The European Parliament published a study that examines whether distributed ledgers can be squared with European data protection law. The study consists three main parts: (i) it discusses blockchain technology and the tensions between the use of such technology and the GDPR, (ii) it explores the…

At the end of July, the European Court of Justice (ECJ) ruled in case no. C-40/17 (“Fashion ID Case”), which dealt with the interpretation of the concept of data controller and the issue of joint data processing. The basic question to be clarified was the role of the website operator and Facebook in…

A new EU directive on open data and the re-use of public sector information has been published (Directive 2019/1024). The new directive replaces Directive 2003/98/EC on the re-use of public sector information, as amended by Directive 2013/37/EU. The new directive shall be implemented by Member…

There are several legal aspects related to the use of drones, including a number of data protection issues. Although no comprehensive legislation has been enacted so far in Hungary, the Hungarian Data Protection Authority (Hungarian DPA) has, similarly to other data protection authorities,…

The EU celebrates the first anniversary of GDPR-application. GDPR changed the data protection landscape in the EU and it has strong effects outside of the European Union too. Below, you can find some crazy facts about data protection that should be considered in the future when we think further how…

Last November, 2018/1807/EU Regulation on a framework for the free flow of non-personal data in the European Union was adopted and it shall be applicable from May 29, 2019 in all Member States. The Regulation no. 2018/1807 applies to any data that is not covered by the GDPR, i.e. any data that is…

Online services became part of our everyday life. The provision of online services, in almost all cases, goes hand in hand with data processing. On the one hand, we provide our data intentionally to the service providers when we decide to use services online but in other cases, data are collected…

The possibility of imposing significant amount of fine for the violation of data protection rules drew immediate attention to the issue of data protection compliance. While the amount of administrative fine in the GDPR was only a theoretical maximum, fines imposed in specific cases could serve as…

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) was the first data protection authority in the EU that has published a fining policy detailing the principles for setting administrative fines in specific cases. The impact of the fining policy issued by the Dutch Data Protection…

One of the biggest challenges in meeting data protection requirements is to translate the general principles and rules into concrete actions and daily routines. How much and what data is needed to achieve a particular purpose? How can we obtain the necessary consent? How can we provide proper…