Magyar Telekom Nyrt – €25,000 Fine (Hungary, 2021)

The complainant received unsolicited emails from the controller Magyar Telekom Plc., a hungarian telecommunications company. After the receipt of such emails, the complainant requested the controller to delete his email address several times. The controller continued to send unsolicited messages and required the complainant to register on its webpage to unsubscribe from its newsletter. However, the complainant was unable to unsubscribe from the newsletter since the website asked for customer data, that the complainant (not a customer of the company) could not provide. The controller argued that the availability of the contact data of the complainant was an individual mistake due to an unknown third party providing their email address. It was therefore not caused by any inadequate internal policies or processes. The Hungarian DPA found that the controller had not confirmed the entitlement of the third party data provider to use the complainant's data. Moreover, it was the controllers decision to introduce unnecessary obstacles to unsubscribe from their newsletter. In this regard, the controller only deleted the email address after being informed about the DPA's investigation. The DPA hold, that the controller failed to implement measures to facilitate the exercise of data subject rights and fined them approximately €28,000 (10,000,000 HUF) for violating Articles 12(2), and 25(2) GDPR.