The Court of Justice of the European Union (“CJEU”) has recently issued a significant judgment in the case “Lindenapotheke” (C-21/23), taking a clear stance on the processing of special categories of personal data, namely health data, in the context of online medicine sales within the pharmaceutical industry. The ruling sheds light on how the General Data Protection Regulation (“GDPR”) applies to the data that users provide when ordering pharmacy-only medicinal products online, even those not subject to prescription, and provides clear guidance on the rights and obligations of data controllers.
The Debrief: June 2025
In The Debrief, our Practice Leaders across CEE share updates on recent and upcoming legislation, consider the impact of recent court decisions, showcase landmark projects, and keep our readers apprised of the latest developments impacting their respective practice areas.
Bulgaria: An Attractive Destination for Technology-Driven Businesses and Investors
Bulgaria’s Technology, Media, and Telecommunications (TMT) sector is continuing its steady and dynamic growth, reflecting the country’s ongoing digital transformation and its increasing role as a regional technology hub.
“Don’t Trust That Email” – An Increasingly Recurring Note from Law Firms
An increasing number of law firms have been publicly warning about the misuse of their names in phishing and cyberattacks. PRK Partners Partner Michal Matejka, Musat & Asociatii Partner Stefan Diaconescu, Gugushev & Partners Partner and Head of Data Protection Yoanna Ivanova, and DLA Piper Hungary Partner and Head of Intellectual Property and Technology Zoltan Kozma discuss the growing trend.
Cybersecurity in the AI Age
As AI increasingly intersects with nearly every dimension of digital security, so too does the consciousness of creating conditions to use it in a secure cyberspace. As Space Hellas Group General Counsel Konstantinos Argyropoulos puts it, “there is an acceleration in the way AI interfaces with cybersecurity,” pointing to an emerging arms race in which malicious actors and defenders alike adopt increasingly automated tactics. Argyropoulos shared his thoughts on this during the CEE Legal Matters GC Summit 2025 in Prague.
Inside Insight: Interview with Ana Zakovska of IT Labs
IT Labs Group General Counsel and DPO Ana Zakovska discusses her transition from private practice to in-house roles in the ICT sector, the evolving nature of legal work, and how privacy and AI are shaping the industry.
EBA No Action Letter
After the European Commission’s letter in December 2024, which identified the risks of regulatory arbitrage stemming from diverging interpretations, risks that we also encounter in practice, the European Banking Authority (“EBA”), in its outlook, called for no immediate action regarding the PSD2’s applicability to services related to electronic money tokens (“EMTs”). On 10 June 2025, the long-awaited Opinion of the EBA (the “EBA No Action Letter”) on the interplay between Directive 2015/2366 (“PSD2”) and Regulation 2023/1114 (“MiCA”) in relation to crypto-asset service providers (“CASPs”) that transact in EMTs was finally published.