Bulgaria is currently embroiled in a scandal involving unauthorized video surveillance footage from laser hair removal procedures. The footage has reportedly surfaced on adult websites globally. A similar case was subsequently uncovered within a gynecological practice. Beyond the ethical outrage and the trauma inflicted upon the victims, these incidents reveal a complex matrix of violations across administrative, civil, and criminal law - further complicated by the nuances of special categories of data and EU data protection legislation.

With the adoption of the Law on Healthcare in August 2025, the legal framework for the implementation of a comprehensive reform of the Montenegrin healthcare system through harmonization with modern standards and the legal acquis of the European Union was set. A further step in this direction is represented by the proposed amendments to this law, which, together with the Law on Data Management and Digital Health, are also in the proposal stage, and are part of a wider process of digital transformation of the healthcare system, while at the same time strengthening the protection of patient data and standardization of healthcare records.

RK Legal has promoted Krzysztof Podolski and Krzysztof Jedrzejczyk to Partner.

On 20 November 2025, the Albanian Data Protection Commissioner (“Commissioner”) adopted Instruction No. 07/2025 “On the Protection of Personal Data in the Written, Electronic and/or Audiovisual Media and the Exemptions for Special Processing Purposes” (“Instruction No. 7”), a regulatory act that aims to reshape the legal relationship between freedom of expression and personal data protection in Albania.

The Serbian Parliament adopted the new Law on Information Security on October 22, 2025. The adoption of the new Law on Information Security is a step forward in aligning Serbian legislation with the acquis in the field of information security. The new law provides for clearer definitions of terms, introduces new terms, increases the number of ICT systems operators, and imposes stricter obligations on ICT systems operators. ICT system Operators are left 18 months to comply with their ICT systems with the new law. 

In The Debrief, our Practice Leaders across CEE share updates on recent and upcoming legislation, consider the impact of recent court decisions, showcase landmark projects, and keep our readers apprised of the latest developments impacting their respective practice areas.