Hungary: A Case Study on Improving Access to Administrative Data in a Low-Trust Environment

Hungary introduced a law ensuring access to anonymised personal data for research and policymaking in 2007. The law has forged a compromise between strict provisions on personal data protection and researchers’ needs for microdata that has passed the test of practical application. The Hungarian case may be a model for improving access to administrative data for research and policy analysis in a low-trust environment. The chapter explores stakeholder interests and the negotiation process leading to the new law and also highlights how particular features of the new law satisfied opponents while meeting the demands of data users.


Introduction
Post-socialist European Union (EU) member states share a strong tradition of extensive data collection by the state, but typically, administrative data are not systematically used to support evidence-based policymaking. In most cases this is mainly due to the relatively low efficiency of governance (implying that governments do not generate much demand for evaluation) and in some cases also to overly strict legislation on personal data protection. Access to microdata may be further constrained by lack of trust between academic and government organisations, as well as within the government.
The Hungarian case is a good example of improving access to administrative data for research and policy analysis in such a context. This chapter focuses in particular on three issues: (1) the interests of stakeholders involved in a legislative process that yielded a new law on microdata access in 2007, (2) the negotiation process leading to the new law and (3) how particular features of the new law satisfied opponents while meeting the demands of data users. To illustrate the impact and sustainability of the new legislation, the paper also briefly describes the outcomes in terms of summary statistics on data requests since 2007 and some examples of how administrative data have been used by researchers and policymakers to inform policy discussions since 2007.
The chapter is based on a review of the documents relating to the preparation of the law on microdata access, as well as on the personal notes and recollections of the author, who headed the research unit of the Finance Ministry and in that capacity was responsible for coordinating the negotiation process that led to the enactment of the law.

The Initial Status Quo in Brief
On the eve of its accession to the EU, the conditions for using administrative data for research and policymaking were relatively favourable in Hungary, in terms of the country's bureaucratic traditions and the evolving openness to new public management methods. The accession process had given further impetus to promoting the idea of evidence-based policymaking. At the same time, legal conditions and a low-trust culture in the public sector created considerable barriers.
The Hungarian public sector was built on the foundations of the Austro-Hungarian monarchy 1 and the socialist planned economy, 2 which both involved extensive and systematic data collection and data-based procedures of planning and decision-making in the government (Álló and Molnár 2014). Accordingly, the statistical traditions of the country had also been quite strong. The first official census was held in 1870 and regular household surveys had been carried out since 1949. 3 The Central Statistical Office initiated the introduction of a unique personal identifier in 1978, to facilitate the tracing of individual records over time.
The post-Soviet era brought mixed developments. New, democratic, institutions were established, and citizens' rights against the state were strengthened. While this was a favourable development in general terms, it also involved the creation of barriers to accessing administrative data on citizens. The Constitutional Court abolished the use of the unique personal identifier in 1991. In 1992 a new law on personal data protection was enacted that strongly limited the use of personal information by public authorities and created the position of an Ombudsman to monitor the implementation of the law (Székely 2007). 4 Furthermore, during the 1 Austrian rule was established after the final defeat of the Turks in 1699 and consolidated in the Austro-Hungarian monarchy between 1867 and 1918. 2 The bureaucratic procedures of the planned economy followed patterns provided by the Soviet Union, such as the 5-year cycles for industrial targets. The Socialist system was established relatively quickly, starting in 1947, and came to an end in 1989. 3 The first of these was the household budget survey in 1949, followed by the time budget survey in 1965 and the labour force survey in 1991. The first wage survey that collected individual-level information on wages was conducted in 1986. On the evolution of data protection in the Hungarian census, see Lakatos (2000). 4 Hungary was among the first post-socialist states to introduce legislation to ensure freedom of information and personal data protection and has become a model for other countries in Central and Eastern Europe (Majtényi 2002;Székely 2007). 1990s, a series of media scandals on the abuse of personal data by public officials increased public mistrust of how the government uses information about citizens and generated fears within the public sector about the potential implications of using individual-level data. During the mid-1990s, there were a few attempts to link administrative databases to identify free-riders of the welfare system. When these failed, mainly as a result of opposition from the Ombudsman and the Constitutional Court, improving access to administrative data began to look like a hopeless endeavour (DPC 1997).
The legal barriers were quite strong. The 1992 law on personal data protection and public information defined data access in such extreme terms that anonymisation for research purposes was legally impossible. 5 On the one hand, public information (more precisely, data of public interest) can be accessed by all and anonymised administrative data are considered public information. On the other hand, data are considered personal as long as they can be traced back to the person it refers to, without any flexibility in interpretation. 6 Personal data can be processed only if approved by the person they relate to or if their use fulfils a legal obligation (i.e. use for an official purpose, explicitly stated by law). Until 2007, this implied that data owners had no legal basis for processing personal data for the purpose of anonymisation, since supporting research or statistical analysis was not a legal obligation.
Political developments created somewhat more favourable conditions around 2002-2004. A Socialist-Liberal coalition government was elected in 2002, which was keen to fulfil criteria for Hungary's accession to the EU and had public sector reform on its agenda. In 2003, the Finance Minister established a new research unit within the ministry to strengthen the knowledge base of government decisions. Led by London School of Economics and Political Science graduate Orsolya Lelkes, this unit had some experience in how evidence-based policymaking was implemented in advanced European democracies and also had the necessary skills to apply these methods in Hungary. As shown in the following sections, their efforts finally led to the creation of a new law promoting access to administrative data and new opportunities for creating rich databases by linking several data sources. 5 See Sect. 3 of Act LXIII of 1992 On the Protection of Personal Data and the Publicity of Data of Public Interest and Majtényi (2002) for a summary of the Act. This Act was replaced by a new law on the same subject in 2011, which slightly eased the requirements for anonymisation, stating that data are regarded personal as long as the connection between the person and the information relating to them is restorable, and this is the case if the data owner is technically equipped for restoring the connection between them (compare Section 4(3) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information). Act LXIII of 2012 on the Re-Use of Public Sector Information further strengthened the data access rights of citizens. 6 Compare this with the UK's rules for research data, which require data owners only to ensure that the probability of re-identification is 'remote'. For more detail on the definition of data of public interest, see Majtényi (2011).

