Abstract
This chapter outlines the experiences of attempting to exercise one’s right of access in Hungary. Using rich, ethnographic examples, this chapter tests how easy or difficult it is for a data subject based in Hungary to obtain their personal data, firstly by locating the required information about organisations and their data controllers and secondly by submitting subject access requests to these organisations. The chapter reflects on the differences (if any) between public and private sector organisations in the process of responding to access requests as well as the role of the national Data Protection Authority in Hungary.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Section 5 a) of Data Protection Act.
- 2.
Section 5 b) of Data Protection Act.
- 3.
Cf. Decision No. 15/1991 (IV. 13.) AB. Art. I (3) of the Fundamental Law stipulates: “A fundamental right may be restricted to allow the exercise of another fundamental right or to defend any constitutional value to the extent absolutely necessary, in proportion to the desired goal and in respect of the essential content of such fundamental right”.
- 4.
Decision No. 15/1991 (IV. 13.) AB.
- 5.
Decision No. 15/1991 (IV. 13.) AB.
- 6.
Section 14 of Data Protection Act.
- 7.
Section 21 of Data Protection Act.
- 8.
Section 65 (4) of Data Protection Act.
- 9.
Act No. LXVI of 1992 on the Register of Personal Data and Addresses of Citizens.
- 10.
Act No. XX of 1996 on the Identification Codes and Methods Superseding the Personal Identification Number.
- 11.
Act No. XLVII of 1997 on the Handling and Protection of Medical and Related Data.
- 12.
Act No. CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing.
- 13.
Section 91/B of the Act No. XXXIV of 1994 on the Police.
- 14.
Section 24 of the Act. No. CLIV of 1997 on Health.
- 15.
Sections 29-32 of the Act No. CXXXIII. of 2005 on Security Services and Private Investigators.
- 16.
Sections 154-156 of the Act No. C of 2003 on Electronic Communications.
- 17.
Section 15 (1) of Data Protection Act of 2011.
- 18.
Section 15 (2) of Data Protection Act.
- 19.
Section 14 (4) of Data Protection Act.
- 20.
Section 14 (5) of Data Protection Act.
- 21.
Section 17 (1) of Data Protection Act.
- 22.
Section 17 (4) of Data Protection Act.
- 23.
Section 17 (2) of Data Protection Act.
- 24.
Section 18 (1) of Data Protection Act.
- 25.
Section 18 (2) of Data Protection Act.
- 26.
Section 22 (1) of Data Protection Act.
- 27.
Section 18 (2) of Data Protection Act.
- 28.
Section 22 (2) of Data Protection Act.
- 29.
Section 22 (4) of Data Protection Act.
- 30.
Section 23 of Data Protection Act.
- 31.
Decisions No. 24/1998 (VI. 9.) AB and No. 44/2004 (XI. 23.) AB.
- 32.
Decision No. 44/2004. (XI. 23.) AB. The English summary of the decision is available here: http://www.codices.coe.int/NXT/gateway.dll/CODICES/precis/eng/eur/hun/hun-2004-3-008?fn=document-frameset.htm$f=templates$3.0 (last accessed 17 September 2014).
- 33.
Section 65 (4) of Data Protection Act.
- 34.
Section 65 (1) of Data Protection Act.
- 35.
Section 66 (1) of Data Protection Act.
- 36.
Section 65 (4) of the Act. No. CXII of 2011 on the Right to Informational Self-determination and on the Freedom of Expression as published in the Official Gazette 88 (2011) on 26.07.2011 stipulated: „The Data Protection Register is open to the general public, it shall be made accessible to anyone on the webpage of the NDPA.”
- 37.
Section 411 (6) of the Act No CCI of 2011.
- 38.
In Hungary court decisions are themselves non-transparent, with judgments remaining virtually inaccessible. The most important available authentic source of court rulings is the Compendium of Court Decisions – an online database operated by the National Judicial Office. This database contains a significant amount and range of anonymized judgments that have reached the courts of appeal and/or the Curia (Supreme Court) and were released after January 2007. The database is available at http://www.birosag.hu/ugyfelkapcsolati-portal/anonim-hatarozatok-tara. For more details see Section 163–166 of the Act No. CLXI of 2011 on the Organisation and Administration of Courts. Available in English at: http://www.venice.coe.int/webforms/documents/?pdf=CDL-REF(2012)007-e (last accessed 17 September 2014) Summaries of potentially relevant court rulings can be found in the Annual Report of the Hungarian NDPA too, since the authority regularly publish a brief summary of the court cases adjudicating the lawfulness of the NDPA.
- 39.
Metropolitan Court 26.K.32.704/2012/5.
