In what is being reported as one of the largest fines assessed to-date, the Hungarian data protection authority recently fined Weltimmo SRO approximately $44,000 for allegedly failing to delete consumer information and for improperly transferring consumer data to third parties. Weltimmo is based in Slovakia, but operates real estate services for the Hungarian market. The fines were assessed based on alleged violations of Hungary’s new Law on Autonomy Over Information and the Freedom of Information, which went into effect in the beginning of this year. Some have thus questioned whether the fines can be enforced, and if the Hungarian authority has jurisdiction over activities that happen outside of its borders. Others have questioned whether the Hungarian data protection authority has the ability to bring this action at all, as it is a new body that the European Commission believes is not sufficiently independent. While some steps have been taken to make the authority more independent, it is not clear if these steps will be viewed as enough. The authority is reported to be defending its actions, noting that there are many other similar cases it is currently investigating. This appears not to be the first time that Weltimmo has had problems with the data protection authorities in Hungary. Over 40 complaints have reportedly been lodged arguing that the company locks people into service contracts with extremely high fees after free “trial” periods end.
TIP: Those that have operations in jurisdictions throughout Europe should keep in mind that each country has its own specific data protection laws. While the fines in this case may not, ultimately, be upheld, it is nevertheless a reminder to keep country-specific laws in mind when collecting and using personally identifiable information, and to assess when and if you will be subject to national laws.
Liisa M. Thomas