CEE Legal Matters

Category: Hungary

  • Amendments to the Hungarian Data Protection Act

    The Hungarian Parliament has recently adopted legislation with the aim of harmonising the national data protection rules with the rules of the GDPR, and supplementing the national rules in areas not regulated by the GDPR. The Parliament adopted Act XXXVIII of 2018 (“Amendment”) in an extraordinary session and the new regulations entered into force on 26 July 2018.

    For background, the entry into force of the GDPR created a “patchwork” regulation in which besides the GDPR, the national data protection act – Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Act”) – and several sectorial laws remained in force in unchanged form. This led to contradictions in the regulations and general legal uncertainty surrounding the topic. Though the new legislation is not a comprehensive review of all data protection-related regulations, it aims to clarify some important issues regarding the parallel application of the GDPR and the Act.

    Scope of application of the Act

    Unless otherwise prescribed by law or European regulation, data controllers or processors must apply the rules of the Act if

    a) the controller’s main establishment or the controller’s only place of business within the EU is in Hungary or;

    b) the controller’s main establishment or the controllers’ only place of business within the EU is not located in Hungary, but the data processing activity is connected to

    • providing goods or services to data subjects staying in Hungary or 
    • monitoring data subjects’ behaviour inside the territory of Hungary.

    Most important novelties

    Below we summarise the most important rules of the Amendment, which change the current legislation and/or supplement the GDPR:

    (i) Legal base of mandatory data processing: If the data controller must process personal data to comply with its legal obligation, the legal base of the data processing activity must be based on an act issued by the Hungarian Parliament or a decree issued by the local government. If such laws (act or the local government’s decree) do not provide a legal basis for the data processing activity, but the processing is necessary to the controller to fulfil its tasks set out by law, the controller must obtain the prior consent of the data subjects.

    (ii) Mandatory review of data processing activity: If the data processing is mandatory (i.e. required by law), and the period or the necessity of revision of data processing activities is not determined by law or an EU act, the controller must revise its data processing activities at least every three years. The aim of the review is to decide whether the data processing activity is still necessary to achieve the original purpose. The revision must be documented and be retained for ten years.

    (iii) Examination of the data subject’s request: The controller must provide information on action taken at the request of the data subject within 25 days.

    (iv) Rights of deceased persons: In five years after the death of the data subject, his/her rights relating to data processing may be exercised by an authorised person. In the absence of an authorisation, close relatives are entitled to exercise the deceased person’s rights.

    (v) Abolishment of the central data protection register of the authority: The Amendment abolishes the requirement of registering data processing activities with the supervisory authority. As a result, data controllers may process personal data without registration. Controllers will be required to keep their own registers as required by the GDPR.

    Summary

    The Amendment represents a significant step in harmonising the national legislation with the GDPR, but it leaves some loopholes (e.g. harmonisation of the sectoral data protection rules). These will presumably be subject to broader data protection reform that is expected in the autumn session of Parliament. In this transition period, the assistance of qualified legal advisors to achieve compliance with the GDPR and the multiple national data protection laws is of even higher importance.

    By Daniel Gera, Counsel, Dorottya Gindl, Associate, Schoenherr

  • Daniel Varga Rejoins Schoenherr Budapest as Head of Regulatory Team

    Daniel Varga Rejoins Schoenherr Budapest as Head of Regulatory Team

    Schoenherr Hungary has welcomed back Attorney at Law Daniel Varga, who, after leaving the firm to join DLA Piper in 2015, re-joins to head its regulatory team in Budapest.

    According to Schoenherr, Varga “brings extensive knowledge of energy projects, public procurement law, and other regulatory matters. His experience also covers the development of industrial and infrastructure investments, including electronic waste management plants and industrial facilities. Daniel also brings significant M&A know-how, which he gained in his previous position as senior attorney advising on major transactions in the energy sector.”

    “We are happy to welcome Daniel back as the head of our regulatory practice group,” said Schoenherr Hungary Managing Partner Kinga Hetenyi. “Recently we have been advising on an increasing number of energy law-related mandates. Having seen the growing demand for high-quality regulatory advisory services, we found it vital to grow our professional practice in this field. Daniel brings a number of important attributes to the firm such as his international expertise and extensive knowledge of the energy sector in CEE.”

    Varga graduated from Pazmany Peter Catholic University, Budapest in 2009, and the Legal Postgraduate Institute of Eotvos Lorand University, Budapest in 2011. He initially joined Schoenherr in 2012. According to he firm, “in addition to advising numerous sizable clients in the field of regulatory, he has also been involved in various real estate mandates throughout his career, including the development of industrial properties, acquisition and sale of agricultural lands, and environmental projects.”

