This year began with one of our most labour-intensive topics: The United Nations Convention against Cybercrime. Since 2022 we have been fighting in this project for human rights in the digital age – for the first time at UN level.

But there was also a lot to do in Austria. We explained why the renewed calls for a state trojan are still dangerous, called for better measures against hate on the internet and for whistleblower protection, and observed the trial against one of the country’s best-known cabaret artists, all while official secrecy could finally be abolished after years of debate. There has also been no shortage of data scandals in politics and GIS (Gebühren Info Service - the Austrian company for collecting fees for receiving public broadcasting). At the same time, we pushed ahead with our education project for digital self-defence and are delighted to contribute to increasing the digital competence in Austria with the epicenter.academy.

2023 also marks the end of one of our biggest projects: the reform of European digital identity. It has been a tough battle in which we have been able to make important gains so far. But the matter will not be completely settled until the ID system is actually finalised. We will continue to keep a critical eye and demand the safeguarding of privacy and protection against discrimination. Speaking of protection against discrimination: while we have been able to secure this extensively in the EU system, in Austria we are still urging the government to counteract the existing de facto obligation to use ID Austria. This would become illegal anyway with the upcoming EU system. While at least regarding the reform of digital identity an intermediate step forward is in sight, the next big issue is already waiting: the digital euro. If poorly designed, it harbours major risks for the privacy of users as well. We took a close look at the first draft from a fundamental rights perspective.

This year, we are also celebrating a stage victory in another matter close to our hearts: the telecoms lobby has launched an attack on the open and free internet with the support of a biased EU Commission. We brought together various industries, consumer protection organisations and civil society and built up pressure. We are now pleased that the erosion of net neutrality has been prevented – at least for this legislative period. The long fight against mandatory chat control has also paid off and the plan has failed for the time being.

Overall, we have once again campaigned for fundamental digital rights in many different discussions with political leaders in Austria, the EU institutions, and even the UN. We were invited as experts to hearings, answered a number of media enquiries, wrote numerous statements and position papers on draft legislation, held public speeches and held politicians to account in open letters. In short, we are satisfied with this successful year and highly motivated to continue in the new year. Below we give you a brief overview of the most important topics of the year.

UN Cybercrime Convention Goes Astray

Not only in the EU and Austria legal regulations are being adapted to the development of increasing IT attacks, potentially causing problems for fundamental rights. The year also began at UN level with preparations for the negotiations on the Cybercrime Convention in Vienna, a global regulation to combat cybercrime. We were present at the negotiation rounds in Vienna and New York every day to stand up for our digital rights together with the world’s largest net-political NGOs and to highlight shortcomings from a human rights perspective. The last round of negotiations is scheduled to take place in New York in early 2024. However, there is still a long way to go to reach a treaty that curbs surveillance powers and safeguards human rights. We will once again personally stand up for this at the negotiations in January.

We Present: the epicenter.academy

The biggest change to the association was our newly founded educational branch: the epicenter.academy. The successful pilot project was spun off from the association and became a separate company that offers training and provides freely licensed and openly available e-learning. We are currently even more active in schools and have a focus on working with women’s shelters and advice centres, but also offer training for SMEs and non-profit organisations. In this way, we want to bring target group-specific digital literacy to those people who currently have less access to this knowledge or whose professional secrecy protection makes this topic even more important.

City Centre Surveillance

At the beginning of the year, we demonstrated in front of Vienna’s Heldentor against the new StVO (Highway Code) amendment. It contains video surveillance of entrances to the first district of Vienna. After the Viennese government refused to join an objective debate despite widespread opposition, we published a response to the demands made by the city.

Successes & Shortcomings of the European eID

We have been analysing the EU reform on the digital identity from day one, when it was presented almost two years ago. This year, things continued to be exciting, because one thing was clear: after the worrying position of the EU member states, all hopes were pinned on the European Parliament. We urged those responsible to refrain from using dangerous technologies such as a unique, unchangeable personal identification number and instead to adhere to principles such as “privacy by design” and to ensure the protection of those who cannot or do not want to use a digital ID.

