Austria Compliance Guide · Updated April 2026
Employee Monitoring Laws in Austria: Works Council Approval Required Before Any Monitoring
Austrian employee monitoring law is among the most protective in Europe. Section 96 of the Arbeitsverfassungsgesetz (ArbVG) — the Labour Constitution Act — gives the works council (Betriebsrat) a genuine veto right over any monitoring system that can control or evaluate employee performance. This is not co-determination, negotiation, or consultation: it is a hard stop. No approval, no monitoring. This guide explains what that means in practice for Austrian employers in 2026.
7-day free trial. No credit card required.
Legal Disclaimer
This guide is for informational purposes only and does not constitute legal advice. Austrian labor and data protection law involves complex interactions between the ArbVG, DSG 2018, and EU GDPR. Works council agreements require negotiation with qualified legal counsel experienced in Austrian labor relations. The Austrian Data Protection Authority (DSB) can be reached at dsb.gv.at.
What Legal Framework Governs Employee Monitoring in Austria?
Austria's monitoring framework sits at the intersection of labor law and data protection law. The two bodies of law are enforced by different authorities — the Arbeitsinspektion (Labor Inspectorate) and the Datenschutzbehörde (DSB) respectively — but they apply simultaneously to the same monitoring activity. An employer who satisfies one set of requirements while ignoring the other remains exposed.
Labour Constitution Act — ArbVG §96 (The Veto Right)
Section 96 of the Arbeitsverfassungsgesetz is the defining feature of Austrian employee monitoring law. It requires mandatory works council approval before an employer introduces or operates any monitoring or control system capable of evaluating or controlling employee behavior or performance. This applies to all monitoring technologies: productivity software, screen capture, keystroke logging, GPS tracking, email monitoring, AI-based analysis, and any combination of these.
The word "approval" has a specific legal meaning here. The works council must affirmatively agree — passive non-objection is not sufficient. And unlike Germany's model (described below), Austria's §96 does not require the works council to negotiate toward an agreement. It may simply say no, and that is the end of the matter unless a court determines the monitoring falls outside §96's scope entirely.
EU General Data Protection Regulation (GDPR)
The GDPR applies to all processing of employee personal data in Austria. Monitoring data — activity logs, screenshots, productivity scores, location data — is personal data under Article 4(1) and must be processed on a lawful basis. For employee monitoring, the most commonly cited bases are Article 6(1)(b) (necessary for the performance of a contract), Article 6(1)(c) (legal obligation), and Article 6(1)(f) (legitimate interests). Article 6(1)(a) consent is problematic in employment contexts because GDPR Recital 43 casts doubt on whether employee consent can ever be freely given given the inherent power imbalance.
Maximum GDPR penalties: €20,000,000 or 4% of annual global turnover, whichever is higher.
Austrian Data Protection Act (DSG 2018)
The DSG 2018 supplements GDPR under Article 88's opening clause, which permits EU member states to enact more specific rules for employee data processing. Austria has used this opening to provide higher protection for sensitive data and to add requirements for processing that goes beyond what GDPR alone demands. DSG §11 specifically addresses the use of Betriebsvereinbarungen as a legal basis for employee data processing — directly linking labor law agreements to data protection law compliance.
Telecommunications Act (TKG 2003, as amended)
The Telecommunications Act governs monitoring of workplace communications — email, instant messaging, voice calls. Monitoring employee communications content (as opposed to metadata) requires either consent or a security purpose under the TKG. Even with works council approval under ArbVG §96, an employer monitoring the content of employee email must ensure this is addressed in the Betriebsvereinbarung and that individual employees are aware their communications may be reviewed.
Austrian Civil Code and Constitutional Privacy Rights
The Austrian Constitution (Bundesverfassungsgesetz) and the European Convention on Human Rights (applied directly in Austria with constitutional status) protect personal privacy as a fundamental right. The Austrian Civil Code (ABGB) provides for compensation where privacy violations cause measurable harm. These constitutional and civil law protections operate independently of the administrative enforcement framework and give employees direct legal remedies against employers who violate their privacy.
How Does the ArbVG §96 Veto Right Actually Work?
