Data Protection Bodies and Relevant Laws

The protection of data and the freedom of information in Hungary has been the responsibility of the Parliamentary Commissioner for Data Protection and Freedom of Information (Ombudsman) since 1995 (Hungary n.d.). Act LXIII of 1992, which entered into law on 1 May 1993, provides for the protection and dissemination of personal information contained in Hungarian registries (EU 7 Sept. 1999; Hungary 1 May 1993). Additionally, Hungary introduced numerous laws regulating the handling of information such as addresses (Act LXVI of 1992), universal identifiers (Act XX of 1996), medical information (Act XLVII of 1997), police information (Act XXXIV of 1994), public records (Act LXVI of 1995), employment records (Act IV of 1991), telecommunications (Act LXXII of 1992) and national security services (Act CXXV of 1995) (PI 2000).

According to law, the state may only collect unique personal information for statistical purposes and cannot transfer, publish or make it available to third parties except with subject's written consent (Hungary 2001, Sec. I.A). Police may request information without consent, however, when that data is within the "scope and duration suitable and strictly necessary" for a criminal procedure (ibid. 13 Aug. 2001).

Data Protection

The Research Directorate was unable to find reports of specific incidences of individual citizens using the registries in an illicit effort to locate information on other residents or returnees or where, and at what cost, such information might be obtained among the sources consulted.

According to the Ombudsman's most recent report, the types of privacy problems generally received relate to the copying of identity documents by service providers and "anomalies" associated with the data processing of parking companies (Hungary 2001, "Introduction"). The office routinely investigates complaints of data mishandling (ibid. Sec. 1.A.). Once such investigation conducted in 2001 conducted on the Central Statistics Bureau (KSH) in Budapest, Pest and Szabolcs-Szatmar-Bereg counties (ibid.). The inspection concluded that these offices met official standards for information protection (ibid.). In a second investigation, the Ombudsman found false, claims that the Republican Guard of the National Police Headquarters had "engaged in any unauthorized use" of information collected in the 2001 census (ibid.). The Ombudsman also preformed "more than three dozen" investigations of police practices in that year and responded to complaints concerning the protection of witnesses' privacy (ibid.).

According to the Ombudsman, deficiencies in Hungarian law weaken the ability of authorities to pursue criminal procedures against those found in intentional violation of data protection regulations (Hungary 25 Apr. 2001). Furthermore, he noted that, although there were an "extraordinary number" of cases violating the formal understanding of unauthorized access to data, most of these violations had only a minor effect on subjects (ibid.). However, there were reported cases where the "data controller" used personal data to further his or her own financial interests (ibid.).

The European Union (EU) was of the opinion in 2002 that the Commissioner's office had done "a great deal in terms of ensuring compliance with the law" (9 Oct. 2002, 58). It also saw the election of the Commissioner as satisfying "the requirement for complete independence," although the office's legal structure required significant strengthening (EU 9 Oct. 2002, 58). Previously, the European Commission had considered data protection in Hungary to be adequate based on EU standards and, following a July 2000 decision, it approved transfers of personal information to Hungary (PI 2000).

Information Collection and the Registry System

Among the tasks of the Ombudsman is the maintenance of the Data Protection Register (Hungary n.d). The register is an aggregation of "various databases containing personal [information] in Hungary" (ibid. 2001, Sec. II.). As a central registry, the Register collects information from tax records, licenses, leases, military draft records, records related to students in the public education system as well as lists of school-age children and welfare recipients, which is stored in over 2,200 data registries held by federal and county administration bodies and institutions, local governments and the private sector (ibid.). The European Commission's Directorate General for Enterprises noted the addresses of 20 country registries located in each of Hungary's 19 counties and in the city of Budapest (EU 27 Sept. 2001, 17-18).

The Research Directorate was unable to find references to a national network linking these various registries and databases among the sources consulted. The Ombudsman's report stated that security requirements prevented the introduction of online registry access, and it complained of archaic computer systems in its own data transmission network that limited its communication options and investigative ability (Hungary 2001, Sec. II.).

This Response was prepared after researching publicly accessible information currently available to the Research Directorate within time constraints. This Response is not, and does not purport to be, conclusive as to the merit of any particular claim to refugee status or asylum.

References

European Union. 9 October 2002. Commission of the European Communities. "2002 Regular Report on Hungary's Progress Towards Accession." (SEC [2002] 1404) http://www.europa.eu.int/comm/enlargement/report2002/hu_en.pdf [Accessed 18 Apr. 2003]

_____. 27 September 2001. Commission of the European Communities, Enterprise Directorate General. "EU Guides to the Establishment of Enterprises and Performance of Crafts in Europe: Hungary." http://www.kobinet.org.tr/kosgebabm/english/lib/eu/PEGDocs/Hungary.pdf [Accessed 1 May 2003]

_____. 7 September 1999. Commission of the European Communities. "Opinion 6/99 Concerning the Level of Personal Data in Hungary." http://europa.eu.int/comm./internal_market/en/dataprot/wpdocs/wp24en.htm [Accessed 16 Apr. 2003]

Hungary. 13 August 2001. Office of the Parliamentary Commissioner on Data Protection and Freedom of Information. Barnabas Lenkovics. "Statement: The Police May Not Demand Access to Personal Data That Are Not Truly Vital for Criminal Proceedings." http://www.obh.hu/adatved/indexek/2001/IIIselected2.htm [Accessed 16 Apr. 2003]

_____. 25 April 2001. Office of the Parliamentary Commissioner on Data Protection and Freedom of Information. Laszlo Majtenyi. "Recommendation of the Data Protection Commissioner to Modify the Criminal Code on the Control of Personal Data." http://www.obh.hu/adatved/indexek/2001/IIIselected1.htm [Accessed 16 Apr. 2003]

_____. 2001. Office of the Parliamentary Commissioner on Data Protection and Freedom of Information. "Annual Report." http://www.obh.hu/adatved/indexek/2001/cont.htm [Accessed 16 Apr. 2003]

_____. 1 May 1993. "Act No. LXIII of 1992 on Protection of Personal Data and Disclosure of Data of Public Interest." http://www.obh.hu/adatved/indexek/AVTV-EN.htm [Accessed 16 Apr. 2003]

_____. n.d. Parliamentary Commissioner for Data Protection and Freedom of Information. "Parliamentary Commissioner for Data Protection and Freedom of Information: Hungary." http://www.obh.hu/adatved/indexek/jobb.htm [Accessed 16 Apr. 2003]

Privacy International (PI). 2000. "Country Reports: Republic of Hungary." http://www.privacyinternational.org/survey/phr2000/countrieshp.html [Accessed 1 May 2003]