NAIH (Hungary) - NAIH-4447-6/2021
|NAIH (Hungary) - NAIH-4447-6/2021|
|Relevant Law:||Article 5(1)(c) GDPR|
Article 6(1) GDPR
Article 12 GDPR
Article 17(1)(d) GDPR
|National Case Number/Name:||NAIH-4447-6/2021|
|European Case Law Identifier:||n/a|
|Original Source:||NAIH website (in HU)|
The Hungarian DPA held that a data subject was entitled to have their personal data deleted from recordings and transcripts of an open hearing at a Budapest district assembly. In particular, it considered the disclosure of their name and address during those meetings to be in breach of the principle of data minimisation.
English Summary[edit | edit source]
Facts[edit | edit source]
A data subject made a request for deletion with the mayoral office of a district in Budapest under Article 17(1)(d) of the GDPR. Previously, the data subject registered to ask a question from the elected representatives during an open hearing of the district assembly, but claimed not to be aware that this would lead to the public disclosure of their name and address.
They argued that disclosing this data during an open (online) hearing of the mayoral assembly, as well as including it in the publicly available meeting recording and transcript, without his explicit consent, was unlawful. The mayoral office refused the request for deletion, arguing that the processing was necessary for the performance of a task carried out in the public interest under Article 6(1)(e) GDPR.
Holding[edit | edit source]
The Hungarian DPA held that the processing of the data subject's data for the purpose of registering his request to ask a question during the assembly was lawful under Article 6(1)(e).
However, it also held that the disclosure of the data subject's name and address during the meeting, and subsequently in its recording and transcript, was a separate and unnecessary act of processing. As such, it would have required consent under Article 6(1) and was in breach of the principle of data minimisation under Article 5(1)(c).
Finally, the DPA held that the mayoral office has not fulfilled the requirement for providing transparent information under Article 12 GDPR.
However, NAIH held that issuing a reprimand under Article 58(2) was sufficient, without the need for imposing a penalty under Article 83(2).
Comment[edit | edit source]
Share your comments here!
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Hungarian original. Please refer to the Hungarian original for more details.