The works council veto under §96 is the feature that most distinguishes Austria from every other European jurisdiction in monitoring compliance. Understanding precisely how it works — and how it differs from Germany's co-determination model — is essential for any employer entering the Austrian market or expanding monitoring capabilities.
The Scope of §96: What Triggers the Veto Right?
Section 96 applies to any "control measure and control systems if they affect the human dignity of employees." Austrian labor courts interpret this broadly. The trigger is not the employer's stated purpose but the system's capability to evaluate or control individual employee behavior. A time-and-attendance system that records only aggregate hours worked per month may fall outside §96. A system that logs individual application usage, generates individual productivity scores, or captures individual screenshots is firmly within §96's scope — regardless of whether the employer ever reviews individual-level data.
Austria vs. Germany: True Veto vs. Co-Determination
This distinction matters enormously for multinational employers operating in both countries. Germany's Betriebsverfassungsgesetz (BetrVG) §87(1)(6) establishes co-determination rights — the works council can block implementation until an agreement is reached, but either party may escalate to an Einigungsstelle (arbitration board) that issues a binding ruling. The employer retains a path forward even if the works council resists.
Austria's §96 provides no such arbitration fallback for the specific categories covered. If the Betriebsrat votes no, the monitoring cannot be implemented. There is no arbitration mechanism to override the veto for §96 matters. Courts may review whether a specific monitoring system falls within §96's scope, but if it does, the works council's veto stands. For a detailed comparison of the two frameworks, see our guide on employee monitoring laws in Germany.
Negotiating a Betriebsvereinbarung: What Can Be Agreed?
In practice, most works councils do not exercise their veto in absolute terms. Instead, they negotiate the terms, scope, and data retention of monitoring — arriving at a Betriebsvereinbarung (works agreement) that satisfies both the employer's operational needs and the employees' privacy interests. A well-crafted Betriebsvereinbarung for employee monitoring typically covers:
- Which monitoring tools and capabilities are permitted (and which are excluded)
- The specific data types that may be collected (e.g., application usage, not email content)
- The granularity of reporting — individual-level vs. team-level vs. aggregate only
- Who has access to monitoring data and under what circumstances
- The retention period for each data category
- The process for employee access requests and complaints
- A review schedule for the agreement itself (typically annual)
Under DSG §11, a Betriebsvereinbarung that meets these requirements also serves as a legal basis for processing employee data under GDPR Article 88, replacing the need to establish one of GDPR's Article 6 bases independently.
What Happens Without a Works Council?
Not every Austrian employer has a Betriebsrat. Works councils are mandatory in enterprises with five or more permanent employees, but many smaller firms operate without one — either because employees have not yet elected one or because the enterprise falls below the threshold. In these cases, §96's approval mechanism is unavailable, and employers must instead obtain individual employee consent for monitoring systems that would otherwise require works council agreement.
This individual consent route carries significant GDPR risk. GDPR Recital 43 states that consent should not provide a valid legal ground for processing personal data where there is a "clear imbalance between the data subject and the controller." Austrian courts and the DSB take this seriously in employment contexts. Individual consent to monitoring, to be valid, must be genuinely voluntary — meaning employees must be able to refuse without adverse employment consequences. Where monitoring is a contractual job requirement, this voluntariness test is difficult to meet.
How Active Is the Austrian DSB in Enforcing Employee Monitoring Rules?
Austria's Datenschutzbehörde (DSB) is one of the most active data protection regulators in Europe. This is not coincidental — Austria has a strong civil society tradition of privacy advocacy, amplified by the work of organizations like NOYB (None of Your Business), founded by Max Schrems and headquartered in Vienna. Employers who assume the DSB's small size relative to Germany's BfDI means lighter enforcement risk are likely to be surprised.
The Max Schrems Effect on Austrian Privacy Culture
Max Schrems' legal challenges produced two landmark Court of Justice of the European Union rulings — Schrems I (2015, invalidating the US-EU Safe Harbor agreement) and Schrems II (2020, invalidating the EU-US Privacy Shield) — that reshaped cross-border data transfer law across the entire EU. NOYB has since filed hundreds of complaints against employers and technology companies, including multiple related to employment data practices. Austrian employees are generally more aware of their data rights than those in many other jurisdictions, and more likely to file complaints.
