The Hungarian data protection authority was conceived in sin

The judgment of the European Court on 8 April declared that the replacement of the institution of the data protection commissioner for the National Authority for Data Protection and Freedom of Information was unlawful. The ruling has made it clear: a two-thirds mandate does not absolve the Hungarian state from complying with European norms.

According to the decision of the European Court, in abolishing the institution of the data protection commissioner coincidentally with the entering into force of the Fundamental Law on 1 January, 2012, the Hungarian state violated the law of the European Union. Every Member State of the EU is obliged to operate an independent data protection authority. The independence of the organization responsible for data protection necessarily involves the obligation to respect the period of mandate of the same institution. Abolishing the authority implied the elimination of the mandate of the independent data protection commissioner, which occurred before András Jóri, who had been elected to this office for six years, had a chance to fulfill his mandate.

The European Commission started proceedings against Hungary. Prior to that, Eötvös Károly Institute had warned the government that the Commission would pursue infringement proceedings against Hungary and condemn it for abolishing the institution of the ombudsman. Also, Eötvös Károly Institute, HCLU and the Hungarian Helsinki Committee jointly called José Manuel Barrosso's attention to the unlawful action. Today's judgment is the final move in this process that started back in 2011.

It is highlighted by those three organizations that by violating the independence of the data protection commissioner, the Hungarian state committed a breach of rights not only against the ombudsman, but also against all Hungarian citizens who are entitled to enjoy information privacy in Europe protected by an independent agency. The operations of a new institution created coincidentally with the act of violating independence cannot remedy this injury, as the decisions of the National Authority for Data Protection and Freedom of Information are to be judged, in each specific case, by considering that this authority was established as a result of rights infringement, that is, it was conceived in sin.

Share

Related articles

Pegasus case: HCLU takes coordinated domestic and foreign legal action

The Hungarian Civil Liberties Union (HCLU) is taking legal action on behalf of six of its clients before the Hungarian authorities, the European Commission, the European Court of Human Rights in Strasbourg and in Israel. The organisation aims to expose the practice of unlawful secret surveillance, to have international fora declare that the Hungarian regulation of secret information gathering violates fundamental rights and to prevent politically motivated abuses.

NGOs Reject "Safe Harbor 2.0," Urge EU and US to Protect Fundamental Rights

Leading human rights and consumer organizations have issued a letter to urge the US and the EU to protect the fundamental right to privacy.

Call for urgent amicus briefs!

In April 2014 the Court of Justice of the European Union (CJEU) declared invalid the Data Retention Directive that unified the rules of the retention of selective data by Internet and telephone services and determined the accessibility of data by authorities in the member states. Despite the content of the judgment, the Hungarian act allowing data retention is still in force. In October, 2014 the HCLU started litigation against two major service providers in order to force the Hungarian Constitutional Court (CC) to repeal the unlawful act.