NAIH (Hungary) - 7286-1/2023: Difference between revisions
(Created page with "{{DPAdecisionBOX |Jurisdiction=Hungary |DPA-BG-Color=background-color:#7f0037; |DPAlogo=LogoHU.jpg |DPA_Abbrevation=NAIH |DPA_With_Country=NAIH (Hungary) |Case_Number_Name=7286-1/2023 |ECLI= |Original_Source_Name_1=NAIH homepage |Original_Source_Link_1=https://gdprhub.eu/images/5/56/NAIH-7286-2023-hatarozat.pdf |Original_Source_Language_1=Hungarian |Original_Source_Language__Code_1=HU |Original_Source_Name_2= |Original_Source_Link_2= |Original_Source_Language_2= |Orig...") |
No edit summary |
||
Line 79: | Line 79: | ||
The DPA held that the controller’s argument does not relieve them of their liability as a controller as per [[Article 4 GDPR#7|Article 4(7) GDPR]]. Despite the fact that controller intended to comply with the data subject’s access request under [[Article 15 GDPR|Article 15 GDPR]], the DPA observed two things. First, the controller sent the reply on 12 May 2022 which is exceeding the one-month deadline (on 7 May 2022) under [[Article 12 GDPR#3|Article 12(3) GDPR]]. | The DPA held that the controller’s argument does not relieve them of their liability as a controller as per [[Article 4 GDPR#7|Article 4(7) GDPR]]. Despite the fact that controller intended to comply with the data subject’s access request under [[Article 15 GDPR|Article 15 GDPR]], the DPA observed two things. First, the controller sent the reply on 12 May 2022 which is exceeding the one-month deadline (on 7 May 2022) under [[Article 12 GDPR#3|Article 12(3) GDPR]]. | ||
In that regard, the DPA highlighted that the most important characteristic of a controller is that they have substantive decision-making power and responsibility for compliance with all the obligations of the processing laid down in the GDPR. | |||
Lastly, the DPA rejected an argument that the website owner qualifies as a controller in this case where the recruiter organised the process and created the conditions for the data processing. | Lastly, the DPA rejected an argument that the website owner qualifies as a controller in this case where the recruiter organised the process and created the conditions for the data processing. Additionally, the website owner declared that each undertaking which they enter into a framework agreement carries out recruitment activities independently and is, therefore, an independent data controller. Based on that, the DPA rejected a claim against the website operator. | ||
For the reasons set out above, the DPA found that the controller has infringed [[Article 15 GDPR#1|Article 15(1) GDPR]] and ordered them to comply with the data subject’s access request. | For the reasons set out above, the DPA found that the controller has infringed [[Article 15 GDPR#1|Article 15(1) GDPR]] and ordered them to comply with the data subject’s access request. |
Revision as of 11:58, 19 March 2024
NAIH - 7286-1/2023 | |
---|---|
Authority: | NAIH (Hungary) |
Jurisdiction: | Hungary |
Relevant Law: | Article 4(7) GDPR Article 15 GDPR Article 15(1) GDPR |
Type: | Complaint |
Outcome: | Partly Upheld |
Started: | 15.06.2022 |
Decided: | 02.08.2023 |
Published: | 07.03.2024 |
Fine: | n/a |
Parties: | n/a |
National Case Number/Name: | 7286-1/2023 |
European Case Law Identifier: | n/a |
Appeal: | Unknown |
Original Language(s): | Hungarian |
Original Source: | NAIH homepage (in HU) |
Initial Contributor: | im |
The DPA issued a reprimand to controller for responding to an access request after the deadline and to a misspelled e-mail address violating Article 15 GDPR.
English Summary
Facts
On 07 April 2022, the data subject received an e-mail from a recruiter, the controller, mentioning the data subject’s standout resume among job seekers’ profiles. It was unclear to the data subject how the controller obtained access to his contact information as he never disclosed it on the jobseeker’ website which is generally used by the recruiters to directly contact the candidates. Therefore, data subject asked the controller for an explanation based on Article 15 GDPR. Despite reminders, no response was received.
The data subject requested the DPA to investigate the controller’s conduct and compel them to respond. Additionally, the data subject requested to investigate the relationship between the website operator and the recruiter and whether a joint liability could be established.
The data controller declared to the DPA that he is registered on the jobseekers’ website as an independent data controller to carry out recruitment activities. Additionally, the data subject provided his consent to be contacted for recruitment purposes. The controller, therefore, had an access to his e-mail address as a subscriber to the website.
