Blog » THE HUNGARIAN BASKETBALL ASSOCIATION DUNKED A DATA PROTECTION FINE - HOW TO AVOID THE SAME?
THE HUNGARIAN BASKETBALL ASSOCIATION DUNKED A DATA PROTECTION FINE - HOW TO AVOID THE SAME?
10 September 2018
I hope that the Hungarian Basketball Association is better at the game than at data protection. Indeed, based on the fresh decision of the Hungarian Data Protection Authority they have serious problems with the latter and their data protection faults have been “awarded” with a fine. Let’s see the mistakes of the Association your company should avoid.
Worried parents lodged a complaint against the Basketball Association at the Hungarian Data Protection Authority. The parents were rather unhappy that the Association stored the names, photos, addresses and a bunch of other personal data of their children in a database which was publicly available on the Internet.
The Data Protection Authority started an investigation and came to the conclusion that the database which contains the data of ca. 65.000 players, 31.000 of them minors, is really problematic from data protection point of view. Which were the biggest issues?
The publicity of the database
The Data Protection Authority raised the question what is the purpose with publishing the whole database with the excessive amount of data on the Internet where practically everyone has access to it?
In the Association’s view this was necessary to make it possible to check the players’ game licences and prevent that somebody comes onto court without licence.
Certainly, the Authority could not identify with this explanation. Indeed, the Association’s goal could have been reached by operating an “internal” database with limited access rights provided for example to the judges and coaches. The public database is not only unnecessary but also risky for the security of the players.
It is only the top on the cake that for the identification of the players it would not be necessary to process their addresses or their heights, thus the collection of these data is needless.
Lack of consent
A question of priority was that on what legal basis the Basketball Association processes the published data. The Association claimed that the players have consented to the processing by signing a so-called subjection declaration which was the condition of issuing their game licence.
The Data Protection Authority thoroughly examined the issue and established that during a part of the period considered the Association failed to have signed the subjection declaration by the players so in their case the consent is out of question.
Nevertheless, the consent given in the subjection declaration was also insufficient according to the Authority. Since the Association made the signing of the declaration as the condition of the game licence, the consent cannot be considered as freely given thus it is invalid.
Data storage without purpose
A further problem was that the Association stored the collected data until the player requested the erasure. Therefore, the personal data of those players who have not requested the erasure was also available after they ended their career.
The Authority pointed out that the possibility to check the game licence is obviously not necessary in case of those players who stopped playing officially. In their case the Association stores the data without justified reasons which infringes the principal of purpose limitation.
Lack of prior notification
If the above was not enough, the Association succeeded to make the issue more serious since he has not or has not sufficiently informed the players about the circumstances of the data processing. This is also related to the validity of the consent to the data processing, since without prior notification the consent will not be considered as valid.
According to the Association, until the procedure before the Authority they informed the players in the subjection declaration. However, the notification was not full and contained misleading information. For example, the declaration contains that the Association does not transfer to any third person the collected data and also that he publishes the data on the webpage operated by him. No further data protection knowledge is necessary to recognize the contradiction.
What can you learn from the above?
Always think over what is your goal with the data processing, and do not collect or erase the data which is not necessary for your purposes.
As mentioned several times, only use consent as the basis of data processing if you provide real choice to the data subject to give consent or not to, thus the consent can really be freely given,
DOES THE LACK OF HANDOVER MAKE THE DISMISSAL UNLAWFUL IN HUNGARY?
Whether the lack of handover makes the dismissal unlawful based on the recent judgment of the Hungarian Supreme Court? What happens in case the employee fails to take over the dismissal? We address these issues in our article by analysing a recent judgment of Hungarian Supreme Court.Read more »
UNPAID CAPITAL CONTRIBUTION IN A HUNGARIAN LLC? HOW TO SOLVE THIS PROBLEM?
The „start-up capital” of the limited liability company is the initial capital which is the totality of the capital contributions provided by the shareholders. Since the shareholders may declare that the capital contribution shall only be provided after the establishment of the company in a later date, the painful situation might occur that the shareholder does not provide or only partly provides the capital contribution. Given that this may create unwanted consequences, the settlement of the capital-related problem is the common interest of the shareholders. In this article we summarize the possible methods to solve this issue.Read more »
COVID-19 BRIEFING – RESTRICTIONS ON NON-EUROPEAN FOREIGN INVESTMENTS IN HUNGARY
After the bill, passed in 2018 on restrictions of foreign investments, Hungary further limits the domestic investments of the foreigners because of the COVID-19. The new decree extends the scope of the investments to be notified and introduces fines, too. We explain the most important provisions of the decree in this article.Read more »