Obuda University – €4,200 Fine (Hungary, 2026)

€4,200Nemzeti Adatvédelmi és Információszabadság Hatóság5 February 2026Hungary
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Obuda University was fined for improperly collecting personal data from students applying for housing. This is significant because it highlights the need for educational institutions to follow data protection rules closely. Other universities should ensure they only collect essential information from students.

What happened

Obuda University processed excessive personal data, including unnecessary health information, from student housing applicants.

Who was affected

Students applying for housing at Obuda University were affected by the excessive data collection.

What the authority found

The Hungarian DPA determined that the university violated GDPR by collecting more data than necessary and not providing adequate privacy information.

Why this matters

This ruling stresses the importance of data minimization, encouraging educational institutions to limit data collection. Other universities should examine their data practices to prevent similar issues.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 5(1)(c) GDPR
Art. 6(1) GDPR
Art. 9(2) GDPR
View original scraped data
Art. 5(1) a) GDPR
c) GDPR
Art. 6(1) GDPR
Art. 9(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 27 May 2026
amount discrepancy
Hungary enforcementNemzeti Adatvédelmi és Információszabadság Hatóság actionsAll Obuda University actions
Full Legal Summary
Detailed

The Hungarian DPA has imposed a fine of EUR 4,200 on Obuda University. The controller operates student housing. To determine which students would receive a place, the controller processed the personal data of applicants, including health data, to determine their social circumstances, which had to be taken into account in the decision-making process according to local law. However, the controller processed the data in an excessive manner. Rather than collecting only the necessary information, the controller often collected entire supporting documents containing information not necessary for the decision. In particular, with regard to special category data, the controller collected documents containing far more sensitive information than was necessary for the purpose. Additionally, the university failed to provide adequate privacy information.

Related Enforcement Actions (0)

No other enforcement actions found for Obuda University in HU

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

5 February 2026

Authority

Nemzeti Adatvédelmi és Információszabadság Hatóság

Fine Amount

€4,200

Enforcement Tracker ID

ETid-3183

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Obuda University - Hungary (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: