CEE Legal Matters
In-depth coverage of the news and newsmakers that shape Europe's emerging markets
Based on a Hungarian case, on 14 March 2024 the Court of Justice ruled that the supervisory authority of a Member State, to ensure that the GDPR is fully enforced, may order the erasure of unlawfully processed data even if prior request by the data subject has not been submitted. Such erasure may cover data collected from the affected person and data originating from another source.
The reasoning behind the draft laws not included in the laws those provisions from the EU regulations that can be applied only by the member states of the European Union, as well as those that prescribe obligations only for the member states, is questionable.
The main breaches of the Regulation (EU) No. 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR” or the “Regulation”) committed by the Romanian data controllers (the “Controllers”) investigated and sanctioned by the National Supervisory Authority for Personal Data Processing (the “Supervisory Authority”) in 2023 may be summarized as follows:
Former CEE Attorneys Managing Associate Madalina Ivan has recently announced the launch of her new law firm in Bucharest: Madalina Ivan Business Attorneys at Law.
Artificial intelligence (“AI”) has been present in our lives for a while now, but it became a buzzword when OpenAI introduced ChatGPT to the public. Therefore, the lawsuit against OpenAI and the datasets used by ChatGPT deserve more attention than other similar cases.
The Polish Data Protection Authority (PUODO) has recently published its new sectoral inspection plan for 2024. Every year, the authority indicates which business sectors or specific processing operations will be subject to increased regulatory scrutiny and potential enforcement for failure to comply. This year, the plan includes three points, one of which relates to public authorities processing personal data in the Schengen Information System (SIS) and Visa Information System (VIS). However, the other two points of the plan are relevant to businesses across all sectors in the private sector.
Nowadays, one can hear a lot about generative artificial intelligence ("Generative AI"), which can be used to create different types of content (e.g., text, images, software source code) in an automated way by giving simple instructions (so-called "prompts"). Companies may reasonably ask whether it is worth investing, at this point, in software using Generative AI; however, the current Hungarian legislative environment does not provide answers to this question, which could clearly provide guidance in all cases, on a general basis. For this reason, the legal implications of each investment (be it either procurement or "in-house" development) need to be examined on a case-by-case basis.