- 40.
Annual report of 2002 by the Parliamentary Commissioner for Data Protection and Freedom of Information.
- 41.
Section 157 (1) of Act C of 2003 on Electronic Communications.
- 42.
1470/A/2006. Published on 25 October 2006. Available in Hungarian at http://abi.atlatszo.hu/index201.php?menu=allasfogl2006&dok=1470_A_2006 (last accessed 17 September 2014).
- 43.
1470/A/2006. Published on 25 October 2006. Available in Hungarian at http://abi.atlatszo.hu/index201.php?menu=allasfogl2006&dok=1470_A_2006 (last accessed 17 September 2014).
- 44.
Section 24 (3) of Act No. CLIV of 1997 on Health.
- 45.
Fovarosi Torvenyszek P.25905/2010/26. It should also be noted that, according to the decision of the court, the period of limitation for claims had already expired at the time of starting the court procedure.
- 46.
ABI-2136-3/2010/K. Published on 16 May 2011. Available in Hungarian at http://abi.atlatszo.hu/index.php?menu=aktualis/allasfoglalasok/2011&dok=ABI-2136-3_2010_K (last accessed 17 September 2014).
- 47.
Resolution No. 2643/2012 (11.28.) of the Metropolitan Assembly.
- 48.
It can be ascertained that the reporting function of Google Street View is operating satisfactorily. To test the reporting system of Google we submitted a report on 25 July 2013 at 10:17 a.m., complaining that a license plate in the 11th district of Budapest (Hungary) had not been blurred. Our complaint was answered by Google on the same day at 10:23 a.m. In its response Google informed us that it had already taken the necessary measures to handle our privacy concern, and indeed, it had.
- 49.
Section 19 (4) of Data Protection Act.
- 50.
Section 65 (2) of Data Protection Act.
- 51.
Section 48 (1) of Act No. CXXV of 1995 on the National Security Services.
- 52.
Section 27 (1) of Act No. CXXXVI of 2007 on the Prevention and Combating of Money Laundering and Terrorist Financing.
- 53.
Section 16 (3) of Data Protection Act.
- 54.
See the series “Annual Report of the Parliamentary Commissioner for Data Protection and Freedom of Information” published in printed format; the annual reports were also accessible on the Commissioner’s website. After the closure of the office and its website, an activist organization fighting for public transparency, “Atlatszo.hu” managed to make the whole website of the Commissioner available on its own website, and later the new government authority also made the content of the Commissioner’s website available online again.
- 55.
Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators.
- 56.
Act CXXXIII of 2003 on Condominiums.
- 57.
Section 1 (1) of Security Services Act.
- 58.
Section 30 (2) of Security Services Act.
- 59.
Section 30 (2) of Security Services Act.
- 60.
Section 31 (2)-(4) of Security Services Act.
- 61.
These documents were previously available online via an archive of publications by the Parliamentary Commissioner for Data Protection and Freedom of Information.
- 62.
As above.
- 63.
Commission v Hungary, Case C-288/12.
- 64.
Court of Justice of the European Union (15 October 2013) EDPS pleading Commission v. Hungary, (C-288/12) available at: https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Court/2013/13-10-15_Pleading_EC-Hungary_EN.pdf, and European Commission, Opinion of the Advocate-General, C-288/12, Commission v. Hungary (last accessed 7 May 2014). See http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62012CC0288:EN:NOT.
- 65.
Judgment of the Court (Grand Chamber) in Case 288/2012, 8 April 2014. Available in English at http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30db5c525c037f084360b639f83f01c7e5b8.e34KaxiLc3qMb40Rch0SaxuNb3b0?text=&docid=150641&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=405374 (last accessed 17 September 2014).
- 66.
Following a roundtable discussion organized at the annual Computers, Privacy and Data Protection (CPDP) conference in Brussels in 2015, where researchers presented the empirical results of the international study in subject access rights upon which this edited collection is based to six national DPAs, the Hungarian DPA sent a written comment to the organizers. In his comments, the DPA criticized the observation in the Hungarian findings, according to which the independence of the Hungarian DPA is “questionable”. Paradoxically, the DPA referred to the same decision of the ECJ which ruled that Hungary had failed to fulfil its obligations under EU law by prematurely bringing to an end the term served by the former supervisory authority, and which also established that the new authority “in essence, is entrusted with identical tasks” in comparison with the former institution (point 61 of the decision). Although this quotation and the other references enlisted in the DPA’s comment (general references to the observations of the Venice Committee, the Schengen Evaluation Committee and the Commissioner for Human Rights of the Council of Europe), including the wording of the national data protection law, are correct, they fail to give a full picture of the position and margins of the new authority. A supervisory authority, which lost its parliamentary status and became embedded in the government, in particular in a country where the weakening of democratic checks and balances triggered repeated criticism and actions at various European institutions, cannot be regarded completely independent in terms of its relative independence from those organizations it supervises, according to the provisions of the data protection directive and the reasoning of the ECJ decision mentioned above.