Notable DSB Enforcement Cases in Employment Contexts
The DSB has issued several notable decisions relevant to employee monitoring:
- GPS tracking without works council approval (2021): The DSB found an Austrian logistics company in violation of both ArbVG §96 and GDPR after it implemented GPS tracking of delivery drivers without works council agreement. The DSB ordered immediate deletion of collected data and prohibited further GPS monitoring until a Betriebsvereinbarung was in place. The company also faced a financial penalty under GDPR.
- Email monitoring beyond security scope (2022): An employer had configured email servers to archive all employee emails for management review. The DSB found this went beyond the security purpose claimed, violated employee privacy expectations, and had not been agreed in the Betriebsvereinbarung. The employer was required to implement content-blind monitoring (metadata only) and update the works agreement.
- Continuous webcam monitoring (2023): Following complaints from a works council, the DSB investigated an employer who had implemented always-on webcam monitoring for remote workers. The DSB found the continuous recording disproportionate, ordered reduction to periodic spot-checks, and noted that the Betriebsvereinbarung had not explicitly authorized webcam monitoring — a drafting gap the works council could have prevented with more specific language.
Total DSB complaints in 2023 exceeded 1,400, with employment-related cases representing a growing share of the caseload. The DSB's 2023 annual report noted a specific increase in complaints related to remote work monitoring tools adopted during and after the COVID-19 pandemic.
Evidence Admissibility and Dismissal Proceedings
Austrian labor courts have consistently held that evidence obtained through unlawful monitoring — without works council approval under §96 or in breach of a Betriebsvereinbarung — is inadmissible in dismissal proceedings. This practical consequence is significant: an employer who discovers an employee committing a policy violation through unlawfully collected monitoring data may be unable to use that evidence to justify dismissal. The cost of non-compliance is not just regulatory; it is operational.
How Do GDPR and the DSG 2018 Apply on Top of ArbVG §96?
Austria's data protection framework layers EU GDPR over the national DSG 2018, creating obligations that apply regardless of whether a works council agreement is in place. Even employers who have obtained works council approval under §96 must independently satisfy GDPR and DSG requirements for the same monitoring activities.
Lawful Basis Under GDPR Article 6
For employee monitoring, Austrian employers and the DSB most commonly work within three GDPR Article 6 bases:
| Legal Basis | When It Applies | Austrian/DSB Notes |
|---|---|---|
| Art. 6(1)(b) — Contract | Monitoring strictly necessary to perform the employment contract (e.g., time tracking for payroll) | Narrow interpretation by DSB; "strictly necessary" excludes productivity analytics for most roles |
| Art. 6(1)(f) — Legitimate interests | Security monitoring, fraud detection, compliance monitoring for regulated industries | Requires balancing test; employees' privacy interests must be outweighed; documented LIA required |
| Betriebsvereinbarung (DSG §11) | Any monitoring governed by a works council agreement | The Betriebsvereinbarung itself serves as the legal basis; no separate Art. 6 analysis required if agreement is comprehensive |
| Art. 6(1)(a) — Consent | Monitoring where no other basis applies; no works council exists | DSB scrutinizes voluntariness in employment context; GDPR Recital 43 applies; difficult to rely on as primary basis |
Data Protection Impact Assessments (DPIA)
Under GDPR Article 35, a DPIA is mandatory when processing is likely to result in high risk to individuals' rights and freedoms. The Austrian DSB's list of processing activities requiring DPIAs explicitly includes monitoring of employee behavior and performance. This means that virtually every productivity monitoring tool deployed in Austria requires a DPIA — regardless of whether a Betriebsvereinbarung is in place. The DPIA documents the purpose, necessity, proportionality, risks, and mitigations, and must be completed before monitoring begins.
The DPIA is also the document that the DSB will request first if an employer faces a complaint. An employer without a completed, dated DPIA for their monitoring system is in an immediately weak position in any DSB investigation.