The controller attributed the lack of response to the data subject's request to an administrative error, specifically, the misspelling of their email address in the response sent on 17 May 2022. This oversight came to light subsequent to the order from the Data Protection Authority to address the allegations.
Holding
The DPA held that the controller’s argument does not relieve them of their liability as a controller as per Article 4(7) GDPR. Despite the fact that controller intended to comply with the data subject’s access request under Article 15 GDPR, the DPA observed two things. First, the controller sent the reply on 12 May 2022 which is exceeding the one-month deadline (on 7 May 2022) under Article 12(3) GDPR.
In that regard, the DPA highlighted that the most important characteristic of a controller is that they have substantive decision-making power and responsibility for compliance with all the obligations of the processing laid down in the GDPR.
Lastly, the DPA rejected an argument that the website owner qualifies as a controller in this case where the recruiter organised the process and created the conditions for the data processing. Additionally, the website owner declared that each undertaking which they enter into a framework agreement carries out recruitment activities independently and is, therefore, an independent data controller. Based on that, the DPA rejected a claim against the website operator.
For the reasons set out above, the DPA found that the controller has infringed Article 15(1) GDPR and ordered them to comply with the data subject’s access request.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Hungarian original. Please refer to the Hungarian original for more details.
Case number: NAIH-7286-1/2023. History: NAIH-5460/2022. Subject: decision partially granting the request DECISION The National Data Protection and Freedom of Information Authority (hereinafter: Authority) [...] applicant (hereinafter: Applicant) 06.15.2022 on the basis of the application submitted on regarding the non-fulfillment of the request with [...] represented by a lawyer (hereinafter: Lawyer). (hereinafter: Applicant 1) and with [...] (hereinafter: Applicant 2) (hereinafter together with: Respondents) the following decisions in the official data protection proceedings against brings: I. 1. The Authority in its decision to the Applicant's request partially correct and I.2. finds that Respondent 2 has violated it - to natural persons regarding the management of personal data protection and the free flow of such data, as well as the 95/46/EC Directive Regulation 2016/679 (EU) on its exclusion (hereinafter: GDPR or general data protection regulation) Article 15 (1), as it was submitted based on the right of access he did not fulfill his request, furthermore II. obligates Respondent 2 to within 15 days of the decision becoming final provide information to the Applicant about the fulfillment of the request submitted under Article 15 of the GDPR regarding. III. The Authority, in its decision, regarding Respondent 1, the Applicant's request rejects. The II. the fulfillment of the obligation of the Respondent 2 from taking the measure must be in writing within 15 days - the supporting evidence, i.e. written to the Applicant together with the submission of a copy of the letter and the document certifying its dispatch - to be verified by the Authority towards. In case of non-fulfilment of the obligation, the Authority orders the execution of the decision. During the official procedure, no procedural costs were incurred, so there was no provision to bear them the Authority. * * * There is no place for administrative appeal against this decision, but from the announcement within 30 days with a claim addressed to the Capital Tribunal in a public administrative case can be attacked. The statement of claim must be submitted electronically to the Authority, which is the case 1 The NAIH_KO1 form is used to initiate an administrative lawsuit: NAIH KO1 form (16.09.2019) The the form can be filled out using the general form filling program (ÁNYK program) and forwarded to the court together with its documents. The request to hold the hearing must be indicated in the statement of claim must For those who do not benefit from the full personal tax exemption, the administrative court fee HUF 30,000, the lawsuit is subject to the right to record the levy. In the proceedings before the Metropolitan Court, the legal representation is mandatory. JUSTIFICATION I. Procedure of the procedure (1) At the request of the Applicant, on the right to self-determination of information and freedom of information CXII of 2011 Act (hereinafter: Infotv.) on the basis of Section 60 (1) - a After fulfilling the applicant's obligation to make up the gap - on June 15, 2022 official data protection procedure has been initiated. (2) In its order, the Authority invited the Respondents to make a statement to clarify the facts order, with reference to the 2016 CL. Act (hereinafter: Act) to § 63, to which the Respondents' answers within the deadline they arrived at the Authority. (3) The Authority notified the Applicant and the Respondents that the evidence procedure has been completed and has drawn their attention to the fact that they may make a statement or comment. THE Applicant 2 exercised his right to inspect documents. With their right to make a statement, the Applicant and The applicants were not alive either. II. Clarification of facts II.1. Request of the Applicant (NAIH-5460-1/2022.) (4) In his application submitted to the Authority on May 21, 2022, the Applicant submitted that the received a letter from [...] e-mail address on April 7, 2022, in which […] wrote that "the browsing the profiles of job