DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇦🇹 European Union

Cookie consent in Österreich

Consent and privacy law in Österreich

In short
Austria's DSB issued one of the first European rulings that the standard use of Google Analytics was unlawful because it transferred personal data to the United States without adequate protection. That decision, prompted by complaints from the group None of Your Business, shaped the wider European debate on analytics. The DSB requires opt-in consent for non-essential cookies under the Austrian Telecommunications Act and expects clear German language notices. Austrian guidance treats IP addresses and online identifiers as personal data and is sceptical of broad legitimate interest claims for tracking. Controllers should document the legal basis for each tracker.
Authority
Österreichische Datenschutzbehörde (DSB)
Status

GDPR applies since 25 May 2018, with the Austrian Datenschutzgesetz

Primary law
GDPR
Languages

de

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Re-examine analytics that transfer data to the United States
  • Use opt-in consent under the Austrian Telecommunications Act
  • Provide notices in German
  • Document the legal basis for each tracker and avoid broad legitimate interest claims

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇦🇹 Austria

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Austria using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Austria.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Austria requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Austria audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Did Austria rule against Google Analytics?+

Yes. The Austrian DSB found that standard use of Google Analytics breached the GDPR because it transferred personal data to the United States without sufficient protection.

What language should Austrian cookie banners use?+

Banners should be in German for an Austrian audience, with clear information about each tracking purpose and an easy reject option.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇮🇪 Éire / Ireland🇩🇰 Danmark🇫🇮 Suomi