In the lengthy list of the Hungarian government's sins that led the European Parliament to launch disciplinary proceedings earlier this month — an unprecedented step — lurked multiple offenses on the privacy and data protection fronts.

On Sept. 12, the European Parliament for the first time invoked Article 7 of the Treaty on European Union, by approving a report into Hungarian failings by Judith Sargentini, a Dutch MEP. Article 7 is intended to deal with member states that seriously and persistently breach EU values — it has only ever been invoked once before, regarding Poland last year, but the European Commission pulled the trigger that time.

As the Polish experience has shown, the initiation of the process can be followed by a long period of … well, not very much. The ultimate result — the suspension of the target's rights, including its voting rights in the Council of the EU — can only follow the unanimous decision in Council that a serious and persistent breach has taken place. And Hungary and Poland, whose hard-right governments share a mutual antipathy toward such things as an independent judiciary, have one another's backs.

So, while it's technically possible that Viktor Orbán's government could end up having no say in issues such as the upcoming ePrivacy Regulation, data protection lawyers in Hungary are not terribly concerned.

"The majority of experts, journalists and people in Hungary believes that the Article 7 procedure will lead to no serious sanctions (like suspending voting rights)," said Zsolt Tolnai, a privacy expert and partner at Tolnai Law Firm in Budapest. "The EU procedure is complex with many bottlenecks and there are a lot of political shenanigans involved which point far beyond the actual issues with Hungary.

"The ePrivacy Regulation is still quite unknown in Hungary, so I would be surprised if anyone associated Article 7 with the ePrivacy Regulation at present," Tolnai added. "People seem to be not worried at all because of Article 7 (in terms of business)."

Budapest attorney Tivadar Krisztián said, "I assume that both the Hungarian government and EC politicians will negotiate in order to avoid the sanctions. Further, I trust that the Hungarian government will back off in the last minute, as it has done so in connection with some other important issues in the past. I sincerely hope that Mr. Orbán is just doing a new variant of his 'peacock dance' and not really willing to hit the wall."

Nonetheless, the invocation of Article 7 is a serious slap in the face that highlights the reasons behind such a weighty decision. And in Hungary's case, serious privacy and data protection issues are on the roster of concerns, alongside corruption and limits on various other freedoms.

The big issue here is surveillance, and the first related element of the Sargentini report was the 2016 judgment of the European Court of Human Rights in the case of Szabó and Vissy v. Hungary.

The litigants, Máté Szabó and Beatrix Vissy, worked for a civil society NGO called the Eötvös Károly Institute. They made a constitutional complaint in 2012 about the fact that Hungarian law did not give them sufficient legal guarantees against secret surveillance for national security purposes, including telecommunications surveillance, and the ECtHR eventually came down on their side, confirming Hungary's failure to uphold Article 8 of the European Convention on Human Rights, which guarantees privacy.

Hungary was supposed to then fix the problem. But fast-forward to April this year and, as also noted in the Sargentini report, the UN Human Rights Committee issued a lengthy report on Hungary. The committee pointed out that, among other things, Hungary's legal framework on secret surveillance for national security purposes was insufficiently transparent and lacked safeguards.

"[Hungary] should ensure that all laws and policies regulating secret surveillance are in full conformity with its obligations … including the principles of legality, proportionality and necessity; that effective and independent oversight mechanisms for secret surveillance are put in place; and that the persons affected have proper access to effective remedies in cases of abuse," the UN document, cited in the Sargentini report, stated.

According to Szabó, who along with Vissy works these days for the Hungarian Civil Liberties Union, Hungary's mass surveillance has if anything gotten worse since the ECtHR ruling.

"Related to [the ECtHR] ruling, there is an ongoing procedure on the implementation of that judgement," Szabó told The Privacy Advisor. "The Hungarian government is in correspondence with the Committee of Ministers of the Council of Europe, who control the implementations of the judgements, but [so far] the Committee of Ministers was not satisfied. There is no satisfactory solution from the Hungarian government for closing that case."

As Krisztián explained, since the Szabó and Vissy v. Hungary ruling, the government changed the law to ensure that secret surveillance by the police needed court authorization, but it didn't change the relevant part of the legislation that governs the activities of the secret services, and the justice minister retains the power to authorize such surveillance in some cases. There is also a gray area as to how many times the 90-day validity of a surveillance warrant can be renewed.

The systemic problem here remains far from resolved, said Szabó. However, he added, the initiation of the Article 7 procedure against Hungary could help matters.

"It will have an indirect effect. Today, there is no structured dialog between the institutions of the EU and member states of the EU on these matters. The Article 7 procedure gives an opportunity to have a structured dialog," Szabó said. "Of course there is a possibility of using some sanctions at the end of this procedure, which gives some seriousness to this procedure. Obviously no one wants to get these sanctions used, but the dialog is so important."

Szabó noted that the Hungarian government is supposed to produce a new draft on fixing its surveillance regime anytime now — the draft was due this spring but hasn't appeared yet — and said the Sargentini report might have some kind of influence on it. "I believe in the effect of any kind of deliberation, and the Sargentini report is a good starting point for deliberating these issues," he said.

The Sargentini report had one more story to tell regarding data protection and the Hungarian government; a story with a happier ending. In 2012, the government introduced new rules that effectively booted out Data Protection Supervisor András Jóri before his full term had expired. However, after the Court of Justice of the European Union said this amounted to a contravention of the 1995 Data Protection Directive, the government fixed its rules, apologized to Jóri and paid compensation.

photo credit: mikecogh via photopin