seekers, your profile stood out to me.” THE letter […], as signed by the head of the office of the Respondent 2, and also reports as part of the signature and the information that Respondent 2 is a member of Respondent 1's network. (5) Since the Applicant never gave his contact information to the letter writer ([…] and He applied for 2), and since he did not know what data sheet he was referring to, therefore the in the reply message sent to [...] that day, he asked to be informed how he got to the The applicant's address and what other data was given to him. Because he didn't get an answer the Applicant therefore wrote to Respondent 2 again on May 11, 2022, mentioning that that if he does not answer, he will file a report with the Authority. Nor to this letter from the Applicant received an answer according to what was submitted in his application of May 21, 2022. (6) The Authority called on the Applicant to fill in the gaps, to which the Applicant responded submitted his definite request regarding the procedure, received on June 14, 2022 with his statement. (7) The Applicant requested the following from the Authority in filling the gaps (NAIH-5460-3/2022.): - examine the relationship between Applicant 1 and Applicant 2, who responsible for the management of your data, whether there has been a violation due to the failure to respond and if so, determine that it was not properly performed based on your right of access submitted application, - in the event of a legal violation, oblige the data controller to respond. II.2. Statement of Applicant 1 (NAIH-5460-6/2022.)(8) Applicant 1 operates the national real estate brokerage franchise network. In [...] - a Franchise partner businesses in a franchise relationship with the applicant 1 is the trademark under, but they carry out their economic activities independently. Respondent 1 is […] as an operator with some businesses for the benefit of franchise partner customers can enter into framework contracts. For this reason, Respondent 1 is in a framework contract [...] Kft. The Authority sent 1 copy of the referenced contract to the Applicant for. (9) Based on the referenced framework agreement, to the database of jobseekers registered on the [...] website it is accessed by the franchise partner who uses this service of […]. THE […] service to the Applicant 2 indicated in the order as the franchise partner of the Applicant 1 uses. The individual franchise partners receive the online directly from […] Kft access to the database. Each franchise partner business is recruiting they perform their activities independently, thus as independent data controllers. (10) To the knowledge of Respondent 1, the franchise partners are connected to the database if they have access, they can contact the data subject. Respondent 1's assumption According to Respondent 2, by using this service, he could have come into contact with a With an applicant. (11) The Applicant's data is not managed by the Applicant 1. Respondent 1 also does not know about it to state whether Respondent 2 or the franchise partner office manager received [….]. request from the Applicant and whether he has responded to it. II.3. Statement of Respondent 2 (NAIH-5460-7/2022.) (12) The Applicant 2 uses the service provided by [….] Kft. to the partners of […] Based on the framework agreement between [...] Kft. and Applicant 1, which operates […]. (13) As a customer of the service, Respondent 2 has access to the […] website to the database in which the jobseekers - with their consent - can be contacted for recruitment purposes. The legal basis for data management is on the website concerned […] his voluntary consent to the fact that those offering him the job - in this case a Applicant 2 - can be contacted. (14) At the Applicant's stakeholder request, due to an administrative error, the substantive action was not taken answering. According to the statement of the Respondent 2, this omission is the result of the order of the Authority detected after receipt. (15) Respondent 2 using the [...] database service of the Applicant's data became its manager, to which the voluntary consent given by the Applicant on the […] website on the basis of which Respondent 2 could access it. The Respondent 2 the Applicant's name and e-mail you used your address when you made the inquiry, it does not process your other data. The referred call was issued by It was sent by the manager of the real estate office operated by Respondent 2 for recruitment purposes. (16) The Respondent sent it to the Authority in 2 copies to the Applicant - at [...] a copy of the electronic letter you sent, which you declared in paragraph (14). as explained, that after receiving the order of the Authority, he noticed that an administrative error occurred. In the letter, it can be discovered that […], under the name of the sender 12.05.2022 date is included, and the e-mail address was misspelled, as it was not […], but it was sent to […] email address. The text of the letter is as follows: "Dear […]! Our company is a subscriber to the [...] job search portal, whose database contains your e- email address as a current job seeker. If you are not currently looking for a job, please complete your profile on […] permanent deletion, which can be found in the settings menu after logging in. We only received your e-mail address, we do not store any other data about you we don't have any information. At the same time, we declare that we have deleted it from our address list! Best regards: [...]" III. Applicable legal provisions (17) The GDPR must be applied to personal data in a partially or fully automated manner processing, as well as those personal data in a non-automated manner which are part of a registration system or