Stakeholder Interests
The Finance Ministry had a natural interest in promoting evidence-based policymaking, as its main goal was the efficient allocation of public resources and the curbing of excess spending. The interests of its new research unit, which started to campaign for access to administrative data, largely stemmed from the professional identity of its staff: they had joined the ministry with the aim of promoting evidencebased policymaking, they had the skills to use large-scale administrative data 7 and they understood the potential in accessing the rich data sources of the government.
After a few unsuccessful attempts to acquire administrative data, 8 the Finance Ministry research unit decided to try and remove the legal barriers. To find allies and promote the importance of data access, they held a workshop for data owners and initiated bilateral discussions with potential stakeholders. In 2004, they made a first, poorly prepared attempt to amend the personal data protection law, which failed on the opposition of the Ministry of Justice.
Stakeholders included a wide range of data owners, 9 potential data users (analysts in the civil service and researchers), the Ombudsman for data protection, Neumann Kht (the agency with the IT infrastructure for linking large datasets) and advocacy organisations with an interest in access to public information and personal data protection (Eötvös Intézet and TASZ).
Several stakeholders, such as the Ministry of Education, opposed the new law, fearing that answering data requests would require substantial staff effort and computer time and overburden public institutions. In some cases, data owners may also have feared that external users might discover unlawful or corrupt practices in their institution. Lack of information or trust in anonymisation techniques at the executive level also added to such fears. In more general terms, the lack of trust within and between public institutions (inherited from the socialist regime) also played a role. In such a low-trust environment, any initiative not clearly linked to an interest that all players understand is likely to be viewed with suspicion, on the assumption that the initiator has a hidden agenda.
The Central Statistical Office (CSO) strongly opposed the notion that the new law should apply to its data as well. 10 According to its official statement, its main concern was the reliability of the anonymisation process. The CSO feared that the draft law did not provide sufficient guarantees that anonymisation would be complete and that, if this was the case, the CSO would not be able to guarantee anonymity to survey respondents, which in turn might increase non-response rates. Expert-level meetings with the CSO revealed further, possibly more genuine, concerns. First, some CSO officials may have been worried about losing their monopoly on publishing (or selling) the data and losing some revenues. A related issue was the image of the CSO as a reliable source of statistical information. Access to microdata would allow users to publish aggregate statistics of particular variables which may or may not be exactly the same as those published by the CSO. Arguably, if the average journalist or citizen has little knowledge of the intricacies of statistical aggregation and the long list of legitimate causes for such discrepancies, such unofficial statistics might damage the public image of the CSO. Lastly, though the CSO had achieved high professional standards and the general quality of its data was high, some CSO officials may have been concerned that external users would discover some shortcomings in data quality.
Most opponents doubted the need for the new legislation, not being aware of new developments in statistical methods and the potential in using individual-level data.
Though the Gyurcsány government (2006)(2007)(2008) was broadly supportive of the 'new public management' (NPM) approach, actual demand for evidence-based policymaking remained limited, and thus there was no consensus over the need for improving data access. However, some stakeholders supported the new law because of their commitment to improving policymaking. One of the main supporters was the National Development Agency, which was responsible for allocating EU structural funds and was thus directly exposed to EU expectations to use these funds effectively. Furthermore, as a newly established institution, its staff tended to be better equipped with technical skills and more open to new public management ideas than most of the traditional ministries. Other strong supporters included the State Reform Committee and the Ministry of Economy. An advisor of the Prime Minister's cabinet also actively lobbied for the initiative, as he recognised its potential both for research and for evidence-based policymaking.
Somewhat surprisingly, the Ombudsman for data protection did not raise any serious concerns during the official negotiation process (DPC 2007). There were two likely reasons for this. First, the Ombudsman's mandate covered the protection of citizens' right to information, and he delegated the discussion of the draft law to the unit responsible for this topic. The lawyers in this unit were equally committed to promoting access to data and to the protection of personal data. Second, anticipating their opposition, the Finance Ministry research unit initiated informal negotiations with the Ombudsman's office before the official process began and, following lawyers' advice, made adjustments to the draft before it was officially submitted for consultation.

