Whistleblower protection (or the lack thereof) has long been in the centre of the attention of the Freedom of Information Program of the Hungarian Civil Liberties Union. The latest development in this issue was the adoption of the new whistleblower act came into effect on January 1, 2014. We have closely monitored the legislative process and also the practice of responsible state bodies are under scrutiny as it is evolving now in light of the loopholes in the law. The applicability of the new legislation is one of the key issues of this case which might determine whether the procedures of the government are considered unlawful.
On 19 December 2013, police officers searched the home of
In its order of 22 January 2014, which we only received on 10 February 2014, the Central District Court of Buda (BKKB) declined our latest proposal as well – unjustifiably in our opinion.
It is worth summarising the developments of the procedure against
1. Denunciation by the NAV
A criminal complaint for the misuse of personal data by a public official was lodged by the head of the Regional Taxation Directorate-General of
As regards the state of facts, the search warrant sheds (some) light on in, but the criminal complaint may include more.
According to the search warrant,
From his statements aired by ATV’s “Straight talk” on 28 November 2013, the NAV concluded that he copied those data and took them out of the building of the NAV without authorisation.
Although not included in the search warrant, the Prosecutors Office later added that
(In this context, it is worth noting that these data were downloaded to gather information on transportation services that were elements of the VAT frauds.)
2. The suspicion – misuse of personal data (Section 219 of the Criminal Code)
The misuse of personal data has three key factual elements:
a) Since the protection of personal data only pertains to natural persons and legal persons and other entities without legal personality do not have personal data, a search warrant cannot refer to a business entity as an injured party in a criminal accusation.
b) An indispensable element of this type of crime is the unauthorised handling of personal data by the suspect.
The NAV should have identified the specific handling authorisations that were violated by the specific data downloads in its criminal complaint for misuse of personal data.
The NAV had all the opportunities to do so since according to Data Protection and Data Safety Regulation No. 111/2001 of the NAV, staff members are given data access authorisations for the purpose of discharging their duties in an attachment to their job descriptions.
In case the criminal compliant failed to precisely specify the rules violated by