which they want to make it part of a registration system. Subject to the GDPR for data management by Infotv. According to Section 2 (2), the GDPR is indicated there must be applied with supplements. (18) Based on points 1, 2, 7 of Article 4 of the GDPR: 1. "personal data": for an identified or identifiable natural person ("data subject") any information relating to; the natural person who is directly you can be identified indirectly, in particular an identifier such as name, number, location data, online identifier or physical, physiological, genetic, mental, economic, based on one or more factors related to your cultural or social identity identifiable; 2. "data management": automated or not on personal data or data files any operation or set of operations performed in an automated manner, such as collection, recording, organizing, categorizing, storing, transforming or changing, querying, viewing, use, communication, transmission, distribution or otherwise by making it available, coordinating or connecting, limiting, deleting, or destruction; 7. "data controller": the natural or legal person, public authority, agency or any other body that independently manages the purposes and means of personal data or determines with others; if the purposes and means of data management are defined by the EU or determined by the law of the Member State, concerning the data controller or the designation of the data controller special aspects may also be determined by EU or member state law; (19) Based on paragraphs (1)-(6) of Article 12 of the GDPR: (1) The data controller shall take appropriate measures in order to ensure that the data subject a all those referred to in Articles 13 and 14 relating to the management of personal data information and 15-22. and each piece of information according to Article 34 is concise, transparent, in an understandable and easily accessible form, clearly and intelligibly formulated provide, especially for any information directed at children. The information must be given in writing or in another way - including, where applicable, the electronic way. The at the request of the data subject, oral information can also be provided, provided that the data subject has confirmed otherwise identity. (2) The data controller facilitates the relevant 15-22. the exercise of his rights according to art. Article 11 In the cases referred to in paragraph (2), the data controller is the data subject concerned in Articles 15-22. your rights under Art may not refuse to fulfill your request for exercise, unless you prove that that the person concerned cannot be identified. (3) The data controller without undue delay, but in any case the request within one month of its receipt, informs the person concerned of the 15-22 according to article on measures taken following a request. If necessary, taking into account the request complexity and the number of applications, this deadline can be extended by another two months. Regarding the extension of the deadline, the data controller explains the reasons for the delay indicating within one month from the receipt of the request concerned. If the person concerned submitted the request electronically, the information is possible must be provided electronically, unless the data subject requests otherwise. (20) Pursuant to Article 15 (1) of the GDPR: (1) The data subject is entitled to receive feedback from the data controller regarding whether your personal data is being processed and if such data is being processed is entitled to access to personal data and the following information get: a) the purposes of data management; b) categories of personal data concerned; c) recipients or categories of recipients with whom or with which the personal data has been disclosed or will be disclosed, including in particular third-country recipients, and international organizations; d) where appropriate, the planned period of storage of personal data, or if this is not the case possible aspects of determining this period; e) the right of the data subject to request from the data controller the personal data relating to him rectification, deletion or restriction of processing of data, and may object to such against the processing of personal data; f) the right to submit a complaint addressed to a supervisory authority; g) if the data were not collected from the data subject, everything about their source is available information; h) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22, including also profiling, and at least in these cases to the applied logic and that comprehensible information about the significance of such data management and that what are the expected consequences for the person concerned. (21) Pursuant to points b) and d) of Article 58 (2) of the GDPR, the supervisory authority acting within its competence: b) condemns the data manager or the data processor if its data management activities violated the provisions of this regulation. d) instructs the data manager or the data processor that its data management operations - given in a specified manner and within a specified period of time - harmonized by this decree with its provisions. (22) Pursuant to Article 77 (1) of the GDPR, other administrative or judicial remedies without prejudice, all data subjects are entitled to lodge a complaint with a supervisory authority - in particular your usual place of residence, place of work or the place of the alleged infringement in the Member State of origin - if, according to the judgment of the data subject, the personal data relating to him handling violates this regulation. (23) Infotv. § 60 (1) In order to assert the right to the protection of personal data a At the request of the data subject, the authority initiates