The European Commission – CJEU Judgment (European Union, 2026)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice of the European Union ruled that Hungary's law restricting access to information about sexual offenders violated EU law. This decision is important because it emphasizes the need to protect individual rights while ensuring child safety. Small business owners should be aware that laws affecting data access can have broader implications for privacy and compliance.
What happened
Hungary's law limited access to information about individuals convicted of sexual offenses against children, claiming it was for the protection of minors.
Who was affected
Individuals whose information was restricted under Hungary's law, particularly those convicted of sexual offenses against children.
What the authority found
The Court held that Hungary's law was incompatible with EU law, particularly concerning the protection of personal data and individual rights.
Why this matters
This ruling highlights that laws aimed at protecting vulnerable groups must also respect individual privacy rights. Businesses should stay informed about how such legal changes could impact their operations and data handling practices.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The background In 2021 Hungary adopted "Law LXXIX of 2021 adopting stricter measures against persons convicted of paedophilia and amending certain laws for the protection of children" ("the amending law"). The law introduced a number of rules to restrict the access of minors to content portraying or promoting gender identities that do not correspond to the sex assigned at birth, sex reassignment or homosexuality. The law also introduced new rules for access to public documents, requiring public bodies to allow broad access to information about individuals convicted of sexual offences against children. The alleged purpose of the law was to protect minors. In 2021 the Commission sent a formal letter to Hungary contesting the amending law's compliance with EU law. After some unproductive back-and-forth, the Commission escalated the case to the CJEU, requesting the CJEU to declare the amending law incompatible with EU law. The European Commission filed four pleas, claiming that Hungary violated of a long list of provisions from primary and secondary EU lawThe Commission alleged the violation of Articles 1, 7, 8(2), 11 and 21 CFREU; Article 2 TEU; Article 56 TFEU; Article 3(2) of the Directive on electronic commerce; Articles 16 and 19 of the Services Directive, Article 9(1)(c)(ii) of the AVMS Directive; and Article 10 GDPR.. Only the Commission's fourth plea invokes data protection law- specifically, [https://www.europarl.europa.eu/charter/pdf/text_en.pdf Article 8(2) of the EU Charter of Fundamental Rights (CFREU)] ("Protection of personal data") and Article 10 GDPR ("Processing of personal data relating to criminal convictions and offences"). The fourth plea: Article 10 GDPR The alleged violation of the GDPR relates to the amended law's rules on access to information about individuals convicted of sexual offences against children. The law amended the "Law on the criminal record system" and made documents about sexual offences accessible to a broad audience. Under the
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (1)
Other cases involving The European Commission in EU
Details
Judgment Date
21 April 2026
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-9317About this data
Cite as: Cookie Fines. The European Commission - European Union (2026). Retrieved from cookiefines.eu
Last updated: