The Court of Justice of the European Union (“CJEU”) has recently issued a significant judgment in the case “Lindenapotheke” (C-21/23), taking a clear stance on the processing of special categories of personal data, namely health data, in the context of online medicine sales within the pharmaceutical industry. The ruling sheds light on how the General Data Protection Regulation (“GDPR”) applies to the data that users provide when ordering pharmacy-only medicinal products online, even those not subject to prescription, and provides clear guidance on the rights and obligations of data controllers.

The contemporary European market witnesses a large number of highly operational business models that target European consumers and are, simultaneously, managed outside the European Union. There are businesses whose central administration or decision-making hubs are not established in any EU member state. Some of them neither control nor process data of their consumers within the EU. At the same time, some of these businesses are also subject to strict and enforceable international regulations in addition to the applicable EU legislation.

An increasing number of law firms have been publicly warning about the misuse of their names in phishing and cyberattacks. PRK Partners Partner Michal Matejka, Musat & Asociatii Partner Stefan Diaconescu, Gugushev & Partners Partner and Head of Data Protection Yoanna Ivanova, and DLA Piper Hungary Partner and Head of Intellectual Property and Technology Zoltan Kozma discuss the growing trend.

As AI increasingly intersects with nearly every dimension of digital security, so too does the consciousness of creating conditions to use it in a secure cyberspace. As Space Hellas Group General Counsel Konstantinos Argyropoulos puts it, “there is an acceleration in the way AI interfaces with cybersecurity,” pointing to an emerging arms race in which malicious actors and defenders alike adopt increasingly automated tactics. Argyropoulos shared his thoughts on this during the CEE Legal Matters GC Summit 2025 in Prague.

IT Labs Group General Counsel and DPO Ana Zakovska discusses her transition from private practice to in-house roles in the ICT sector, the evolving nature of legal work, and how privacy and AI are shaping the industry.

In April 2007, Estonia made global headlines — not for a military conflict or natural disaster, but for one of the first coordinated large-scale cyberattacks against a nation-state. Sparked by the relocation of a Soviet-era war memorial in Tallinn (known as the Bronze Night), the country’s digital infrastructure was flooded with denial-of-service attacks. Government websites, banks, media outlets, and essential services were knocked offline. It was a wake-up call: digital threats could now paralyze a country just as effectively as tanks and missiles.