official data protection proceedings ex officio may initiate a data protection official procedure. (24) Infotv. On the basis of § 71, paragraph (1) during the Authority's procedure - for its conduct to the necessary extent and for the duration - can manage all personal data, as well as the law data classified as secrets protected by and secrets bound to the exercise of a profession, which are are related to the procedure, and the management of which is the successful completion of the procedure necessary for (25) Pursuant to Section 46 (1) of the Ákr, the authority shall reject the application if a) the legally defined condition for the initiation of the procedure is missing, and this law it does not attach any other legal consequences. (26) Pursuant to § 47, subsection (1) of the Ákr, the authority terminates the procedure if a) the request should have been rejected, but the reason for that was the initiation of the procedure came to the attention of the authorities. ARC. Decision: IV.1. Personal data of the Applicant, quality of data management (27) According to Article 4, Point 1 of the General Data Protection Regulation, the contact details of the Applicant, surname, first name, e-mail address are the personal data of the Applicant, the storage of which data is in accordance with Article 4, Point 2 of the General Data Protection Regulation is considered data management. (28) The Respondents declared to the Authority that Respondent 2 is the data controller determines its purpose and means independently, therefore it is an independent data controller, since it was taken over from […] personal data of job seekers, including the management of the Applicant's personal data has independent decision-making authority. (29) Due to the above, Respondent 2, as a data controller, was obliged to respond to the Applicant's data subject request fulfill and provide information to him in connection with the data subject's request. (30) The subject of the present proceedings was only the examination of whether the Applicant is a personal person data subject's request to those written in the general data protection regulation has been properly fulfilled, i.e. the Authority's handling of the Applicant's personal data, did not examine the data management conditions of their receipt from […]. IV.2. Completing an access request and the related obligation to provide information (31) The data subject's right of access is regulated by Article 15 of the GDPR. Based on this, the data subject is entitled to receive feedback on the data management that it is personal whether your data is being processed, and if such data processing is underway, you are entitled to receive information about the purpose of data management, the personal data concerned categories, the recipients to whom your personal data was (will be) disclosed, a the duration of their storage, the source of the data, the exercise of the data subject's rights, and a On the right to appeal to the authorities. (32) On April 7, 2022, the Applicant turned to Respondent 2 with its access request. THE Respondent 2 as detailed in paragraph (14) only of the order of the Authority after receiving it, he noticed that this did not happen due to an administrative error. (33) Pursuant to Article 12 (3) of the GDPR, the Respondent 2 from the receipt of the request should have informed the Applicant about the access within one month regarding your request. Based on this, the access letter sent to Respondent 2 by the Applicant the one-month deadline for responding to your request was May 7, 2022 down, so Respondent 2 should have informed the Applicant by this deadline. THE However, Respondent 2 failed to inform the Applicant within this deadline, According to his statement sent to the authorities, the reason for this was an administrative error. His statement according to the attached e-mail copy, the Applicant's e-mail address was typed, so that was the reason why he did not receive Respondent 2's reply letter. The buckled according to a copy, on May 12, 2022, i.e. the Applicant's reminder e-mail (in which again requested access, on the other hand, he claimed that he would turn to the Authority if they did not comply the request) would have sent the response of the Respondent 2, so Article 12 (3) of the GDPR exceeding the one-month deadline according to paragraph (34) Respondent 2 claimed that due to an administrative error, he did not answer a At the request of the applicant's stakeholders. According to this, it was unintentional behavior that caused Respondent 2 not to fulfill the stakeholder request at all. According to the position of the Authority this argument does not exempt Respondent 2 from data controller responsibility, given to the fact that, pursuant to Article 4, point 7 of the GDPR, Respondent 2 is considered a data controller. THE Respondent 2 is the one who organizes and develops the data management process circumstances. The most important feature of the data controller is that it is a substantive decision-maker has authority and is responsible for all data management, the general for fulfilling the obligation stipulated in the data protection decree. Because of the above, the Authority found that Respondent 2 violated Article 15 (1) of the GDPR. (35) The European Data Protection Board on the concept of data processor and data controller according to the GDPR 07/2020 (hereinafter: Guideline) according to "Sometimes companies and public bodies appoint a separate person for data management to carry out an activity. Even though sometimes a specific natural a person is appointed to ensure compliance with data protection rules, this person will not be a data controller, but for that legal entity (or company public law body) acts