CEE Legal Matters
In-depth coverage of the news and newsmakers that shape Europe's emerging markets
In a significant development for the personal data protection landscape in Albania, the Council of Ministers has adopted Decision No. 347, dated 19 June 2025, establishing a new state database titled “Electronic Registry of Data Protection Officers” (DPO Registry). This marks a major milestone in the country’s efforts to align its data governance infrastructure with international and European standards, in line with the newly reformed legal framework on personal data protection.
An FDI notification obligation arises if a foreign investor - whether from a third country (non-EU) or, in certain cases, from an EU Member State, EEA State, or Switzerland - acquires a shareholding or influence in a Hungarian company operating in a strategic sector, based on the Hungarian Government Decree 561/2022 (XII. 23.) on FDI rules.
In the coming weeks, the European Commission is expected to discuss amendments to the General Data Protection Regulation (GDPR).
The Court of Justice of the European Union (“CJEU”) has recently issued a significant judgment in the case “Lindenapotheke” (C-21/23), taking a clear stance on the processing of special categories of personal data, namely health data, in the context of online medicine sales within the pharmaceutical industry. The ruling sheds light on how the General Data Protection Regulation (“GDPR”) applies to the data that users provide when ordering pharmacy-only medicinal products online, even those not subject to prescription, and provides clear guidance on the rights and obligations of data controllers.
The contemporary European market witnesses a large number of highly operational business models that target European consumers and are, simultaneously, managed outside the European Union. There are businesses whose central administration or decision-making hubs are not established in any EU member state. Some of them neither control nor process data of their consumers within the EU. At the same time, some of these businesses are also subject to strict and enforceable international regulations in addition to the applicable EU legislation.
An increasing number of law firms have been publicly warning about the misuse of their names in phishing and cyberattacks. PRK Partners Partner Michal Matejka, Musat & Asociatii Partner Stefan Diaconescu, Gugushev & Partners Partner and Head of Data Protection Yoanna Ivanova, and DLA Piper Hungary Partner and Head of Intellectual Property and Technology Zoltan Kozma discuss the growing trend.
As AI increasingly intersects with nearly every dimension of digital security, so too does the consciousness of creating conditions to use it in a secure cyberspace. As Space Hellas Group General Counsel Konstantinos Argyropoulos puts it, “there is an acceleration in the way AI interfaces with cybersecurity,” pointing to an emerging arms race in which malicious actors and defenders alike adopt increasingly automated tactics. Argyropoulos shared his thoughts on this during the CEE Legal Matters GC Summit 2025 in Prague.