Recent empirical studies supported this assumption: an investigation of the DPA’s financial penalty policy in the period 2012–2014, conducted on the basis of the information published on the authority’s homepage, revealed that the authority’s official procedures ending with a decision concerned private data controllers much more often than data controllers associated with public authorities. Also, the DPA imposed significantly heavier penalties on private data controllers than on public authorities, in terms of individual fines, the sum total of the fines and the average figure alike (Szabo 2014); (Szabo and Hidvegi 2014). For more about the issue of independence of the Hungarian DPA see Szekely (2016).
- 67.
Among these litigation cases, HCLU were involved in one concerning the public accessibility of CCTV cameras operated by the police in Budapest. This ended with success in 2007 when after two and a half years of litigations, the Supreme Court ordered the Budapest Police Headquarters to issue data on the CCTV systems operated by the police in Budapest. Locations, and all information regarding the operational, financial, technical, legal and personnel aspects, as well as informing of the public and monitoring of the data are now considered data of public interest and freely accessible on the internet.
- 68.
Hungarian National Authority for Data Protection and Freedom of Information (NAIH), the authority replacing the highly successful institution of the Parliamentary Commissioner for Data Protection and Freedom of Information in 2012, terminating the mandate of the Commissioner in office prematurely.
- 69.
We filed a freedom of information request to the NAIH to learn when the registry would be again accessible through the internet. In his response the deputy head of the authority informed us that the registry, according to the provisions of the data protection act, is public, however “at present the registry cannot be accessed through the website of the authority” (NAIH-1419-2/2013/H).
- 70.
Section 52 (1) of Data Protection Act.
- 71.
Against the law.
- 72.
Art. 12 of 95/46/EC Directive.
- 73.
Section 15 (1) of Data Protection Act.
References
Legislation and Case Law
ABI-2136-3/2010/K.
ABI-1470/A/2006.
Act No. CXII of 2011 on the right to informational self-determination and on the freedom of information.
Act No. CLXI of 2011 on the Organisation and Administration of Courts.
Act No. CXXXVI of 2007 on the Prevention and Combating of Money Laundering and Terrorist Financing.
Act CXXXIII of 2005 on Security Services and the Activities of Private Investigators.
Act CXXXIII of 2003 on Condominiums.
Act No. XLVII of 1997 on the Handling and Protection of Medical and Related Data.
Act No. XX of 1996 on the Identification Codes and Methods Superseding the Personal Identification Number.
Act No. CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing.
Act No. CXXV of 1995 on the National Security Services.
Act No. LXVI of 1992 on the Register of Personal Data and Addresses of Citizens.
Commission v Hungary, Case C-288/12.
Decision No. 15/1991 (IV. 13.) AB.
Decision No. 24/1998 (VI. 9.) AB.
Decision No. 44/2004 (XI. 23.) AB.
Fovarosi Torvenyszek P.25905/2010/26.
Metropolitan Court 26.K.32.704/2012/5.
Resolution No. 2643/2012 (11.28.) of the Metropolitan Assembly.
Articles and Reports
‘Ajánlás a munkahelyen alkalmazott elektronikus megfigyelorendszer alapveto követelményeirol’, http://naih.hu/files/Ajanlas-a-munkahelyi-kameras-megfigyelesr-l.pdf (accessed 17 September 2014
Atlatszo.eu (2014a) ‘Adatvédelmi Biztos’, http://abi.atlatszo.hu/index.php?menu=beszamolok/(access 17 September 2014)
Atlatszo.eu (2014b) ‘About Us’, http://atlatszo.hu/about-us/(accessed 17 September 2014)
Dajko, P. (2012) ‘Camera Surveillance in Hungary’, IT Cafe, 29 January 2012, available at http://itcafe.hu/cikk/adatvedelmi_nap_2010_kameras_megfigyeles/kameraellenes_vagy_kameraparti.html [in Hungarian].
EDPS (2010) ‘The EDPS video-surveillance guidelines’, https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Supervision/Guidelines/10-03-17_Video-surveillance_Guidelines_EN.pdf (accessed 17 September 2014).
European Commission (2012) ‘Press Release - European Commission launches accelerated infringement proceedings against Hungary over the independence of its central bank and data protection authorities as well as over measures affecting the judiciary’, http://europa.eu/rapid/press-release_IP-12-24_en.htm?locale=en (accessed 7 October 2014).
