No.
In Hungary, Article 5 of the ePrivacy Directive was transposed by the Act on Electronic Communications and Act on E-Commerce.
Based on the above acts, the placement of cookies or the use of similar technologies on an end-device of a subscriber or user is only allowed if the subscriber or user concerned has given their consent and has been provided with clear and comprehensive information on the use of cookies and similar technologies, including information on the purpose of the data processing.
General exemptions apply with regards to essential cookies; however, these exemptions are not codified into national law. The Hungarian Data Protection Authority applies these exemptions in its enforcement practice.
The market approach is twofold.
In recent years market practice evolved significantly and most website operators use a consent management platform (“CMP”) on their website. However, there are still a lot of examples of using these CMP’s in a non-compliant way e.g. not collecting consent for marketing related and analytics cookies, or using pre-checked checkboxes for certain cookies. We are not aware of significant enforcement actions to counter these practices from the Hungarian Data Protection Authority at this time.
There are a shrinking number of webpages that rely on implied consent provided by user browser settings (such consent is obtained by further use of the site without changing default browser settings).
In line with Hungarian Data Protection Authority’s guidance on the data processing of websites, the consent of the user for the cookie placement is required for non-essential cookies.
The website operator may deploy cookies without consent in the case of essential cookies. The definition of essential cookies used by the Hungarian Data Protection Authority is in line with the practice of other European authorities; however, these have not yet been tested by a Hungarian court to our knowledge as enforcement is quite scarce.
No.
Only essential cookies can be placed without consent. The rest require consent. It is very likely that the Hungarian Data Protection Authority would qualify these cookies as nonessential.
No.
Consent must be clearly and actively given (i.e., the user must opt-in) in compliance with the GDPR. It is very likely that the Hungarian Data Protection Authority would find that a user just continuing to use the services does not constitute valid consent.
No.
The placement of cookies or the use of similar technologies on an end-device of a subscriber or user is only allowed if clear and comprehensive information on the use of cookies and similar technologies, including information on the purpose of the data processing has been provided.
Based on the Hungarian Data Protection Authority’s guidance on web shops, the notice
must indicate:
No.
Banners/ management tools are necessary to provide prior notice to the data subject about the data processing and to gather the consent from the data subject.
No.
Based on the guidance of the Hungarian Data Protection Authority on social media modules, in line with EDPB Guideline 05/2020, in order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so called cookie walls).
The National Authority for Data Protection and Freedom of Information issued its first cookie related fine, on 26 September 2022 (Case No. NAIH-3195-11/2022) in which it fined TV2 Media Group. HUF 10 million (€26,350). Following its investigation, the NAIH found that TV2 Media did not provide adequate information to data subjects regarding the handling of personal data managed on the websites, and that the consent management framework on the websites did not obtain data subjects’ consent in a transparent and clear manner. To this end, the National Authority for Data Protection and Freedom of Information concluded that the investigated personal data managed on the websites violated the principle of fair and transparent data management under Article 5(1)(a) of the GDPR and the purpose limitation principle under Articles 5(1)(b), 6(1), 12(1) and 13 of the GDPR.
None that we are aware of.
The Hungarian Competition Authority ("GVH”) recently conducted a market analysis on the data assets used by most Hungarian online marketplaces. Based on this market analysis, the GVH will contact the Hungarian Data Protection Authority to prepare a guidance on the sufficient information of consumers which will include information on the lawful use of cookies and similar technologies.