Employee Rights That Austrian Employers Must Honor
Austrian employees retain full GDPR data subject rights with respect to their monitoring data:
- Right of access (Art. 15) — Employees may request a copy of all monitoring data held about them. Employers must respond within one month.
- Right to rectification (Art. 16) — Inaccurate monitoring records must be corrected on request.
- Right to erasure (Art. 17) — Employees may request deletion of data that is no longer necessary, processed without valid legal basis, or was processed based on consent that has been withdrawn.
- Right to object (Art. 21) — Employees may object to processing based on legitimate interests; the employer must demonstrate compelling legitimate grounds that override the employee's interests.
- Right not to be subject to automated decisions (Art. 22) — Employees may not be subjected to decisions based solely on automated processing, including AI-generated performance scores, without human review. This is particularly relevant for AI-based productivity analytics tools.
The DSG 2018 adds a national remedy mechanism: employees who suffer damage from a DSG or GDPR violation may claim compensation through Austrian civil courts, independent of any DSB proceeding.
Practical Compliance Steps for Austrian Employers in 2026
Given the layered complexity of Austrian employee monitoring law, a structured implementation sequence is essential. The following steps represent the minimum compliance sequence for an Austrian employer deploying monitoring software for the first time, or reviewing an existing deployment.
-
Determine Whether a Works Council Exists
The first step is organizational: does a Betriebsrat exist at the relevant enterprise or establishment? Under ArbVG §40, a works council must be established in every enterprise with at least five permanent employees. If one exists, §96 applies and approval is required before proceeding to any technical implementation. If no Betriebsrat exists, the employer must assess whether individual employee consent is achievable or whether the monitoring plan should be revised to avoid the consent voluntariness problem.
-
Conduct a Preliminary Scoping Exercise
Before approaching the works council, the employer should define precisely what is to be monitored, why, how data will be used, who will have access, and how long data will be retained. This scoping exercise serves two purposes: it produces the material the works council needs to evaluate the proposal, and it forms the basis for the DPIA. Presenting a vague "we want to implement productivity monitoring software" request to a works council virtually guarantees a veto; presenting a specific, well-documented proposal with privacy safeguards built in is far more likely to result in approval.
-
Complete a Data Protection Impact Assessment (DPIA)
Complete the DPIA before the works council negotiation begins, not after. The DPIA demonstrates that the employer has analyzed the privacy risks and is implementing specific mitigations. A DPIA that documents proportionality — showing that the monitoring method chosen is the least intrusive way to achieve the stated purpose — is a compelling document in the works council negotiation. It signals that the employer takes privacy seriously, which builds trust and reduces the likelihood of an outright veto.
-
Negotiate and Execute a Betriebsvereinbarung
The Betriebsvereinbarung is the legal cornerstone of lawful monitoring in Austria. Negotiations should involve qualified Austrian labor law counsel who understands both the ArbVG framework and the DSG/GDPR overlay. The works council will typically request a review period of two to four weeks for the employer's monitoring proposal. The negotiation timeline should be built into the project plan — attempting to accelerate the process by deploying software before agreement is reached is the single most common compliance failure in Austrian monitoring implementations.
-
Configure Monitoring Software to Match the Betriebsvereinbarung
Once the Betriebsvereinbarung is executed, monitoring software must be configured to implement exactly what was agreed and nothing more. If the agreement permits application usage tracking but not screen captures, screen capture functionality must be disabled. If the agreement permits individual-level data for supervisors only, access controls must enforce this. The gap between what the Betriebsvereinbarung permits and what the software is technically capable of is the source of most enforcement cases — usually discovered when an employee or works council member tests the system's capabilities against the agreement's terms.
-
Register Processing Activity With the DSB
While GDPR eliminated the general notification requirement that existed under the pre-2018 Austrian data protection law, high-risk processing activities — including employee performance monitoring — may require prior consultation with the DSB under GDPR Article 36 where the DPIA reveals a residual high risk that cannot be mitigated. The DSB operates a prior consultation process through its online portal at dsb.gv.at.
