Blikk Kft. – €62,500 Fine (Hungary, 2026)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Blikk Kft., a news website, published articles with personal details about a person without their permission. The company failed to respond to the person's request to remove their information. This case highlights the importance of respecting individuals' privacy and responding to their requests.
What happened
Blikk Kft. published articles containing a person's name, image, and sensitive information without their consent.
Who was affected
The person whose personal data was published in the articles without consent.
What the authority found
The authority found that Blikk Kft. violated GDPR rules by not having a valid legal basis for processing the person's personal data.
Why this matters
This case serves as a reminder for companies to handle personal information carefully and respond to requests for data removal. It emphasizes the need for transparency and respect for privacy in journalism.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Blikk Kft. (the controller) is a company that operates a news website. In 2024, a data subject filed a complaint with the DPA. According to the data subject, the controller published two articles that contained a significant amount of their personal data without their consent. The articles included a blurred picture of the data subject, as well as their name (former and current, but initials for their last name), former place of employment, information related to the data subject’s gender reaffirming surgery, and information related to court proceedings they were involved in. Before filing the complaint to the DPA, the data subject also requested the controller to remove their picture and full name from the articles. However, the data subject did not receive a response. The controller argued that publishing the article was a matter of public interest in connection to investigative journalism. The controller claimed that the data in the article did not allow third parties to identify the data subject, and therefore it was not processing personal data when publishing the articles. The controller also claimed to have deleted the articles at the request of the DPA. Finally, the controller stated that the lack of response to the data subject’s request for erasure was due to an administrative error. The DPA investigated the lawfulness of the processing from the data subject’s complaint, and did an ex-officio investigation on the data subject’s erasure request. The DPA first clarified that the controller processed personal data. The DPA stated that the definition of personal data is broad, and that the combined information made the data subject easily identifiable to third parties. The DPA also clarified that while a person’s gender alone is not sensitive personal data, data relating to the data subject’s gender identity and medical procedures fall in the scope of sensitive personal data under Article 9 GDPR. Finally, the DPA stated that the use of initials could not be
Related Enforcement Actions (0)
No other enforcement actions found for Blikk Kft. in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
29 May 2026
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€62,500
25,000,000 HUF
GDPRhub ID
gdprhub-10046About this data
Cite as: Cookie Fines. Blikk Kft. - Hungary (2026). Retrieved from cookiefines.eu
Last updated: