Hungary - Data Protection
History of Data Protection in HUNGARY
Data Protection found itself on the Hungarian agenda following the political and economic changes of 1989. Data Protection, and the ability of citizens to be able to monitor information that had been collected, was seen as an important element of the rule of law and human rights.
Act LXIII of 1992 on the Protection of Personal Data quickly followed. On 26 July 2000, the European Commission decided that Hungarian law ensured an adequate level of protection of personal data within the meaning of Article 25(6) of Directive 95/46/EC.
Act LXIII of 1992 was later amended by Act No XLVIII of 2003. On 1 May 2004, Hungary was one of 10 states to become a member of the EU.
Summary of Data Protection in HUNGARY
| Title of Data Protection Legislation | Act LXIII of 1992 on Protection of Personal Data and Disclosure of Data of Public Interest amended by the Parliamentary Act No XLVIII, of 2003 |
| Name of supervisory authority | Parliamentary Commissioner for Data Protection and Freedom of Information |
| General Powers of supervisory authority |
Section 23 of the 1992 law establishes the Commissioner.
Section 24 outlines his main tasks:
"The data protection commissioner shall a) control the observance of the Act and other legal rules applicable to data handling; b) examine the reports submitted to him; c) provide for keeping the data protection register". |
| Who has standing to notify the supervisory authority of breaches? | Anybody |
| What are the penalties for data controllers if they breach the law? | According to the Act on the Protection of Personal Data and Disclosure of Data of Public Interest, if a data controller breaches the law it may be required to correct or delete the data (Section 17), or "pay compensation for the damage caused to others by the unlawful handling of the data of the person concerned or by violating the requirements of technical data protection" (Section 18). |
| Have any provisions been made for the processing of a national identification number or a general identifier, as per Article 8(7)? | Not in the data protection legislation. |
| Is it necessary to obtain consent before processing personal data, or are alternatives available even when obtaining consent would not be impracticable or inappropriate? | It is probably necessary to get consent when it is not impracticable or inappropriate. |
| Does the Data Protection Legislation cover the deceased? | No, but other laws in the health sector provide some protection. |
| Who is able to indirectly identify the data subject? | Anybody |
Laws and Regulations
- Constitution of the Republic of Hungary, specifically Articles 8 (fundamental human rights) and 59 (right to privacy)
- Decision of Constitutional Court on Ban of Universal Personal Identifier, No. 15/1991 - in English
- Decision of Constitutional Court on Definition of Medical Data, No. 65/1992, removed data related to 'sexual behaviour' from the the definition fo medical data, meaning explicit consent needed for storage of such data.
- Act LXIII of 1992 on Protection of Personal Data and Disclosure of Data Public Interest, includes changes made by Act XIX of 2005 - in English
- Act XLVII of 1997 on Processing and Protecting Health and Connected Personal Data, provides specific provisions on health data - in Hungarian
- Act CXIX of 1995 on the Use of Name and Address Information for Research and Direct Marketing - in English
- Hungarian Laws, accepted by Parliament since 1990 - Hungarian
Institutions
- Relevant Legislation - in English
- Current Cases and Opinions - in English
Journals
- IME (Informatics and Management in Healthcare) - in Hungarian
- INFINIT Privacy Newsletter, monthly, covers international privacy affairs - in Hungarian