08 April 2014
In a judgment issued today, the Court of Justice of the European Union concluded that the Data Protection Commissioner of Hungary was replaced by a new authority in an unlawful way. The judgment makes it clear that having two-thirds majority in Parliament means no exemption from complying with European norms.
According to the judgment of the Court of Justice of the European Union (CJEU) issued today, by abolishing the institution of the Data Protection Commissioner, Hungary violated European Union law. Member States shall establish an independent supervisory authority for the protection of personal data. According to the decision of the CJEU, the independence of that authority entails an obligation for Member States to allow that authority to serve its full term of office. However, abolishing the institution of the Data Protection Commissioner entailed the termination of the mandate served by the respective Commissioner, Mr András Jóri, who was dismissed before his six-year term was over.
The procedure resulting in the judgment today was launched against Hungary by the European Commission. Before that, the Eötvös Károly Institute warned the Hungarian Government that abolishing the institution of the Data Protection Commissioner will result in an infringement procedure and a condemning judgment. Subsequently, the Eötvös Károly Institute, the Hungarian Helsinki Committee and the Hungarian Civil Liberties Union addressed the President of the European Commission in order to raise his attention to the above infringement. The judgment today concludes this procedure, which began already in 2011.
The three NGOs above emphasize that by violating the independence of the Data Protection Commissioner, the Hungarian state violated not only the rights of the Commissioner himself, but also the rights of every Hungarian citizen, who have a right in Europe to have an independent supervisory authority protecting their information privacy. Establishing a new data protection authority parallel to abolishing the old one does not remedy the latter violation, since the decisions of the newly established Hungarian National Authority for Data Protection and Freedom of Information shall be viewed together with the fact that the latter authority was established as a result of an unlawful legislative step.