Magyar Állam Tulajdonosainak Társulásával (MATT) – €2,500 Fine (Hungary, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hungarian data protection authority fined the Association of Hungarian State Owners (MATT) for mishandling personal data. This case matters because it highlights the importance of proper data handling and transparency, especially for organizations collecting sensitive information.
What happened
MATT was fined for requiring new members to provide personal data without clear information on how it would be processed.
Who was affected
Individuals who joined MATT and provided their personal data during the membership process.
What the authority found
The authority ruled that MATT and its officials violated data protection rules by failing to provide adequate information about data processing.
Why this matters
This case serves as a warning to organizations about the need for transparency when collecting personal data. It shows that even unconventional organizations must comply with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Association of Hungarian State Owners (Magyar Állam Tulajdonosainak Társulásával, MATT) is an organisation that denies the existence of Hungary and its constitutional law. The DPA began an ex-officio investigation after receiving a report from a whistleblower (the data subject). This report highlighted potential criminal and data protection concerns; according to the data subject, new members were obliged to provide their personal data when joining through several forms. These included declarations of citizenship and nationality (separate from the Hungarian citizenship), as well as a claim for co-ownership of Hungary. The controller processed personal data such as first and last names, addresses and identification numbers. These documents did not include information on how the data was processed. In its investigations, the DPA considered both the organisation and the two senior officials as controllers. However, the DPA only imposed a fine on the two individuals. For clarity, the summary will refer to the individuals as the controllers, and the organisation as MATT. The controllers objected to the DPA processing their data (including information from police reports), as it violated their rights under the GDPR. In addition, they argued that MATT is a collective name for its members and not an organisation and therefore cannot process data, as well as that EU regulations do not apply because the Hungarian State created by MATT was not an EU Member State. The DPA first dismissed the arguments of the controllers, and stated that the GDPR is applicable and the DPA was competent to investigate the case. In addition, the DPA had a valid legal basis to process data obtained from police investigations under Article 6(1)(e) GDPR, as well as Article 58(1)(e) GDPR. Finally, the DPA determined that MATT and two senior members were joint controllers; the latter had an important role in the creation and operation of MATT, including determining the purposes and means of data
Related Enforcement Actions (0)
No other enforcement actions found for Magyar Állam Tulajdonosainak Társulásával (MATT) in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 December 2025
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€2,500
1,000,000 HUF
GDPRhub ID
gdprhub-9847About this data
Cite as: Cookie Fines. Magyar Állam Tulajdonosainak Társulásával (MATT) - Hungary (2025). Retrieved from cookiefines.eu
Last updated: