Magyar Állam Tulajdonosainak Társulásával (MATT) – €2,500 Fine (Hungary, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Association of Hungarian State Owners (Magyar Állam Tulajdonosainak Társulásával, MATT) is an organisation that denies the existence of Hungary and its constitutional law. The DPA began an ex-officio investigation after receiving a report from a whistleblower (the data subject). This report highlighted potential criminal and data protection concerns; according to the data subject, new members were obliged to provide their personal data when joining through several forms. These included declarations of citizenship and nationality (separate from the Hungarian citizenship), as well as a claim for co-ownership of Hungary. The controller processed personal data such as first and last names, addresses and identification numbers. These documents did not include information on how the data was processed. In its investigations, the DPA considered both the organisation and the two senior officials as controllers. However, the DPA only imposed a fine on the two individuals. For clarity, the summary will refer to the individuals as the controllers, and the organisation as MATT. The controllers objected to the DPA processing their data (including information from police reports), as it violated their rights under the GDPR. In addition, they argued that MATT is a collective name for its members and not an organisation and therefore cannot process data, as well as that EU regulations do not apply because the Hungarian State created by MATT was not an EU Member State. The DPA first dismissed the arguments of the controllers, and stated that the GDPR is applicable and the DPA was competent to investigate the case. In addition, the DPA had a valid legal basis to process data obtained from police investigations under Article 6(1)(e) GDPR, as well as Article 58(1)(e) GDPR. Finally, the DPA determined that MATT and two senior members were joint controllers; the latter had an important role in the creation and operation of MATT, including determining the purposes and means of data
GDPR Articles Cited
The Association of Hungarian State Owners (Magyar Állam Tulajdonosainak Társulásával, MATT) is an organisation that denies the existence of Hungary and its constitutional law. The DPA began an ex-officio investigation after receiving a report from a whistleblower (the data subject). This report highlighted potential criminal and data protection concerns; according to the data subject, new members were obliged to provide their personal data when joining through several forms. These included declarations of citizenship and nationality (separate from the Hungarian citizenship), as well as a claim for co-ownership of Hungary. The controller processed personal data such as first and last names, addresses and identification numbers. These documents did not include information on how the data was processed. In its investigations, the DPA considered both the organisation and the two senior officials as controllers. However, the DPA only imposed a fine on the two individuals. For clarity, the summary will refer to the individuals as the controllers, and the organisation as MATT. The controllers objected to the DPA processing their data (including information from police reports), as it violated their rights under the GDPR. In addition, they argued that MATT is a collective name for its members and not an organisation and therefore cannot process data, as well as that EU regulations do not apply because the Hungarian State created by MATT was not an EU Member State. The DPA first dismissed the arguments of the controllers, and stated that the GDPR is applicable and the DPA was competent to investigate the case. In addition, the DPA had a valid legal basis to process data obtained from police investigations under Article 6(1)(e) GDPR, as well as Article 58(1)(e) GDPR. Finally, the DPA determined that MATT and two senior members were joint controllers; the latter had an important role in the creation and operation of MATT, including determining the purposes and means of data
Related Enforcement Actions (0)
No other enforcement actions found for Magyar Állam Tulajdonosainak Társulásával (MATT) in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
2 December 2025
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€2,500
1,000,000 HUF
GDPRhub ID
gdprhub-9847About this data
Cite as: Cookie Fines. Magyar Állam Tulajdonosainak Társulásával (MATT) - Hungary (2025). Retrieved from cookiefines.eu
Last updated: