Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


IV. Governance issues

Financial privacy

The approach to insolvency lists is still an open debate in Hungary. Financial institutions set up a system of insolvency list based on their clients' consent. According to the Data Protection Commissioner, clients do not consent "freely" when they are under pressure. Indeed, without that consent, banks may reject their credit application. It is still unclear as to whether consent in this case is valid from the data protection law point of view. The Data Protection Commissioner suggests that the Parliament pass an act on the matter and establish a state body to be responsible for administering the insolvency list.1


Both the e-Government 2010 Strategy2 and the e-Government 2010 Programme3 of the Prime Minister's Office aim at establishing a "Citizens' Public Information Utility" including the establishment of a national system of electronic identification of citizens and providing for interoperability with similar systems in the European Union. In 2007, commissioned by the National Development Agency, the Eötvös Károly Institute, an independent public policy organisation with special expertise in informational rights and freedoms,4 worked out a comprehensive study on the privacy and data protection requirements in electronic identification systems.5

In 2009, Parliament adopted several Acts relating to e-government. These acts, including the amendments to the Code on the General Rules of Procedure in the Public Service,6 the new Act on Electronic Delivery of Official Documents and on the Electronic Delivery Record,7 the Act on Electronic Public Services,8 and the Act on the Order for Payment Procedure,9 extended the range of procedures where the use of electronic means is obligatory.

Open government

In terms of access to information, the 1992 Act on the Protection of Personal Data and Disclosure of Data of Public Interest guarantees access to "data of public interest", which is defined as any information being processed by government authorities except for personal information. Exemptions can be made for state secrets or official secrets and information related to national defence, national security, criminal investigations, monetary and currency policy, international relations, and judicial procedure. Personal data cannot be information of public interest, by definition, but they may fall under the category of "public information subject to disclosure". Unless otherwise prescribed by law, personal data of any person acting in the name of and on behalf of public agencies, shall be deemed public information subject to disclosure. Access to such data shall be governed by the provisions pertaining to information of public interest.

The so-called Lustration Law (publicly known as the "Agent-Law"),10 enacted in 1994, stipulates a compromise solution between the accessibility of data relating to persons who cooperated with the secret police of the past regime in an unconstitutional way, and data relating to subjects of secret police reports on the one hand, and the right to information privacy of all persons concerned on the other. Originally, the Hungarian solution was much less radical than the German model: the victims of surveillance could not learn the identity of the agents reporting on them, only the data reported about themselves, and the former agents fulfilling public functions in the new regime were allowed to resign without being subject to public scrutiny. Consequently, the maximum sanction, namely, the publication of the agents' names in the official gazette, could be applied only if they insisted on staying in office.

In June 2002, the Government announced that it would ask the Parliament to pass legislation authorising the further opening up of the secret police files from the Communist era.11 The announcement came following an admission by the Prime Minister that he had been a counter-intelligence officer in the secret police during that time.12 Hungary has enacted a law opening up secret service files and has been coordinating with the German Stasi archive to prosecute members of the communist regime. The law regulates access to files for both victims of spying and former spies. Victims can find out who spied on them, but to prevent recriminations and revenge-taking, they are not given access to the spy's files.13

In 2003 a law was enacted (while the 1994 law remained in force) with provisions on the rights of victims of surveillance by the secret police of the past political regime, to learn the names of the agents reporting on them and the right to make these names public (but only in the cases where the former agents are presently public figures), and the establishment of the Historical Archives of State Security Services, replacing the Office of History, where documents relating to the activities of the former secret police are to be kept.14 Despite these legislative developments, there has been a great deal of uncertainty concerning the contents, authenticity, and completeness of the former secret police documents, which gives rise to political blackmail and keeps the issue on the public agenda.

The 2005 Freedom of Information by Electronic Means Act makes it mandatory for every agency or organisation in attendance to proactively publish data on their organisational structure, operation, and financial management; requires electronic publication of legislative projects and individual drafts, while also prescribing the provision of an interactive interface; mandates publication of the Magyar Közlöny, the official journal of the Hungarian government, and of the Electronic Compendium of Effective Laws and Regulations, in such a way that will make access to them free of charge and unencumbered by any other circumstance for everyone; and requires the Supreme Court and courts of arbitration to post all of their verdicts, judgments, and rulings on the Internet.15

Other developments

Public disturbances from the fall of 2006 until September 2007 raised questions concerning the privacy rights of citizens, policemen, and judges.16 Following the public disturbances, the names, home addresses, home and mobile telephone numbers of the judges and prosecutors presiding over the related criminal cases were published on an internet site, It was clear that according to the law, the name and position of judges and prosecutors are public. However, as the data protection commissioner stated, home addresses and phone numbers are confidential personal data, even if some are published in public registers such as the phone directory, because the original purpose of the publication in the directories and the purpose of the publication on the website were different. The disclosure of these latter data would have been lawful only with the consent of the judges and prosecutors concerned. However, the data could not be removed from the site because the site was hosted on a foreign server, and had listed false contact data.17 Later, the operators of the site had to face the concerns of the foreign ISPs and they switched off the site several times due to privacy-related infringements.

As mentioned above, in 2005 and 2006, the Commissioner dealt extensively with problems of political direct marketing conducted by telephone, email, and short text messages (SMS), as well as with databases set up by political parties containing data relating to the supposed or existing political views of individual voters.18 The most significant scandal involved activists adding information relating to political views of voters to the list of voters (which is legally obtainable for election purposes and can be used for a limited time period before the elections). Based on this information, voters were classified into three categories, indicated with letters E (Enemy), S (Sympathiser) and B (for Undecided in Hungarian). Protesting against this practice, local representatives of the socialist party attended the meetings of the local self-government with a big letter E on their suits. Unfortunately, neither the Commissioner, nor the police investigators could establish the origin of the data, nor could they prove the actual use of the database.

Registering and processing of personal data relating to ethnic origin has been a source of recurring controversy in both professional and political circles. The freedom of affirming minority identity is addressed by the Minority Act.19 The individual's minority identity and right to be treated in that capacity rest on the principle of freedom of identity. The Act declares that "The admission and acknowledgement of the fact that one belongs to a national or ethnic group or minority [...] is the exclusive and inalienable right of the individual," and that, as a rule of thumb, "No-one is obliged to make a statement concerning the issue of which minority one belongs to."20 However, the Constitutional Court found it constitutionally acceptable to make it mandatory by the force of law to declare minority affiliation if such a restriction of a fundamental constitutional right is inescapably demanded by other constitutional rights and values, executed by the most appropriate method, and is limited to the minimum extent required. The decision21 affirms that the right to elect national and ethnic minority governments may indeed justify a reasonable restriction of self-determination in the context of mandating declarations of minority.

The present system of minority elections is based on a preliminary registration model: participation in the minority self-government elections requires citizens to declare and register themselves as members of a national minority. However, nobody has the right to "check" the declared identity of those registered themselves, and the registers are destroyed after the elections.22 This system, however, had not solved the problems of the so-called "ethno-business", namely that in the hope of gaining various benefits, people may declare themselves members of a minority without actually qualifying as such. The Eötvös Károly Policy Institute published an edited volume in English on this subject,23 including an internationally applicable solution offering organisational and technological guarantees in order to provide the means for monitoring individual subsidies granted on ethnic minority basis without the need of maintaining a central minority register.24

In November 2009 the Data Protection Commissioner and the Commissioner for Ethnic Minorities issued a joint recommendation25 in which they declared acceptable the registering of ethnic data by the state for various purposes. They would take "objective criteria", such as colour of skin, given or family name typical for the ethnic group, or origin of parents as the basis of adjudging someone's ethnic origin.

Non-government organisations' advocacy work

The two most important non-governmental organisations advocating privacy and data protection are the Eötvös Károly Policy Institute (EKINT)26 and the Hungarian Civil Liberties Union (HCLU).27 EKINT, an institution deeply committed to the liberal interpretation of constitutionality, is a respected professional organisation whose areas of activity includes privacy and data protection as well as transparency and freedom of information. HCLU is a human rights watchdog NGO, focusing on patients' rights, data protection, freedom of speech, drug policy, and minority issues. Both organisations are composed of a handful of dedicated professionals and activists who are able to organise public events and attract the attention of the media.

Among the few but significant civil society initiatives and developments, HCLU, together with the experimental amateur performance group TÁP Theatre, organised a street performance at one of the most crowded places in Budapest, Moszkva Square, in May 2008, to protest against surveillance and data retention practices.28 The HCLU submitted a complaint to the Constitutional Court about telephone and internet data retention regulation in force. In March 2008 an independent, not-for-profit website, run by a professional community, was launched and introduced to the media. The International PET Portal and Blog has become a high quality forum of Privacy Enhancing Technologies in Hungarian, English, and Dutch languages.29

In the early 2000s, the annual presentation of the Hungarian Big Brother Awards30 was a popular manifestation of radical civilian censure. Ironically, the most intense controversy has surrounded the person of the Commissioner himself. In 2002, he was among those nominated for the Big Brother Award on account of the cameras installed on his official premises. In 2004, he received another nomination – anyone may anonymously nominate individuals through the Internet for the first round – this time for his lenient position on cameras installed in department store fitting rooms. In this case, the Commissioner found himself among the finalists and, after the online votes given to the finalists had been counted, actually ended up receiving the Audience Award. Attila Péterfalvi, the second DP&FOI Commissioner in office, not only appeared at the awards ceremony, but – unlike other recipients to date – accepted the award, although he made a point of voicing his disagreement with the rationale for his own selection.

International obligations and International cooperation

Hungary has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and acceded to its First Optional Protocol, which establishes an individual complaint mechanism.31

Hungary has been a member of the Council of Europe (CoE) since 1990 and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.32 It has also signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention No. 108).33 Hungary ratified the CoE Convention on Cybercrime in late 2003, and it entered into force in July 2004.34

Hungary became a member of the Organisation for Economic Cooperation and Development (OECD) in 1996 and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Hungary became a member of the European Union in 2004.