By Tivadar Hüttl
Director of Data Protection and Freedom of Information Program, Hungarian Civil Liberties Union
The Hungarian Parliament in June adopted new law on data protection and freedom of information (Act CXII. on Informational Self-determination and Freedom of Information).
The act will entry in force from 1st of January 2012, and will replace the Act LXIII. 1992 on Data Protection and Public Access to Data of Public Interest.
Major changes:
I. Definition of data of public interest
Act of 1992 (2.§ 4.) ‘data of public interest’ shall mean any information or knowledge, not falling under the definition of personal data, processed by an organ or person performing a state or local government function or other public function determined by a rule of law, or any information or knowledge pertaining to the activities thereof, recorded in any way or any form, irrespective of the manner it is processed and its independent or collected character.
Act of 2011 (2.§ 5.) ”data of public interest”: any recorded information or knowledge – regardless its separate or collected character and manner of process, and not falling under the definition of personal data – processed by an organ or person fulfilling state or local government or other task of public interest and related to its activity or arose in conjunction its public tasks; in particular its to their powers, competence, structure, professional activities including its efficiency, rules and laws on its operation, its the management assets, the utilization of public funds and contracts.
II. Definition of data on grounds of public interest
Act 1992 (2.§ 5.) and Act 2011 (2.§ 6.) data public on grounds of public interest’ shall mean any data, not falling under the definition of data of public interest, the making public or accessibility of which is provided for by an Act on grounds of public interest.
This is an important norm as it provides the opportunity to broaden the scope of FOI by including provisions in separate laws in order to make other information public. I have counted 27 such laws. I just mention a dozen of them in order to illustrate the broad spectrum of the FOI:
– Act on national land asset
– Act Consumer protection: the openness of resolutions if the private entity was fined
– Act on Environmental protection: the openness of resolutions if the private entity was fined
– Act on National Assets: every utilization of the assets of the state owned (50% or more of the shares) companies are regarded as data on grounds of public interest
– Act on Concessions: every data related to the contract
– Act on the Possession of Firearms: the register of firearm holders
– Act on Political Parties: name of donors above 500 thousand Forints, every foreign donor
– Public procurement
– Private security companies: name and address of the national park guards
– Personal data related to public functions of persons performing public function (Article 19.§ 4. of the Act of 1992, and 26.§ 2. of the Act of 2011)
Important – and positive change: in the Act of 1992: 19.§ (4) “Unless otherwise provided for by an Act, personal data relating to the sphere of tasks of a person exercising the sphere of tasks and powers of organs laid down in paragraph (1), furthermore the personal data relating to the sphere of tasks of a person performing public function shall be regarded as data public on grounds of public interest. The provisions on access to data of public interest of this Act shall apply to the access to these data.”
The Act of 2011 says in its Art. 28.§ (1): The rules regarding the access to data of public interest shall apply on access to data on ground of public interest. This means, that the procedural rules are applicable in other laws containing provisions that declare information public on the ground of public interest.
III. List of exceptions
1. Classified information
The regulation of classified information is the most drastic restriction of transparency. It is regulated in a separate act (Act CLV. Of 2009) , and its regime differs a lot from the “general” FOI regime. The Act does not assure that information can be classified only when it is necessary, and does not prevent abuse by persons seeking to prevent violations of law and corruption from being detected or to protect the reputation of an organization. Furthermore, the Act does not provide an effective legal remedy in court to access classified information. Additionally, it does not specify whether judges can examine the reasonableness of the classification, or if judges are limited to examining whether or not the documents have been marked “Secret.” The courts only have the right to declassify information if the Commissioner initiates the procedure. If in the course of his proceedings the Data Protection Commissioner finds the classification of certain data – excepting those classified so under an international agreement – unjustified, he shall call on the person or organ by which the data was classified to change or terminate the classification. The classifier may, within 30 days, go to the Metropolitan Court of Justice to have it established that the demand has not been well-founded. As the only – indirect – way for citizens to contest the classification is through the Commissioner, and there isn’t any direct and effective legal procedure to obtain classified information, the independent Commissioner plays a crucial role in balancing between national security and freedom of information.
2. Act of 1992 (19.§ 3) The right to public access can be restricted to specified categories of data of public interest is by an Act in the interest of
a) national defense,
b) national security,
c) criminal investigation and crime prevention,
d) financial or foreign exchange policy of the State,
e) international relations and relations to international organizations,
f) judicial and administrative authoritative proceedings.
The Act of 2011 introduces two new categories in its 27.§ (2):
– intellectual property
– in the interest of the protection of national heritage and natural conservation
I see both interests as legitimate. For instance, someone requested data on archeological sites (maps, and studies), and it turned out that the team used it in order to illegally excavate the sites, causing major damage to the state and to the public interest.
3. Deliberations within or between public authorities concerning the examination of a matter
19/A.§ of the Act of 1992 states the following:
(1) The data prepared or recorded, on which the decision was made during the process aiming at decision making in the field of the sphere of tasks and powers of the organs laid down in paragraph (1) of Article 19 shall not be public until 10 years of their creation. The head of the organ processing the data may permit access to these data taking into account paragraph (1) of Article 19.
