrecy (secrecy that is restricted to specific public officials), which is an absolute milestone in public data governance. Specifically, the Freedom of Information Act – from its entry into force in September 2025 – grants every natural and legal person the right of access to state and certain corporate information. In addition, the Freedom of Information Act obliges public bodies to proactively publish information of general interest – that is, information that concerns or is relevant to a general group of people (e.g., activity reports, official statistics, studies, expert opinions, and contracts). With regard to the existence of reasons for secrecy, a balance of interests must be weighed between the right of the individual to freedom of information and the interest of the institution in secrecy. In the weighing process, the activities of so-called “social watchdogs” (non-governmental organizations and journalists who need the information to conduct a public debate) must be taken into account, according to the explanations.
By Sabine Fehringer, Partner, DLA Piper Austria
This article was originally published in Issue 11.11 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.
