Data protection and freedom of information in Hungary: The latest casualties of Covid-19?, by Petra Lancos

This paper is part of the e-conference on « Data protection Issues and Covid-19: Comparative Perspectives » which consist in a daily publication at 12 p.m. (GMT+1) except on Sundays until the Summer break. A new session will start again at the beginning of the academic year 2020-21. Please subscribe to blogdroiteuropeen, so you don’t miss a publication. This e-conference was organised by Dr. Yseult Marique, Senior Lecturer at the University of Essex and FÖV Speyer and Dr. Olivia Tambou, Associate Professor at the University of Paris-Dauphine, External Scientific Fellow at the Max Planck Institute of Luxembourg, and Founder- Editor of Blogdroiteuropeen. If you are interested to contribute for our September session feel free to contact us at blogdroiteuropeen@gmail.com

State of danger: Constitutional basis and the authorization to govern by decrees

On 13 March 2020, an expression of utter confusion showed on the face of Tv2’s news anchor. The evening news on the government-friendly tv channel had just finished airing a news clip explaining how damaging the opposition’s idea would be to close down the schools when the anchor had to announce that Prime Minister Viktor Orbán had ordered the closing of all schools until further notice. Pressure had been mounting from civil society to shut down schools immediately, after it emerged that children whose parent had tested positive for Covid-19 were still attending school.

A few days earlier, on 11 March, the Hungarian Government had declared a ’state of danger’ based on Article 53 of Hungary’s constitution, the Fundamental Law. With the introduction of the special legal order, the Government was authorized to ‘govern by decrees’, suspending the application of, or derogating from certain acts or taking other extraordinary measures. The special legal order allows for the suspension or restriction of most fundamental rights (with the exception of the right to life, human dignity, prohibition of torture, inhumane or degrading treatment and the presumption of innocence) without the safeguard of proportionality or the preservation of the essential content (’Kerngehalt’) of such rights. According to the Hungarian Fundamental Law, such governmental decrees are only to remain in force for fifteen days.

The Government set up the so-called Operational Corps to coordinate pandemic management efforts. It also instituted a set of protective measures geared towards ensuring the safety of the population (e.g. closing down Hungarian borders, as well as non-essential retail shops and entertainment facilities) and the mitigation of the economic consequences of the lockdown (e.g. tax exemptions in certain sectors, moratorium on loan repayments). A few days before the lapse of the extraordinary measures, the Government introduced a bill in Parliament to extend the effect of all protective measures beyond the 15 days deadline until the end of the ‘state of danger’. Act No. XII. of 2020 on the fight against the corona virus was widely criticized within and outside of Hungary as giving blanket authorization to the Government to “govern indefinitely through protective measures”. In fact, the Parliament may revoke the authorization even before the end of the ‘state of danger’, and it is up to the Parliament to repeal the Act when the emergency situation ends. Of course, with a super-majority in Parliament, the Government was facing no threats to its powers in Parliament.

Data protection at the time of Covid-19: Medical data and tracking apps

Hungary applies the GDPR and Act CXII of 2011 on Informational Self-Determination and Freedom of Information, which prescribe the drawing up of a privacy policy document for cases of data processing in general, and for the purposes of law enforcement, national security and defence. The Hungarian National Authority for Data Protection and Freedom of Information, the domestic data protection agency published relevant information in Hungarian and English language on data processing during the Covid-19 pandemic, including press releases and guidelines of the European Data Protection Board, Council of Europe statements etc. on its website. In addition, Hungarian authorities were steadfast in trying to find a balance between informing the public at large of the trends in the spreading of the virus and its death toll, as well as protecting the personal data of those who had contracted the virus and the deceased. However, publishing individually the age, sex and chronic diseases of the deceased on an official government website, made it possible in certain cases for citizens to personally identify those having died of it.

Meanwhile, potential threats to privacy are also emerging: the new Governmental Decree 181/2020 (V. 4.) authorizes the use of electronic means of controlling quarantine measures, with the police gathering data from an application (VírusRadar) installed by those under supervision. The authorities gain access to the user’s profile, movements and health data. Important guarantees of this means of surveillance are the voluntariness on the side of the device holder and that the data thus gathered will be processed for a maximum of 60 days following the lapse of the individual’s quarantine.