(2) The claim for the access to data upon which the decision was made can be refused following the decision making within the period given in paragraph (1), when the access to data would endanger the lawful operational order or the performance of the sphere of tasks and powers void of unauthorized external influence of the organ thus particularly the free publishing of the standpoint creating the data during the preparation of the decisions.
The new act integrates a mandatory deliberation to the head of the organ: The data prepared or recorded, on which the decision was made during the process aiming at decision making in the field of the sphere of tasks and powers of the organs laid down in paragraph (1) of Article 19 shall not be public until 10 years of their creation. The head of the organ processing the data may permit – by taking into consideration the public interest in publishing the data – access to these data.
This means an introduction of a public interest test, which did not exist in the former act. Furthermore, and even more importantly, 30.§ (5) states the following: Whenever the access to data depends on discretionary decision of the head of the organ, the reasons for refusing the access has to be interpreted narrowly, and the refuse is permitted only if the public interest in secrecy overrides that of openness.
This means a general „public interest test” has been introduced in case of discretionary powers. This is very important step forward, as according to the old 19/A.§ (1), the request could have been refused in case of ongoing decision-making process, without any reasoning. We called this “automatic” refusal. Not it is abolished, and the data requestor can present arguments in favor of transparency.
IV. Incorporation of certain provision of the Act on Freedom of Information by Electronic Means
The new act integrates Part I and Part II of the Act on Freedom of Information by Electronic Means. See the attached English version of that law.
V. Procedural changes
Deadlines and fees
According to 20.§ (2) The claim shall be granted by the organ processing the data, as soon as possible after being notified of the claim, but at the latest within 15 days. This remains the same, however, the new Act introduces (28.§ 2.) the possibility of the extension of the deadline for an additional 15 days if the request is complicated or affects huge quantity of data. Nevertheless, the requestor has to be notified on the extension in 8 days after the request has been received. Further setback is that in the case when big quantity of data has to be copied, the data processor might withhold the documents until the fees are paid (29.§ 4). The fees – its maximum per page, the aspects which should be taken in consideration when deciding on it – will be determined in a separate law, a decree by the government. This has not been adopted yet. I see it as positive, because this kind of regulation is missing at the moment, consequently, it is up to the data processor to decide on this issue. Interestingly, the new law permits to appeal against the decision on the fees – currently the only possibility was to petition the Data Commissioner, whose recommendation does not have binding force.
VI. Authority
The new act will replace the independent Data Protection and Freedom of Information Commissioner with an administrative authority.Currently, the commissioner is elected by the Parliament for six years, the present commissioner is in office since 2009. Consequently, his term would have ended in 2015, four months after the next national elections. According to the new regulation, the president of the republic will appoint the head of the authority in November 2011, who starts to function from January 2012. The candidate is named by the prime minister. The term lasts for nine years, and it’s renewable. As the new authority will not be the successor –in legal terms – of the commissioner, this process can be interpreted as the removal of the current commissioner.
- An administrative agency does not enjoy the same independent status as the commissioner, which is an ombudsman. Clearly, the authority will be reluctant to enforce FOI rules and confront with other governmental agencies. As a part of the executive and its dependence on the prime minister (the current president is a former member of the governing party and right hand man of the prime minister), the new authority is likely to become insignificant.
- The right to institute court proceedings, if the request of the data was refused, will not change. Nevertheless, it should be noted that courts only have the right to declassify information if the Commissioner initiates the procedure. If in the course of his proceedings the Data Protection Commissioner finds the classification of certain data – excepting those classified so under an international agreement – unjustified, he shall call on the person or organ by whom they were classified to change or terminate the classification. With an authority loyal to the executive, it will be even harder to fight for the right to know in the universe of classified information.
- The removal of the commissioner before the end of his term breaches obligations under EU law. Article 28. (1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such date requires the following: Each Member State shall provide that one or more public authorities are responsible for monitoring the application within its territory of the provisions adopted by the Member States pursuant to this Directive.
These authorities shall act with complete independence in exercising the functions entrusted to them.” The European Court of Justice ruled in the case C-518/07 (European Commission v. Federal Republic of Germany) that when carrying out their duties – i.e. ensure the fair balance between the fundamental right to the private life and the interest requiring free movement of data – the supervisory authorities must act objectively and impartially. For that purpose, they must remain free from any external influence, including the direct and indirect influence of the state, and not only the influence of the supervised bodies. The Court furthermore held that the mere risk that the scrutinizing authorities could exercise a political influence over the decision of the supervisory authorities, was enough to hinder the latter authorities independent performance of their tasks. In HCLU’s reading, the removal by lawmaking is an unacceptable political influence. (HCLU – jointly with other NGOs – petitioned the European Commission to launch an enquiry.)
However, the Authority will have stronger means to enforce freedom of information laws: the Authority can initiate court process if the data processor does not publish the data in line with the recommendation. Until now, initiating court procedure was only permitted in data protection cases.
Filed under: What's New