The Hungarian government has issued a governmental decree suspending the rights of data subjects under the General Data Protection Regulation (“GDPR”) until the end of the state of emergency that was declared in the wake of the Coronavirus pandemic. The governmental decree also relaxes the obligation of public agencies to notify individuals when they collect personal data and extends the timescales authorities have to respond to freedom of information requests.
The GDPR establishes data subjects’ right to access, rectify, object, restrict, and delete their personal information. However, Article 23 of the GDPR authorizes member states to restrict those rights if it is necessary for the protection of public security, among other matters. The Hungarian government’s decision has raised concern across the EU privacy protection community and the European Commission is closely monitoring the situation in Hungary.
Additionally, the European Data Protection Board (“EDPB”) indicated that it intends to publish guidelines on the application of Article 23 of the GDPR in light of the state of emergency in many member states of the European Union.
CLICK HERE to read the Hungarian government’s decree (in Hungarian).