Austrian Post fined over customer data misuse

Vienna (AFP) –


Austria's postal service have been fined 18 million euros ($20 million) for working up data about their customers' assumed political allegiances, the justice ministry said Tuesday.

In January, Austrian Post said it would delete a database of the likely political affinities of around 2.2 million customers after privacy campaigners likened the practice to the Facebook data-sharing scandal.

The Austrian Data Protection Authority decided on the 18-million-euro administrative penalty after finding that Austrian Post violated data protection regulations, the justice ministry said in a press release.

Austrian Post, which is publicly listed but still majority-owned by the government, will appeal the decision.

Austrian Post said in January it would restructure its entire database "along new lines".

Austrian Post has compiled the names, addresses, age and gender of around three million Austrians -- or around one third of the population -- and regularly sells that information to advertisers as part of its direct mailings business.

The division generates annual revenues of around 200 million euros ($230 million) for the company.

Privacy campaigners were up in arms when it emerged that Austrian Post also made educated guesses about the political affinities of its customers and sold that information to political parties.

The privacy campaign group, Epicenter Works, argued that this breaches EU data protection rules. Consumer protection group VKI also raised questions about the legality of the practice.

Austrian Post argued that the assumptions were based on opinion polls and voting statistics in specific geographical areas, in the same way that exit polls are calculated after elections.

It said the data cannot be extrapolated to reveal the voting behaviour of specific individuals.

Campaigners nevertheless drew comparisons to the series of scandals concerning data protection and privacy that have engulfed Facebook, the world's largest social network, in a number of countries after user data were hijacked in the 2016 US election campaign.