Negotiation Process Leading to the Law on Accessing Microdata for Policy-Related Analysis
The negotiation process took about a year (see summary in Table 1 below). In the first phase, lasting about 5 months, the Finance Ministry research unit submitted the first draft of the law 11 for comments by the relevant departments within the Finance Ministry and in the meantime initiated informal negotiations with some of the potential opponents. As already mentioned above, discussions with the Ombudsman's office were successful, while the CSO remained sceptical and did not commit to supporting the draft law.
In the second phase, starting in early December 2006, the draft law was submitted by the Finance Ministry for consultation by other ministries and government bodies. Implementation rules enacted a The proposal was sent to 11 ministries, 4 major data owners, the Ombudsman for data protection and 5 public agencies that were potential data users (the Audit Office, the Development Agency, the State Reform Committee, the Innovation Office and the National Academy of Science) b This meeting (szakmapolitikai értekezlet) served as a forum for high-level experts in public bodies to discuss draft laws Sources: Online document archive of the Parliament of Hungary on 'T/3029 A döntéselőkészítéshez szükséges adatok hozzáférhetőségének biztosításáról' 11 The first version of the legislative text was prepared by Máté Szabó, a lawyer, and commissioned by the methodology working group of a ministerial committee for social inclusion, which supported the initiative on the hope that it would lead to better data on income redistribution (Bánfalvi et al. 2006;Szabó 2006). The version in force at the time of writing is available at https://net.jogtar.hu/jr/gen/hjegy_doc.cgi?docid=a0700101.tv.
After minor amendments, it was passed by the government in April 2007. It was finally enacted by the Hungarian parliament in June 2007 as Act CI of 2007. In this phase, the first setback was posed by the Ministry of Justice, which accepted the purpose and concept of the draft law but disagreed with the proposed legislative text. They took almost 2 months to prepare an alternative solution, after a series of gentle reminders and personal phone calls by high-ranking officials. The second setback came from the Ministry of Education, which fiercely opposed the draft law, fearing that, once implemented, it would impose a large burden on schools. Minor gestures (e.g. further restrictions on who could request data) did not win the Ministry's approval, so in the second meeting of secretaries of state, the Ministry of Education had to be voted down by supportive ministers. As the latter were from traditionally strong ministries (finance and economy), the draft law was safely passed. 12 Once accepted by ministries, the draft law was easily accepted by the government and did not meet much opposition in the parliamentary committees. 13 It was enacted as Act CI of 2007 by parliament without any amendments or discussion.