on its behalf, which is the data controller in case of violation of the rules is ultimately responsible for its quality. In the same way, even if you are a specific class organizational unit is operative with regard to certain data management activities is also responsible for ensuring compliance, this does not mean that it is department or unit will be the data controller (rather than the organization as a whole).” The Guidelines In addition, his summary notes in this regard that "As a general rule, there is none restriction on the type of organization that can fulfill the role of data controller, however, in practice it is usually the organization itself, rather than those within the organization a person (such as a CEO, employee, or board member) that act as a data controller." (36) Based on all of this, the violation related to the case is also the Respondent 2, as a data controller falls under his responsibility. Article 25 of the GDPR requires that the controller is the controller implement appropriate technical and organizational measures throughout its entire process to ensure that you respond to data subject requests in a timely manner be fulfilled. ARC. 3. Request related to obliging the Respondent to fulfill 2 stakeholder requests (37) Considering that the Respondent 2 established in paragraph (34) of this decision did not comply with the Applicant's access request, therefore the Authority approved the Petitioner's request and obliged Respondent 2 to comply with it. IV.4. Request related to obliging Respondent 1 to fulfill the stakeholder request (38) Since Respondent 1 was not qualified for the data management complained about in the application decision IV.1. because of what was written in point, namely with the examined data management in this context, the Applicant 2 is qualified as a data controller, therefore the Authority is the Applicant He rejected his request for Respondent 1. IV.5. Legal consequences (39) The Authority convicts Respondent 2 on the basis of GDPR Article 58 (2) point b), because it violated Article 15 (1) of the GDPR. (40) In accordance with Article 58 (2) point d) of the GDPR, the Authority ordered that the Respondent 2 fulfill the Requester's access request. (41) The Authority exceeded Infotv. administrative deadline according to § 60/A. (1), therefore HUF 10,000, i.e. ten thousand forints, is due to the Applicant - according to his choice - to a bank account by money order or postal order Based on point b) of paragraph (1) of § 51.V. Other questions: (42) The competence of the Authority is defined by Infotv. Paragraphs (2) and (2a) of § 38 define it, and its competence is covers the entire territory of the country. (43) The decision in Art. 80-81 § and Infotv. It is based on paragraph (1) of § 61. The decision is Acr. Based on § 82, paragraph (1), it becomes final upon its publication. The Akr. § 112 and § 116 (1) and on the basis of § 114, paragraph (1) administrative against the decision there is room for legal redress through a lawsuit. * * * (44) The rules of administrative proceedings are laid down in Act I of 2017 on Administrative Procedures (the hereinafter: Kp.) is defined. The Kp. Based on § 12, paragraph (1), by decision of the Authority the administrative lawsuit against falls within the jurisdiction of the court, the lawsuit is referred to in the Kp. Section 13 (3) Based on subparagraph a) point aa), the Metropolitan Court is exclusively competent. The Kp. Pursuant to § 27, paragraph (1) point b) in a lawsuit within the jurisdiction of the court, the legal representation is mandatory. The Kp. According to paragraph (6) of § 39, the submission of the statement of claim a does not have the effect of postponing the entry into force of an administrative act. (45) The Kp. Paragraph (1) of § 29 and, in view of this, Pp. According to § 604, it is applicable of 2015 on the general rules of electronic administration and trust services CCXXII. Act (hereinafter: E-Administration Act) according to Section 9 (1) point b) of the the client's legal representative is obliged to maintain electronic contact. (46) The time and place of filing the statement of claim is determined by Kp. It is defined by § 39, paragraph (1). THE information on the possibility of a request to hold a hearing in Kp. Section 77 (1)-(2) based on paragraph The amount of the administrative lawsuit fee is determined by the 1990 Law on Fees XCIII. Act (hereinafter: Itv.) 45/A. Section (1) defines. The fee is in advance from the payment of the Itv. Paragraph (1) of § 59 and point h) of § 62 (1) exempt it party initiating the procedure. (47) If the Respondent 2 does not adequately certify the fulfillment of the prescribed obligation, a The authority considers that the obligation was not fulfilled within the deadline. The Akr. § 132 according to, if the obligee has not complied with the obligation contained in the final decision of the authority, is enforceable. The Authority's decision in Art. According to § 82, paragraph (1), with the communication becomes permanent. The Akr. Pursuant to § 133, enforcement - if you are a law government decree does not provide otherwise - it is ordered by the decision-making authority. The Akr. 134. pursuant to § the execution - if it is a law, government decree or municipal authority the decree of the local government does not provide otherwise - the state tax authority undertakes. (48) During the procedure, the Authority exceeded Infotv. One hundred and fifty days according to paragraph (1) of § 60/A administrative deadline, therefore the Ákr. Based on point b) of § 51, he pays ten thousand forints a To the applicant. dated: Budapest, according to the electronic signature Dr. Habil. Attila Péterfalvi president c. professor