  • Hungary Reconsiders the Banking Transaction Tax to Promote Electronic Payments

    The Hungarian banking transaction tax drives market players and private individuals to use cash rather than electronic payment methods. Eighty per cent of all payment transactions were in cash last year. But extensive use of cash negatively impacts the economy in several ways, such as the high cost of maintaining a large cash volume, easier tax evasion and expansion of grey and black markets.

    The current rules

    Under the current Hungarian regulation, electronic money transfers are subject to a 0.3 % banking transaction tax. The tax liability theoretically falls on the banks, though in practice banks pass the cost onto clients via their fees. This compels clients to seek alternatives, such as extensive use of cash.

    The plan

    With the forthcoming PSD2 framework, the competition and innovation of payment services are to be promoted within the EU. Hungary has already implemented the directive and the Hungarian National Bank aims to introduce an instant money transfer system by 1 July 2019, where electronic payments must be processed and completed within five seconds. 

    The implementation

    This sounds promising, but who will use the instant money transfer system if cash offers Hungarians the same speed for lower costs? Realising the hurdles, the Hungarian parliament amended the current regulation on 20 July 2018, with the aim to boost electronic money transfers by forcing banks to reduce their banking fees, and as of 1 January 2019 transactions by private individuals worth less than HUF 20,000 (approx. EUR 65) will no longer be subject to the banking transaction tax. Market players generally pushed for a considerably higher threshold, as grocery shopping, most online purchases and the like will remain subject to the banking transaction tax and this partial relief might not be enough to convince people to use electronic means of payment instead of cash.

    By Gergely Szaloki, Local Partner Schoenherr

  • The Buzz in Hungary: Interview with Andras Daniel Laszlo of Laszlo Fekete & Bagamery

    The Buzz in Hungary: Interview with Andras Daniel Laszlo of Laszlo Fekete & Bagamery

    “The beginning of 2018 brought a comprehensive transformation of legal procedures in Hungary,” reports Andras Daniel Laszlo, Partner at Laszlo Fekete & Bagamery. “Procedural rules changed, from the most basic public administrative procedures, like renewing an ID or applying for a building permit, through commercial litigation and arbitration procedure, including also tax, and, as of July 1, criminal matters.”

    According to Laszlo, “these new rules give a lot to talk and think about for lawyers. For businesses, they increase the importance of sophisticated legal advice and the value added by high quality legal work.”

    “The new code on general public administration procedures, which touches upon most government functions, is more modern and client-oriented,” Laszlo reports, adding that “it contains a lot of new institutions aiming to speed up legal processes and make them more efficient.” In addition, he says, “similarly, the new code on administrative litigation is also more focused. For lawyers, this is also a challenge, because the new rules do not only prevent bad faith tactics, but also severely sanction procedural mistakes.”

    As Laszlo explains, the rules of Hungarian tax procedure were also totally revised. “Instead of a uniform code we now have an interconnected system of laws and implementation decrees. The complexity of the regulation is both a challenge and an opportunity for attorneys, because it requires more sophistication when it comes to business tax disputes and strategic advice,” he says. “Since new materials can only be introduced during the first phase of the tax audit, lawyers must have a perspective on the entire procedure from the very beginning of a tax investigation until the very end, maybe even before the Curia [the Supreme Court of Hungary — ed.] or the European Court of Justice.”

    The new Hungarian Criminal Procedure Code, Laszlo says, also reflects a new mindset, aiming to speed up and streamline procedures. “It contains a number of new institutions,” he says, “and more importantly, it introduces an early preparatory hearing, which aims to structure the procedure more efficiently. There are also several ways of cutting short the procedure if the person being charged pleads guilty.” At the same time the new Code puts more emphasis on the protection and promotion of the rights of victims. “This makes sense,” he explains, “because they are the ones truly affected by the crimes, so they should be part of the process.”

    When asked about the much-discussed new Civil Procedure Code and new Arbitration Act, dispute resolution specialist Laszlo adds that their modernization was vital and long overdue. “The availability of efficient, cost effective, well-functioning legal remedies for businesses is an important element of the competitiveness of a country. The reform of both regular court and arbitration procedures will add to Hungary’s attractiveness.”

    When asked how these innovations are affecting firms and companies, the Laszlo Fekete & Bagamery Partner says that “the acts are generally pointing in a good direction, and their objectives are good, but their implementation could have been better prepared, and more thought through.”

    “Some of them are understandable and certainly it was about time to change them — for commercial litigation, for example, we were still using an act from 1952,” he says. “But there is a lot of insecurity right now connected to some of the new acts. I think eventually they will work. For now, their complexity poses a lot of challenges for businesses and lawyers, but is also a good opportunity to sophisticated firms.”

