{"id":515,"date":"2011-03-20T00:29:50","date_gmt":"2011-03-19T23:29:50","guid":{"rendered":"http:\/\/www.dataprivacy.hu\/?p=515"},"modified":"2011-04-06T08:25:25","modified_gmt":"2011-04-06T06:25:25","slug":"one-step-closer-to-the-introduction-of-data-protection-fines","status":"publish","type":"post","link":"https:\/\/www.dataprivacy.hu\/?p=515","title":{"rendered":"One Step Closer to the Introduction of Data Protection Fines"},"content":{"rendered":"

The Head of the Hungarian Data Protection Agency (DPA), the Data Protection and Information Commissioner currently functions as an ombudsman and notably, it had no particular administrative powers at the time of the adoption of the Hungarian Data Protection Act in 1992. This situation changed with the EU access of Hungary, when the Commissioner has been empowered to release binding decision on the blocking, deletion or destruction of unlawfully processed data, prohibit the unlawful processing of data, and suspend the transfer of data to foreign countries. The decision of the DPA cannot be remedied in an administrative way and a court action may be initiated for its judicial review before the Metropolitan Court. Although the Commissioner exercised administrative powers in connection with the release of its blocking \/ deletion order, remarkably, the procedure of the DPA had no formal boundaries at all which did not guarantee the rights of the clients and did no secure the enforcement powers of the DPA either.<\/p>\n

<\/p>\n

Following the Commissioner’s proposal submitted to the Hungarian Parliament, the Act CXXVI of 2010<\/em> on the Metropolitan and County Government Offices amended with the effect of 1 January 2011 the Hungarian Data Protection Act and laid down that the Commissioner’s infringement actions shall be governed by the provisions of the Act on the General Rules of Administrative Procedure once a binding order shall be released on the prohibition of processing \/ transfer or on the blocking, deletion or destruction of unlawfully processed data. (Section 24\/A (6) of the Act). In practical terms, if the DPA believes that processing of personal data is unlawful,<\/p>\n

    \n
  1. \n

    the \tDPA may release an opinion \/ recommendation and ask the data \tcontroller or processor to cease and desist from unlawful data \tprocessing; in this case, the data controller has 30 days to comply \twith the Commissioners’ request and inform the DPA in writing on the \tsteps taken to remedy the situation.<\/p>\n<\/li>\n

  2. If \tthe data controller does not comply with the Commissioner’s request, \tthe provisions of the Act on the General Rules of Administrative \tProcedure apply and the Commissioner shall introduce an \tadministrative action against the data controller and order in a \tdecision the blocking, deletion or destruction of unlawfully \tprocessed data, prohibit the unlawful processing or technical \tprocessing of data, and suspend the transfer of data to foreign \tcountries.<\/li>\n
  3. The \tcontroller or data processor may initiate within 30 days the \tjudicial review of the Commissioner\u2019s order, however, until the \tfinal resolution of the case data cannot be deleted or destroyed and \tdata processing shall be suspended and the data be blocked.<\/li>\n
  4. If \tthe data controller or data processor did not initiate court action \twithin 30 days, he\/she did not suspend data processing during the \tjudicial review of the DPA’s decision, or if the court rules in \tfavour of the DPA, the DPA may introduce the enforcement of its \tdecision pursuant to the provisions of the Act on the General Rules \tof Administrative Procedure. If non-compliance with the DPA’s order \tis culpable, the Commissioner may impose procedural fines up to HUF \t500,000.- (Ca EUR 1,800.-) in case of natural persons and up to HUF \t1,000,000.- (Ca. EUR 3,600.-) in case of legal entities which fine \tmay be imposed repeatedly in case of persistent non-compliance.<\/li>\n<\/ol>\n

    The above amendment of the Hungarian Data Protection Act clearly strengthened the DPA’s position in connection with the enforcement of decisions, since the Commissioner may introduce an infringement action against the data controller or data processor once non-compliance with its binding decision could be established. The DPA is therefore one step closer to the status of an administrative authority which may impose fines for the breach of data protection laws.<\/p>\n","protected":false},"excerpt":{"rendered":"

    The Head of the Hungarian Data Protection Agency (DPA), the Data Protection and Information Commissioner currently functions as an ombudsman and notably, it had no particular administrative powers at the time of the adoption of the Hungarian Data Protection Act in 1992. This situation changed with the EU access of Hungary, when the Commissioner has […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[28],"tags":[108,112,110,29,60,113,30,111,109],"_links":{"self":[{"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/posts\/515"}],"collection":[{"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=515"}],"version-history":[{"count":6,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/posts\/515\/revisions"}],"predecessor-version":[{"id":519,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=\/wp\/v2\/posts\/515\/revisions\/519"}],"wp:attachment":[{"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dataprivacy.hu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}