The European Commission โ CJEU Judgment (European Union, 2025)
CJEU judgment โ not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice of the European Union ruled against Hungary's law that restricted access to information about sexual offenders. The court found that the law violated EU data protection rules by allowing broad access to sensitive personal data. This ruling reinforces the importance of protecting personal data even in cases involving criminal records.
What happened
Hungary's law allowed public access to personal information about individuals convicted of sexual offences against children.
Who was affected
Individuals with criminal convictions related to sexual offences were directly affected by this law.
What the authority found
The court held that Hungary's law was incompatible with EU data protection laws, particularly regarding the processing of personal data.
Why this matters
This decision sets a precedent for how sensitive personal information should be handled under EU law. It reminds all organizations to consider data protection principles when dealing with sensitive information.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The background In 2021 Hungary adopted "Law LXXIX of 2021 adopting stricter measures against persons convicted of paedophilia and amending certain laws for the protection of children" ("the amending law"). The law introduced a number of rules to restrict the access of minors to content portraying or promoting gender identities that do not correspond to the sex assigned at birth, sex reassignment or homosexuality. The law also introduced new rules for access to public documents, requiring public bodies to allow broad access to information about individuals convicted of sexual offences against children. The alleged purpose of the law was to protect minors. In 2021 the Commission sent a formal letter to Hungary contesting the amending law's compliance with EU law. After some unproductive back-and-forth, the Commission escalated the case to the CJEU, requesting the CJEU to declare the amending law incompatible with EU law. The European Commission filed four pleas, claiming that Hungary violated of a long list of provisions from primary and secondary EU lawThe Commission alleged the violation of Articles 1, 7, 8(2), 11 and 21 CFREU; Article 2 TEU; Article 56 TFEU; Article 3(2) of the Directive on electronic commerce; Articles 16 and 19 of the Services Directive, Article 9(1)(c)(ii) of the AVMS Directive; and Article 10 GDPR.. Only the Commission's fourth plea invokes data protection law- specifically, Article 8(2) CFREU ("Protection of personal data") and Article 10 GDPR ("Processing of personal data relating to criminal convictions and offences"). The fourth plea: Article 10 GDPR The alleged violation of the GDPR relates to the amended law's rules on access to information about individuals convicted of sexual offences against children. The law amended the "Law on the criminal record system" and made documents about sexual offences accessible to a broad audience. Under the new rules, any adult who is either a relative or a guardian of a minor ("authorised person"), has t
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (1)
Other cases involving The European Commission in EU
Details
Judgment Date
1 January 2025
Authority
Court of Justice of the European Union
About this data
Cite as: Cookie Fines. The European Commission - European Union (2025). Retrieved from cookiefines.eu
Last updated: