The main breaches of the Regulation (EU) No. 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “GDPR” or the “Regulation”) committed by the Romanian data controllers (the “Controllers”) investigated and sanctioned by the National Supervisory Authority for Personal Data Processing (the “Supervisory Authority”) in 2023 may be summarized as follows:

Former CEE Attorneys Managing Associate Madalina Ivan has recently announced the launch of her new law firm in Bucharest: Madalina Ivan Business Attorneys at Law.

Artificial intelligence (“AI”) has been present in our lives for a while now, but it became a buzzword when OpenAI introduced ChatGPT to the public. Therefore, the lawsuit against OpenAI and the datasets used by ChatGPT deserve more attention than other similar cases.

The Polish Data Protection Authority (PUODO) has recently published its new sectoral inspection plan for 2024. Every year, the authority indicates which business sectors or specific processing operations will be subject to increased regulatory scrutiny and potential enforcement for failure to comply. This year, the plan includes three points, one of which relates to public authorities processing personal data in the Schengen Information System (SIS) and Visa Information System (VIS). However, the other two points of the plan are relevant to businesses across all sectors in the private sector.

Nowadays, one can hear a lot about generative artificial intelligence ("Generative AI"), which can be used to create different types of content (e.g., text, images, software source code) in an automated way by giving simple instructions (so-called "prompts"). Companies may reasonably ask whether it is worth investing, at this point, in software using Generative AI; however, the current Hungarian legislative environment does not provide answers to this question, which could clearly provide guidance in all cases, on a general basis. For this reason, the legal implications of each investment (be it either procurement or "in-house" development) need to be examined on a case-by-case basis.

Regulation of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) entered into force on 11 January 2024, and it will become applicable in September 2025. Entrepreneurs therefore still have 19 months to prepare for the changes. What changes does the new EU regulation provide for?