The New Hungarian Labour Code – a Practical Guide on Privacy Related Changes

The new Hungarian Labour Code has been very recently published in the Official Gazette. The Act No I. of 2012 is scheduled to enter into force by 1 July 2012 and it will lay down, inter alia, the general rules governing workplace privacy. We have provided a general overview of the privacy related provisions of the new Act in our earlier post.

From data protection aspects, the new legislation requires the implementation of the following changes by local employers:

– The new act makes it mandatory for employers to provide prior written notice to the data subject employee on the processing of his / her personal data. This notice must include in a way easy to understand all relevant facts of data processing, further, the scope of such information must conform to the provisions of the Data Protection Act on notice;

– In contrast to the former legislation, the new Labour Code permits the monitoring of employees without consent, however, the employer must provide prior written notice to the employee on the use of such technical measures (if any) which may not violate the human dignity of the worker. Further, prior to the implementation of monitoring measures, consultation with the works council is always a must. Practically, local employers shall adopt a policy on monitoring measures if they wish to monitor employee communications or use CCTV on the workplace.

Notably, the new Labour Code does not provide any legal basis for data transfers (including data transfers between group-companies, or international data transfers), therefore, in this respect the general rules of the new Data Protection Act shall be considered.

The regulation of workplace privacy issues is a very significant step forward because the former legislation – adopted prior to the Data Protection Act of 1992 – did not contain any rules on data protection issues. Considering that the new legislation also lays down general clauses, such as the prohibition of violation of personal rights as well as the requirement to respect employee’s privacy, the Data Protection Agency – in charge for the enforcement of employment related privacy provisions of the Act – could rely on the earlier practice of the Data Protection Commissioner on workplace privacy issues. Notably, the Commissioner followed a particularly strict interpretation of the data protection principles in relation to the processing of employee data, such as necessity and proportionality which also conforms to the practice of the Article 29 Working Party.