-
Communicate Transparently With All Employees
Before monitoring begins, employees must receive written notification of the monitoring in place, the legal basis, their data subject rights, and the complaint procedure. This transparency notice may be included in an updated employment contract addendum, a standalone privacy notice, or a company-wide policy communication. The employee monitoring policy template provides a starting framework that can be adapted for Austrian compliance requirements.
How Does Austrian Law Compare to Other European Works Council Jurisdictions?
Austria is one of several European countries where works councils hold significant rights over employee monitoring — but the specific legal structure varies considerably. Understanding where Austria sits in the European landscape helps multinational employers build consistent regional policies.
| Country | Works Council Role | Veto or Co-determination? | Arbitration Fallback? |
|---|---|---|---|
| Austria | Approval required for any monitoring under ArbVG §96 | True veto right | No — works council can block permanently |
| Germany | Co-determination over monitoring under BetrVG §87(1)(6) | Co-determination (blocking right) | Yes — Einigungsstelle arbitration board issues binding ruling |
| Netherlands | Consent required for processing employee personal data under monitoring systems | Co-determination / consent | Yes — Enterprise Chamber (Ondernemingskamer) arbitrates |
| France | CSE (Comité Social et Économique) must be informed and consulted | Consultation only (no veto) | Not applicable — employer may proceed after consultation |
| Sweden | Primary negotiation and consultation under MBL §11 | Negotiation / consultation | Yes — Labour Court if negotiation fails |
For employers managing works council compliance across multiple European jurisdictions, Austria represents the most protective regime among those listed. Monitoring programs designed to satisfy Austrian requirements are generally also compliant in Germany, France, and the Netherlands with minor modifications. For a broader view of European works council rights in monitoring contexts, see our guide on works council rights in European employee monitoring.
Austrian employers managing employees across the German border should pay particular attention to which national law applies to which employees. eMonitor's team at employee monitoring in works council environments provides operational guidance for managing these dual-jurisdiction requirements.
Does Austria's Right to Disconnect Affect Employee Monitoring?
Austria does not have a standalone right-to-disconnect statute equivalent to France's droit à la déconnexion, but the combination of GDPR purpose limitation, the ArbVG framework, and established labor court jurisprudence creates a functionally equivalent protection. Austrian labor courts have consistently held that monitoring must be limited to declared work hours. For a broader European context on disconnection protections and their monitoring implications, see our guide on right to disconnect laws across Europe.
Work-Hours-Only Monitoring as a Legal Requirement
Collecting employee activity data during evenings, weekends, public holidays (of which Austria has 13 national public holidays), or annual leave has no defensible legal basis under GDPR's purpose limitation principle — the employment relationship's purposes do not extend into non-working time. Any Betriebsvereinbarung on monitoring will include an explicit provision restricting monitoring to contractual work hours. Austrian employers using monitoring software that is not configured to deactivate outside work hours are in breach of both their Betriebsvereinbarung and GDPR.
Implications for Remote Work Monitoring
For Austrian employers managing remote teams — a structure that became standard for knowledge workers during 2020-2022 and has largely persisted — the work-hours-only requirement interacts with the flexibility of remote work schedules. Where employees have flexible working hour agreements (Gleitzeitvereinbarungen), monitoring must follow the employee's actual working hours rather than a fixed schedule. The Betriebsvereinbarung should address flexible work hour monitoring specifically, and monitoring software must be capable of enforcing individually configured work-hours windows.
What Monitoring Software Configuration Does Austrian Law Require?
Legal compliance ultimately translates into specific software configuration decisions. Austrian law's requirements are more demanding than most jurisdictions because the Betriebsvereinbarung creates a binding technical specification for how the software must operate — not just a policy statement about how it should be used.
Work-Hours Activation Gates
Monitoring software deployed in Austria must be configured to activate only when employees begin their declared work shift and deactivate at shift end. For employers with flexible hours, this requires per-employee schedule configuration rather than a single company-wide time window. eMonitor's per-user schedule settings allow Austrian employers to reflect individual Gleitzeitvereinbarungen in their monitoring configuration, ensuring that no employee's personal time is ever captured.
