Tech & Rights

How Well Protected Is Your Privacy in Hungary?

Hungary used to be a privacy protection pioneer in Europe, but that has changed. Here's the joint opinion of Access Now and HCLU on current Hungarian regulations related to the decree on data protection.

by Hungarian Civil Liberties Union

Hungary and data protection

Hungary met the privacy standards of the EU as early as in 2000, first among the countries accessing the EU in 2004. Hungary updated its privacy regulations by adopting a new act in July 2003. While these regulations Hungarian data protection still meet the requirements of the EU's Data Protection Directive of 1995, some worries concerning the independence of the data protection authority have questioned the country's commitment to privacy.

A unique opportunity to restore this commitment lies in the direct enforcement and implementation of the general data protection decree. On the basis of the draft legislation, however, it appears that Hungary is ready to make only the most essential changes. The proposal only contains the minimum standards necessary for complying with the decree. Below, we make recommendations on how to extend and strengthen the regulatory framework of the proposal.

Implementation

In order to restore the control of users over their personal data, the general data protection decree ensures unified and high-level privacy rights to users in the entire European Union. The legislation diminishes the administrative burdens of companies providing services within the European Union and specifies the obligations and responsibilities of companies. The opportunities and advantages lying in the general data protection decree can be fully exploited by users only in case of determined, unified and integrated implementation. This concerns, for example, the equal access of users to justice and certain mechanisms of legal remedy.

The general data protection decree provides a unique opportunity to establish strong and integrated implementation mechanisms. In order for the general data protection decree to establish the highest level of data protection guarantees, Hungary should integrate the following aspects in the draft implementing measure.

Independence of the data protection authority

The rules of implementation provide for the so-called mechanism of cooperation and the establishment of the European Data Protection Agency. They also extend the jurisdiction of data protection authorities, which, for instance, may impose significant penalties with a deterring effect in case of unlawful conduct.

Hungary must ensure the full independence of NADPFI (National Authority for Data Protection and Freedom of Information) for the purpose of effective enforcement and implementation. Alongside reduced opportunities of public law and the undermining of the rule of law, a critical issue is represented by the jurisdiction and independence of the data protection authority.

Any changes leading to the further diminishing of the significance of the data protection authority are unacceptable. Moreover, Hungary must guarantee the resources needed for the activities of the data protection authority. Sufficient funds should be allocated to retain the staff and ensure the operations of the authority, while also enhancing the transparency of its activities.

NGO representation and enforcement of claims

According to the Eurobarometer survey of 2015, only 37% of respondents have ever heard of the existence of data protection authorities, while the majority of these people did not know how to make use of their right to legal remedies, or where to seek help.

Allowing NGOs to represent users in bringing their case to courts would improve the exercise of rights to legal remedies. Cases represented by NGOs usually involve increased effectiveness in the investigation of individual claims and may complement procedures initiated ex officio by the data protection authority. In the draft implementing measure Hungary should provide for the possibility that NGOs bring actions independently to the authority or the courts.

Member state discretion

Unlike the legislation, the decree provides for some discretion of member states with respect to certain legal structures. It is highly important to protect the core of the data protection legislation when implementing these discretionary rules. A group of international organizations including Access Now has prepared a guide for member states that contains some specific suggestions as well.

Donate to liberties

Your contribution matters

As a watchdog organisation, Liberties reminds politicians that respect for human rights is non-negotiable. We're determined to keep championing your civil liberties, will you stand with us? Every donation, big or small, counts.

We’re grateful to all our supporters

Your contributions help us in the following ways

► Liberties remains independent
► It provides a stable income, enabling us to plan long-term
► We decide our mission, so we can focus on the causes that matter
► It makes us stronger and more impactful

Your contribution matters

As a watchdog organisation, Liberties reminds politicians that respect for human rights is non-negotiable. We're determined to keep championing your civil liberties, will you stand with us? Every donation, big or small, counts.

Subscribe to stay in

the loop

Why should I?

You will get the latest reports before anyone else!

You can follow what we are doing for your rights!

You will know about our achivements!

Show me a sample!