Also when the final rounds of negotiations in the trialogue began in the middle of the year, we fought loudly for our demands. Our efforts are now bearing fruit: the negotiations are almost complete and even though some problematic parts still remain, we are pleased with the achievements we made, such as the regulation of use cases, protection against discrimination, and more control and transparency for users.

Digital Euro & Right to Cash

The digital euro could also be linked to the European eID. We spoke at a hearing of the European Parliament and, in an assessment of the presented draft, showed what requirements a digital euro would have to fulfil in order to respect our fundamental rights such as privacy. Against the background of protection against discrimination, we also welcome the right to cash presented at the same time.

How to: ID Austria Without Compulsion

While the negotiations on the European eID have almost been finalised, ID Austria has been launched in Austria. Here, we are also present and keep campaigning for data protection and non-discrimination. We also published instructions on how to use the Austrian eID in the most data protection-friendly way possible.

Shortcomings in the Whistleblower Act

The protection of whistleblowers in Austria still leaves a lot to be desired. In February, together with Transparency International and the Forum Informationsfreiheit (Freedom of Information), we criticised the draft for implementing the EU Whistleblower Directive. Whistleblowing is part of freedom of expression and often the only way to bring abuses to light. We therefore called for broader protection for courageous people who expose corruption and other deficiencies. However, ours and numerous other voices from civil society and justice experts were ignored by the National Council.

Microsoft Mandatory at the TU Vienna

The Vienna University of Technology (TU) has switched its email systems for around 30,000 students from a well-functioning and independent solution to Microsoft. We called for “public money – public code”. Our tax money should not be used to support big tech companies and at the same time give them the data of our young scientists.

Police Reporting Centre – Major Weaknesses

Violent assaults by the police repeatedly cause concern. Together with 39 other organisations, we have been calling for a reporting centre for victims of suspected cases of police violence since August 2020. In March of this year, the ministerial draft for the “Ermittlungs- und Beschwerdestelle Misshandlungsvorwürfe” (Investigation and Complaints Centre for Allegations of Abuse) finally arrived. After analysing it, we found that it does not meet the necessary requirements of an effective, independent reporting office and would like to see the law revised in fundamental areas.

Platform Regulation Needs Strong Enforcement

Any law is only as good as its enforcement – and the Digital Services Act is no exception. But it must not be misused as a censorship machine. We have drawn attention to this in ZiB3 (Austrian late night news) and in open letters to the relevant EU Commissioner.

Key points of the European Digital Services Act, which is slowly getting underway this year, include more transparency and better reporting options for users in relation to illegal content. This is essential for those affected by online hate speech, for example. National contact points are also planned for this purpose, but there is still a severe lack of them in Austria. Among other things, we criticise the lack of a properly designed arbitration body in a statement on the law accompanying the DSA.

Net Neutrality – Secured for the Time Being

The debate about additional network charges also picked up speed again this year. Under the guise of alleged “fair share”, the telecoms industry tried to charge twice for the same service using threadbare arguments and was also supported by a biased EU Commission. We countered and, after a long delay, the public was finally formally involved in the process with a consultation.

The open and free internet has been a matter close to our hearts since 2013. This is why we have also coordinated the work of the European EDRi network on this topic in the current debate and supported the global fight for net neutrality in India and Brazil. At EU level, we published several statements together with a broad alliance of different industries, consumer representatives and civil society to warn of the far-reaching consequences of additional network charges. We also provided a tool for filling out the questionnaire for the fair share debate in order to make as many voices as possible heard by the EU Commission – with success, as we were able to prevent the law from being passed, at least for this legislative period.

5 Years of GDPR

On the fifth anniversary of the European General Data Protection Regulation, we took stock of its progress. Even though it suffers from some bottlenecks in the administration and is formulated very openly in places, its introduction has set important guidelines that have made it possible to establish a largely uniform standard in European data protection.

GIS Data Leak

This year, the GIS (Gebühren Info Service – the Austrian company for collecting fees for receiving public broadcasting) suffered an unparalleled data scandal. As a result of its negligent behaviour, a data record on around 9 million people was stolen and offered for sale. This affects almost all people registered in Austria. In our blog post, we call on GIS to be more transparent. We also explain how the leak could have happened and what you can do about it.