Data Granularity Controls
The Betriebsvereinbarung will typically specify the granularity at which monitoring data can be reviewed. A common structure permits management to view team-level and department-level productivity data freely but restricts individual-level data to supervisors with a documented need-to-know, and prohibits company-wide individual comparison reports. Software access controls must implement these tiers precisely. When the DSB investigates a monitoring complaint, it will test whether the access controls in the system match the terms of the Betriebsvereinbarung.
Automated Data Deletion
The retention periods specified in the Betriebsvereinbarung must be enforced automatically. Austrian works councils routinely request monitoring of the retention schedule as part of their ongoing oversight role — some agreements include annual works council access to verify that data older than the specified retention period has been deleted. Automated deletion rules configured in the monitoring software, with confirmation logs available to the works council, satisfy this requirement far more reliably than manual deletion processes.
Employee-Visible Dashboards
Providing employees with access to their own monitoring data — the same data that supervisors see — is a best practice that Austrian works councils have increasingly required in Betriebsvereinbarungen. Transparent self-monitoring dashboards reduce the power imbalance that makes monitoring contentious, give employees the ability to verify that the system is operating as agreed, and preempt data access requests by making data continuously available. The GDPR employee monitoring compliance guide explores how transparent dashboards support GDPR Article 15 access rights across European jurisdictions.
Audit Trails for Works Council Review
Austrian works councils have a right to verify that monitoring is being conducted as agreed. Monitoring software that maintains tamper-proof audit logs — recording who accessed which data, when, and for what purpose — provides the evidence base for this oversight. Logs should show that access has been limited to authorized personnel at the agreed granularity levels, that no data was accessed outside work hours, and that deletion schedules have been honored.
Frequently Asked Questions: Employee Monitoring Laws Austria
Is employee monitoring legal in Austria?
Employee monitoring is legal in Austria but requires mandatory prior approval from the works council (Betriebsrat) under ArbVG §96 before any monitoring system is deployed. Where no works council exists, employers must obtain individual employee consent. All monitoring must additionally comply with EU GDPR and the Austrian DSG 2018, which provides higher data protection standards in certain areas.
What is the works council veto right under ArbVG §96?
Section 96 of the Labour Constitution Act grants the Betriebsrat a true veto right over any monitoring system capable of controlling or evaluating employee behavior or performance. Unlike Germany's co-determination model, Austria's §96 allows the works council to simply say no. The employer cannot lawfully deploy monitoring without written works council approval, and there is no arbitration fallback to override the veto.
What happens if an Austrian employer monitors without works council approval?
Monitoring without works council approval violates both ArbVG §96 and GDPR simultaneously. The DSB may impose fines up to €20,000,000 or 4% of annual global turnover. Labor courts may order immediate cessation of monitoring and deletion of collected data. Critically, evidence gathered through unlawful monitoring is typically inadmissible in disciplinary or dismissal proceedings, neutralizing the operational value of the improperly collected data.
Does the GDPR apply to employee monitoring in Austria?
The GDPR applies as the baseline regulation for all employee monitoring in Austria. Austria supplements GDPR through the DSG 2018, which provides higher protection for sensitive data and restricts automated decision-making in employment contexts. Where Austrian law is stricter than GDPR, the Austrian standard applies. The DSB enforces both frameworks as one of Europe's most active data protection regulators.
Can Austrian employers monitor employees without a works council?
When no works council exists, Austrian employers must obtain individual employee consent for monitoring systems that would otherwise require works council agreement. This consent must be freely given under GDPR standards — a high bar in employment contexts given the inherent power imbalance. The absence of a Betriebsrat does not reduce monitoring obligations; it transfers them to a more legally fragile consent mechanism.
What types of monitoring require works council approval in Austria?
Any monitoring system that can control or evaluate individual employee behavior or performance requires works council approval. This includes productivity monitoring software, screen capture, keystroke logging, email content monitoring, GPS tracking, webcam monitoring, and AI-based performance analysis. Systems that collect only aggregate anonymized data without individual attribution may fall outside §96, but this requires careful legal analysis before assuming an exemption.
How long can Austrian employers retain monitoring data?