In a highly criticized amendment, Act No. XXXI of 2020 modified the law governing the National Security Service, authorizing the Service to control the electronic communication traffic of state and municipality bodies, to avert a possible cyber-attack. The new rules were widely criticized, including by the President of the National Authority for Data Protection and Freedom of Information for their lack of guarantees for the protection of personal data. The siloing of citizens’ personal data implemented by public bodies are thus no longer applicable to the National Security Service, which will have an overview of all public bodies’ traffic and – so the suspicion goes – content of electronic communication.

Freedom of information: Extended deadlines and the criminalization of fearmongering under the special legal order

Meanwhile, freedom of information has consistently suffered since the state of danger has been declared. After a couple of weeks of daily press briefings conducted by the Operational Corps, following a communication disaster spearheaded by the State Secretary responsible for Communication, citing threat of contagion, the Operational Corps only took questions that had previously been sent by email. Public grilling or follow-up questions by members of the media was no longer an issue for the authorities acting as the face of the fight against the virus, and many questions sent in by journalists remained unanswered.

Meanwhile, the media also requested access to ’data in the general interest’ held by health institutions and nursing homes to draw a clear picture of the status of patients cared for in the facilities as well as their supplies in protective gear. However, inquiries were routinely met with silence or form letters, declining to provide information. Not only were institutions unwilling to provide data in the general interest to representatives of the media, doctors, nurses and other health care workers at the forefront of events were reportedly also unwilling to answer questions. This may also be due to the new Section 337 para 2 of the Criminal Code penalizing speech containing untrue facts, distorted claims or rumours that are capable of frustrating the fight against the pandemic.

In a final blow to freedom of information, Government Decree 179/2020 (V. 4.) extended the statutory deadline for satisfying or rejecting requests for data in the general interest from 15 days (Section 29 para 1 of Act CXII of 2011, FOIA) to 45 days, which, in the rapidly evolving emergency situation underlying the state of danger renders information thus provided, to a large extent, obsolete. Such an extension was possible in case it is likely that fulfilling the request within the 15 day deadline would jeopardize the fulfilment of the public body’s public services related to the state of danger. While it is easy to appreciate that public bodies such as public health care institutions are struggling with an increased workload, restricting the freedom of information in general in respect of all public bodies seems disproportionate.

Ending the state of danger and preparing for a new one

On 17 June 2020 the Hungarian Parliament adopted Act No. LVIII of 2020 which not only repealed the state of danger but also clarified certain conditions governing disease prevention and the introduction of such conditions in the future. While these rules increase transparency, they make for a mixed picture. Although Article 265 of the Act provides for the reinstatement of the 15 day deadline for providing access to data in the general interest, Article 4 replaces the monthly budget reporting of self-governments with quarterly reporting obligations, reducing access and transparency. In the ambit of health care, the new Act determines the scope of ’telemedicine’ allowing for a safer and more flexible outpatient care, and at the same time raising issues of data protection of its own. The new rules provide for a more stable and foreseeable framework in case of a possible return of the disease, yet it remains to be seen how the new Acts will be implemented in practice and what effects they will have on data protection and access to information in Hungary on the long run.

Petra Lea Láncos (LLM, PhD, habil.) graduated from Pázmány Péter Catholic University in 2003. Before obtaining her PhD, she was a junior research fellow at the Max Planck Institute for Comparative Law and Public International Law (Heidelberg) in 2006-2007. She is an associate professor at the Department of European Law at Pázmány Péter Catholic University (Budapest) since 2009. Between 2016-2019, she was a research fellow at the Deutsches Forschungsinstitut für öffentliche Verwaltung (Speyer). Besides her academic career, she worked at the Office of the Commissioner for Fundamental Rights (2013-2014), at the National Media and Infocommunications Authority (2015-2016), and currently she works at the Constitutional Court of Hungary (since 2019). She has been working as a freelance interpreter for the EU institutions since 2011. She has been working as the Editor of the Hungarian Yearbook of International Law and European Law since its establishment (2013).