Halmai, G. and Scheppele, K. L. (eds.) (2012) ‘Opinion on Hungary’s New Constitutional Order: Amicus Brief for the Venice Commissions on the Transitional Provisions of the Fundamental Law and the Key Cardinal Laws’, available at https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxhbWljdXNicmllZmh1bmdhcnl8Z3g6NWU4NWIwYjUwOTI0MzQzNw
Hungarian Civil Liberties Union (2014) ‘About Us’, http://tasz.hu/en/about-us (accessed 17 September 2014).
Javorniczky, I. and Majtenyi, L. (eds.) (1999), Stories from Tukory Street [in Hungarian], Information and Documentation Center for Human Rights, Budapest.
Laszlo, G. (2005) ‘Magyarorszagi weboldalak adatvedelmi nyilatkozatainak elemzese [Analysis of privacy notices of websites in Hungary]’, in Szekely, I. and Szabo, M. D. (eds.), Szabad adatok, vedett adatok [Open data, protected data], Department of Information and Knowledge Management, Budapest University of Technology and Economics.
Ministry of Justice (2014) ‘Az Igazságügyi Minisztérium közleménye’ http://os.mti.hu/hirek/98715/az_igazsagugyi_miniszterium_kozlemenye (accessed 17 September 2014).
NDPA (2012a) ‘Annual report of 2012’ available in Hungarian at http://naih.hu/files/NAIH_BESZaMOLo_2012_net3.pdf (accessed 17 September 2014).
NDPA (2012b) ‘Ügyszám: NAIH-4384-2/2012/V’, http://www.naih.hu/files/4384_V_2012-2.pdf (accessed 17 September 2014).
NDPA (2012c) ‘Ügyiratszám: NAIH-1318-5/2012/V’, http://www.naih.hu/files/1318_V_2012-5.pdf (accessed 17 September 2014).
NDPA (2013a) ‘Állásfoglalás a Google Street View szolgáltatás. Magyarországon történo bevezetésével kapcsolatban’, http://www.naih.hu/files/Adatvedelem-NAIH-5711-162012B-Google-SV.pdf (accessed 17 September 2014).
NDPA (2013b) ‘A Nemzeti Adatvédelmi és Információszabadság Hatóság ajánlása a munkahelyen alkalmazott elektronikus megfigyelő rendszer alapvető követelményeiről’ http://naih.hu/files/Ajanlas-a-munkahelyi-kameras-megfigyelesr-l.pdf
Szabo, M. D. (2014) ‘Szelektiv szigor az informacios szabadsagjogok ervenyesulesenek ellenorzeseben’ [Selective rigour in supervising the enforcement of information rights], MTA Law Working Papers 2014/32, Hungarian Academy of Sciences.
Szabo, M. D. and Hidvegi, F. (2014) ‘Ket itelet es vegrehajtasuk’ [Two judgments and their enforcement], Fundamentum No. 4, 2014, pp. 69–82.
Szabo, M. D. and Szekely, I. (2005) ‘Privacy and data protection at the workplace in Hungary’, in S. Nouwt and B. R. de Vries (eds), Reasonable Expectations of Privacy? Eleven Country Reports on Camera Surveillance and Workplace Privacy, IT & Law Series, T. M. C. Asser Press, The Hague, pp. 249–284.
Szekely, I. (2007) ‘Central and Eastern Europe: Starting from Scratch’ in A. Florini (ed.), The Right to Know. Transparency for an Open World, Columbia University Press, pp. 116–142.
Szekely, I. (2008) ‘Hungary’, in J. Rule and G. Greenleaf (eds.): Global Privacy Protection: The First Generation. Edward Elgar Publishing Ltd., pp. 174–206.
Szekely, I. (2016) ‘From a model pupil to a problematic grown-up: Enforcing privacy and data protection in Hungary’ in David Wright and Paul de Hert (eds.), Enforcing Privacy: Regulatory, Legal and Technological Approaches, Springer International Publishing, pp. 79–104.
Szigeti, T. and Vissy, B. (2012) ‘Ombudsman’, in Corruption Risks in Hungary 2011 – National Integrity Study, Budapest, Transparency International, pp. 146–157.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Szekely, I., Vissy, B. (2017). Exercising Access Rights in Hungary. In: Norris, C., de Hert, P., L'Hoiry, X., Galetta, A. (eds) The Unaccountable State of Surveillance. Law, Governance and Technology Series(), vol 34. Springer, Cham. https://doi.org/10.1007/978-3-319-47573-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-47573-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47571-4
Online ISBN: 978-3-319-47573-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)