ORF Reform

A reform of the ORF Act was long overdue. Although the new amendment takes into account some of the proposals we submitted back in 2021, important points are still missing. Together with Wikimedia Austria, we therefore issued a statement in which we called for independent funding and the unlimited availability of public service content.

We Are Back on the Streets

This year, thanks to the support of ARGE-Werbung and EPA-Media, we made it onto Austria’s advertising spaces. With 3,000 posters, we were able to draw attention to net-political issues and expand our awareness and visibility to new target groups.

Data Retention – Passenger Data Edition

For more than four years, we have been working – partly together with the Gesellschaft für Freiheitsrechte (society for liberty rights) – to fight the retention of passenger data in court. After the proceedings in Austria came to a standstill for some time, they are now continuing and this year we again made it clear in a statement to the Federal Administrative Court why we consider the European PNR Directive to be invalid and expressed our concerns about the constitutionality of the Austrian PNR Act. Our ultimate aim is to obtain a ruling from the highest court.

Citizens’ Data Are Not for Free Use

Political parties and government bodies should set an example when it comes to data protection and compliance with the law. This year, the mayor of Wiener Neustadt and the Vorarlberg ÖVP made a faux pas of a special kind. They helped themselves to data records of their citizens and misused them for election campaign purposes or commercial interests. In the second case, we submitted a complaint to the data protection authority and asked it to legally assess the facts of the case.

Driving Spies

What data modern cars collect and who uses it for what purpose is often only known to the manufacturers themselves. In Europe, we have relatively high standards for protecting our privacy compared to the rest of the world, but for cars they should also be enforced much better. We have called on the public to take part in netzpolitik.org’s crowd research and submit a request for information to the car’s manufacturer.

Chat Control – Prevented for the Time Being

Confidential communication is one of the most important foundations of any democracy. The planned chat control is with good reason one of the most criticised draft EU laws of all time. We were vocal from the beginning and met with Austrian MEPs among other times last October to make it clear once again: The proposed law is not suitable to protect children online. On the contrary, it jeopardises us all by massively undermining the fundamental right to confidential communication. The broad resistance in a large civil society coalition is showing effects and the mandatory chat control has been prevented for the time being.

Freedom of Information – Finally Also in Austria

After more than ten years of debate, Austria finally managed to abolish official secrecy stemming from the imperial era and introduce a law for state transparency. We have analysed the government bill and hope that it will be implemented soon in a citizen-friendly way. Together with more than 110 European civil society organisations, we also signed a letter to the EU Commission to increase institutional transparency.

No Power to SLAPP Complaints

We followed the lawsuit filed by the head of the Bundeskriminalamt (Austrian Federal Criminal Police Office) against one of Austria’s best-known cabaret artists – Florian Scheuba – for defamation. Such SLAPP lawsuits have a deterring effect for all journalists and artists to criticise. We see this as a threat to freedom of expression and artistic freedom. We are therefore joining forces with Amnesty International Austria and the Wiener Forum für Demokratie und Menschenrechte (Vienna Forum for Democracy and Human Rights) to support the defendant and will continue to monitor the trial.

State Trojans – Deliberate Gaps in IT Security

Although state hacking has already been categorised as unconstitutional by the VfGH (Austrian Constitutional Court) on several occasions, the debate surrounding a state trojan arose again this year. We once again made it clear how such spyware operates and why it is particularly problematic when it is used by the state. The media also repeatedly approached us as experts and we organised a press conference to raise the awareness on this important issue.

Self-Determination in the Health Data Space

In an open letter, we called on those responsible to advocate for the continuation of the opt-out option in the Austrian electronic health record (ELGA) and to demand this right to self-determination at European level in the EHDS regulation. Within 24 hours, the government agreed with our opinion. Shortly afterwards, both the Council of the EU and the plenary of the European Parliament also spoke out in favour of freedom of choice.

We Say Thank You!

We look back on an intensive year with satisfaction. This important work for fundamental rights in the digital age is only possible with broad support from civil society, and for that we say: Thank you!