Reconciling the Requirements of Data Protection and Research
The new law eliminated the main barrier in the preceding legislation by establishing a legal basis for data owners to process personal data for the purposes of anonymisation. This adjusted the balance between meeting the data needs of evidence-based policymaking and those of personal data protection. During the negotiation process some compromise had to be made to satisfy opponents. In particular, to win the support of data owners, the right to request data anonymisation was restricted to public bodies and made to vary by complexity of request. As a result, a request for a highly complex data linkage can be submitted only by a high-level government official, such as a minister or the President of the National Academy of Science (Act CI of 2007).
To conform with the strict standards set by personal data protection rules, the law prescribes a complicated linking procedure based on irreversible identifiers 14 and introduces a number of explicit and (in some aspects, overly) strict rules for anonymisation. These include the restrictions that no sample can be larger than 12 The fact that the law was proposed by the Finance Ministry was instrumental in the relatively smooth enactment process; the Finance Ministry had a strong position due to its role in allocating resources across ministries. Also it typically proposed fewer new laws than most other ministries, which increased the significance of opposing any of its proposals. 13 The draft was discussed in four committees without significant opposition, though delegates of the opposition parties did not formally support it in the voting procedure (for details, see archive of the Parliament of Hungary, T/3029). 14 These are called hash codes, which are unique identifiers but cannot be traced back to the original person. 50% and that geographical identifiers cannot be more detailed than small region level. Furthermore, the data owners must delete both the code and the data soon after sending them to the intermediary agency responsible for linking the data. The intermediary agency is also obliged to keep track of the accumulation of data by owners and maintain a searchable public database of anonymised datasets for secondary use.

The Impact of the Law on Microdata-Based Social Science Research
The impact of the new law has not been systematically documented. There is no information available on simple requests when users obtain anonymised data from a single data owner. Requests for linking datasets can be traced as the government agency responsible for linking anonymised datasets (initially Neumann Kht, and since 2011 the National Infocommunications Service Company (NISZ)) is obliged to report on its activities. According to their records, the first linked dataset that was created with reference to the new law was completed in 2010. Since then, around one to three linked datasets have been created every year (see the Appendix for more detail). Some of these involve only two data owners, while the largest involves six or seven public institutions. Ironically, one of the few agencies that has filed several requests is Educatio, an agency established by the Ministry of Education (a former opponent of the law), which uses the linking facility to track the labour market performance of university students after graduation (Nyüsti and Veroszta 2014). The Institute of Economics of the Hungarian Academy of Science has also made several data requests and has invested substantially in establishing a store of systematically cleaned datasets, which includes several linked databases. 15 These have been widely used by Hungarian researchers and have augmented the publication performance of the institute. 16 The use of administrative data has also contributed to the accumulation of policy evidence, e.g. on the effectiveness of active labour market policies, the income effects of tax cuts or the disadvantages faced by Romani school children (Köllő and Scharle 2016). It should be noted, though, that the use of administrative data has not permeated into the government decision-making process. Clearly, the improved availability of data is a necessary but not sufficient condition for introducing evidence-based policymaking. 17 15 For details, see the website of the Hungarian Academy of Sciences, Institute of Economics (IE) Databank at http://adatbank.krtk.mta.hu/nyito. 16 Since 2007, several papers using linked administrative data from Hungary have been published in high-ranking journals such as the American Economic Review (e.g. Kertesi and Kézdi 2011;Halpern et al. 2015). 17 Though an agency (ECOSTAT Kormányzati Hatásvizsgálati Központ) was established in February 2011 to prepare (and support ministries in preparing or subcontracting) impact evaluations, it

Summary and Conclusions
Hungary introduced a law ensuring access to anonymised personal data for research and policymaking in 2007. The law has forged a compromise between strict provisions on personal data protection and researchers' needs for microdata that has passed the test of practical application. The Hungarian case may be a model for improving access to administrative data for research and policy analysis in a low-trust environment.
The present review of the process leading to the enactment of the law highlighted three notable enabling factors. First, it was important to have a credible and dedicated insider, in a strong ministry, who could invest the time and effort in lobbying and coordination. This went together with the general though vague support of the government for improving the evidence base of policymaking. Second, early negotiations with influential stakeholders such as the Data Protection Commissioner and the involvement of potential supporters such as the National Development Agency seem crucial for smoothing the formal negotiation process.
Lastly, though the law has several weak points, it has enabled not only the creation of rich datasets but also the accumulation of experience, thus reducing ignorance-based attitudinal barriers (regarding the need for individual data and anonymisation methods) and fears about possible misuse by researchers. This will facilitate negotiating the necessary corrections to the law when demand for evidence-based policymaking revives. policy and active labor market policies for disadvantaged jobseekers, and the political economy of welfare reforms. She was Head of research in the Hungarian Finance Ministry between 2005 and 2008, had worked as an economist at the Finance Ministry (2003)(2004)(2005) and at the National Employment Office (1994)(1995)(1996).
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made. The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.