Monitoring data must be deleted once the processing purpose is fulfilled. Works council agreements typically specify exact retention periods, and the DSB has issued guidance recommending three to six months for routine monitoring data. Data for legal proceedings may be kept longer with documented justification. Indefinite retention of productivity data is inconsistent with GDPR and DSG data minimization principles and will not survive DSB scrutiny.
Does Austria's right to disconnect affect employee monitoring?
While Austria lacks a standalone right-to-disconnect statute, GDPR's purpose limitation principle and established labor court jurisprudence require that monitoring be limited to declared work hours. Collecting employee activity data during evenings, weekends, or public holidays has no defensible legal basis. Any Betriebsvereinbarung on monitoring will include an explicit work-hours-only restriction, and monitoring software must be configured to enforce it.
What is a Betriebsvereinbarung for employee monitoring in Austria?
A Betriebsvereinbarung is a works agreement between the employer and works council governing monitoring terms — which tools are permitted, what data is collected, who has access, retention periods, employee notification procedures, and complaint mechanisms. Under DSG §11, a compliant Betriebsvereinbarung serves as the legal basis for employee data processing under GDPR Article 88, replacing the need to establish an Article 6 basis independently.
How does Austrian monitoring law compare to Germany?
Austria's §96 provides a true veto — the works council can permanently block monitoring with no arbitration fallback. Germany's BetrVG §87(1)(6) provides co-determination rights where either party may escalate to an Einigungsstelle arbitration board that issues a binding ruling, giving employers a path forward even if the works council initially resists. Austria's employee protection in the monitoring context is therefore stronger than Germany's.
How does eMonitor support Austrian compliance requirements?
eMonitor's configuration options allow Austrian employers to implement monitoring within Betriebsvereinbarung parameters: work-hours-only activation, configurable screenshot frequency, role-based access controls, automated data retention enforcement, and employee-visible dashboards. These settings can be documented and verified against the works agreement, providing a defensible technical record for DSB review.
What is the role of Max Schrems in Austrian privacy culture?
Max Schrems is an Austrian privacy lawyer whose challenges produced the Schrems I (2015) and Schrems II (2020) CJEU rulings, which reshaped EU cross-border data transfer law. His Vienna-based organization NOYB has filed hundreds of privacy complaints including employment-related cases. Austrian employees are consequently among Europe's most privacy-aware, and Austrian employers face an unusually well-informed employee base willing to exercise GDPR rights and file DSB complaints.
Related Compliance Resources
Employee Monitoring Laws: Germany
How Germany's Betriebsrat co-determination rights compare to Austria's works council veto — key differences for multinational employers.
Read guide →GDPR Employee Monitoring Compliance
The GDPR framework that underpins Austrian and European monitoring law — lawful bases, DPIAs, and data subject rights.
Read guide →Right to Disconnect Laws: Europe Guide
How European right-to-disconnect protections affect monitoring scope and work-hours configuration requirements.
Read guide →Sources and Further Reading
- Arbeitsverfassungsgesetz (ArbVG), BGBl. Nr. 22/1974 as amended — Sections 96 and 97 on works council approval rights
- Austrian Data Protection Act (DSG 2018), BGBl. I Nr. 165/1999 as amended — Sections 11 and following on employee data processing
- EU General Data Protection Regulation (GDPR), Regulation (EU) 2016/679 — Articles 6, 35, 88 and Recital 43
- Telecommunications Act 2003 (TKG 2003), BGBl. I Nr. 70/2003 as amended
- Datenschutzbehörde (DSB) Annual Report 2023 — Complaint Statistics — dsb.gv.at
- DSB Case Reference: GPS Monitoring Without Works Council Approval (2021)
- DSB Case Reference: Email Monitoring Beyond Security Scope (2022)
- DSB Case Reference: Continuous Webcam Monitoring of Remote Workers (2023)
- Schrems v. Data Protection Commissioner (Schrems I), Case C-362/14, Court of Justice of the EU, 2015
- Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (Schrems II), Case C-311/18, Court of Justice of the EU, 2020
- NOYB — European Center for Digital Rights (noyb.eu)
- Austrian Federal Economic Chamber (WKO): Works Council Law Guidance, 2024