The European Commission underlined its commitment to data protection on Wednesday by referring Hungary to the European Court of Justice (ECJ) over the independence, or lack of it, for its national data protection authority.
Under Hungary's new Constitution, which became law on Jan. 1, a new National Agency for Data Protection was set up to replace the former Data Protection Commissioner's Office. According to the Data Protection Directive, E.U. countries must establish a supervisory body, which acts in complete independence, to monitor the application of the directive. The independence of data protection authorities is also explicitly required by Article 16 of the Treaty on the Functioning of the E.U.
However, in setting up the new agency, Hungary prematurely ended the six-year term of the data protection commissioner, whose term of office was not due to finish until September 2014. The personal independence of such a data protection supervisor includes protection against removal from office, a key requirement of E.U. law.
According to the Commission, in removing the commissioner from his post two years and nine months earlier than required, Hungary violated the independence of the supervisory authority, which is why it decided to take the matter to the ECJ.
In 2010 the court ruled that the mere risk of political influence through state scrutiny is sufficient to hinder the independent performance of the supervisory authority's tasks.
A second case regarding the retirement age of judges, prosecutors and public notaries in Hungary was also referred to the ECJ on Wednesday.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.