LAPSI 2nd Public Conference

New Hungarian Data Protection and Freedom of Information Authority

Tamás KovácsHUNAGI

Overview

Latest PSI regulatory developments The new Authority The issue of independence Conclusions

Latest PSI regulatory developments

Existing legislation: Re-use not treated as a specific legislative issue Access for re-use by means of FOI regulations Free of charge (only costs of copying) But: official registries regulated differently Requirements of the Directive not reflected

Infringement procedure initiated last autumn

Latest PSI regulatory developments

New data protection and FOI act Entered into force 1 January, 2012 Quite similar to previous legislation from PSI

perspective Re-use not covered separately

New institution: National Data Protection and Freedom of Information Authority Replaces the earlier Data Protection Ombudsman and

Ombudsman’s Office

Latest PSI regulatory developments

New PSI re-use legislation proposed Separate act on re-use of PSI Official registries also covered Principles, requirements of the Directive reflected Remedies in the competence of the new Authority

Status: discussions ongoing Planned adoption: spring 2012

National Data Protection and Freedom of Information Authority

Replaces the earlier ombudsman Status: „Autonomous regulatory organ”

Headed by a President Financial, personnel etc. independence

safeguarded Budget controlled by Parliament directly President appointed by the President of Hungary on

proposal of prime minister Strict incompatibility rules

National Data Protection and Freedom of Information Authority

Competence Investigation procedure

may be initiated by anyone, free of charge similar to procedure of earlier ombudsman if data processor fails to comply with the requests after

the investigation: the Authority may issue a public report / initiate an authority procedure / turn to court

Public report to draw public attention to the issue

Authority procedure in case of greater exposure (e.g. wide scope of persons)

National Data Protection and Freedom of Information Authority

Competence (cont.) Court procedure initiated by the Authority

Confidentiality review procedure Registry of data processing Data protection audit

National Data Protection and Freedom of Information Authority

Issue of independence Background: concerns regarding the new Constitution

and related cardinal acts Infringement procedures initiated last week Issues:

Current ombudsman’s appointment ended prematurely (political background), no interim measures

Possibility of dismissal by prime minister and president on arbitrary grounds

Although no direct influence, the mere risk of indirect influence constitutes a breach of EU law

National Data Protection and Freedom of Information Authority

System of remedies re: PSI re-use: Initiation of investigation by Authority Court review

Planned competence of Authority Remedy against in merit decisions of public body Procedure according to the rules of investigation

Extensive rights to examine the case (entry to premises etc.) At the end: call on public body to remedy the situation If not observed: may lead to ex officio authority procedure /

court procedure No practical experience yet

Conclusions Adequate PSI re-use legislation: hopes for a

change provide effective legal framework for re-use change public bodies’ attitude

Authority: Independence should be safeguarded No experience regarding PSI re-use yet

Make public bodies more aware of EU best practices

State-driven projects needed to facilitate re-use