    Finally, turning briefly to an overview of the Hungarian business sector, Laszlo emphasizes that M&A has been booming for a long time now — he says that he and his colleagues continue to see lots of TMT and IT deals, and that the health and manufacturing sector is also receiving serious investments both from Hungarian and international entities. “The real estate sector is also booming, we see both green-field developments and transactions,” Laszlo says, “as a dispute specialist firm, we see this also reflected in the growing number of construction disputes.”

    In addition, regulatory matters — such as, primarily, the challenges posed by the GDPR — are always on the table. In this respect a notable recent amendment of Hungarian legislation requires the Data Protection Authority to apply the principle of proportionality and as a general rule to only give a warning for first time violators. “It is not an absolute rule, evidently, and if it is an outrageous breach they can take severe steps as well, but for minor cases, at their first breach companies will only get a warning,” explains Laszlo, adding that “this amendment came as a huge relief to many Hungarian companies.” 

     

  • Facing the Public After the GDPR: How to Draft Privacy Notices

    Based on the transparency requirements of the GDPR, companies must now provide more detailed information on data processing. The usual form of relaying this information to the public is through a privacy notice. Now that May 25, 2018 is fast approaching and companies are working towards GDPR compliance, such privacy notices must be finalized.

    GDPR-compliant privacy notices are critical because they represent the first time that individuals (and data protection regulators) are informed of a company’s privacy practices. On April 11, 2018, the EU’s Data Protection Working Party published its final Guidance on Transparency under the GDPR. It remains to be seen whether this Guidance will bring clarity or raise questions over the next six weeks for those companies involved in GDPR preparation. 

    The Form Privacy Notices Should Take

    The GDPR contains 173 introductory paragraphs, 99 articles, and a long list of contents. The Guidance is 35 pages long. Nevertheless, the GDPR requires that privacy notices be concise, easily accessible, and easy to understand, and that clear and plain language be used. The Guidance also notes that companies should present their privacy notice efficiently and succinctly in order to avoid “information fatigue” among the public. Compliance with these multiple, often conflicting expectations is one of the biggest challenges of the GDPR project, given the large amount of privacy information to be communicated. Companies must now demonstrate their compliance with the transparency principle by testing the intelligibility of their privacy notices and the effectiveness of the interfaces being used (websites, dashboards, direct communications) – if indeed they have the time for testing during the final weeks of GDPR preparation.

    Information About “Legitimate Interests”

    In addition to outlining the purpose of personal data processing, the privacy notice must identify the relevant legal basis of the GDPR. The GDPR also gives companies the flexibility to rely on their “legitimate interests.” For example, affiliates may have a legitimate interest in transmitting data within their group for internal administration. The existence of a legitimate interest would need careful assessment through a “balancing test,” which is usually a three to five page long document, prepared for internal purposes in the company. Given the internal nature of the balancing tests, many companies do not prioritize them as part of their GDPR preparations. The new Guidelines now state, however, that the privacy notice should also provide the public with information from the balancing test, which highlights its importance.

    Details on Data Transfers

    Currently, most privacy notices contain only a general description of recipients (e.g. “service providers” and “affiliates”). Under the GDPR, the default position is that a company should provide information about named recipients. The privacy notice should also explicitly mention all countries outside the EU to which the data will be transferred. Considering the complexity of data flows in a company’s day-to-day operations, it may be difficult to comply with this requirement. Hence, it may help if companies identify all recipients during data mapping at the beginning of their GDPR preparation, and then transpose this information into the privacy notice.

    Information on Data Storage

    It is not sufficient to generally state in the privacy notice that personal data will be kept as long as necessary for the legitimate purposes of processing. Where relevant, the different storage periods should be stipulated for different categories of personal data and different processing purposes. This should not be a problem for companies that used archiving in their data mapping exercise. This may, however, be challenging for other companies – like pharmaceutical firms – whose data retention practices are dictated by factors such as statutory requirements and industry guidelines.

    Changes in the Privacy Notices

    Before the GDPR, companies usually advised customers to check the most updated version of the privacy notice on the company’s website. Now the Guidelines state that companies must communicate fundamental changes (or any changes) to privacy information which impact people. This communication must take place well in advance of the change actually going into effect. Such changes include alterations in the data processing purpose, the data controller’s identity, or how individuals may exercise their rights. In practice, the most explicit and effective notification method is email and post, which is how the T&Cs of financial institutions and telcos have traditionally communicated with the public. Since companies must now revisit this issue, they are in a position to test and select the best way to communicate the upgraded, GDPR-compliant privacy notices to employees and customers.  

    By Marton Domokos, Coordinator of CEE Data Protection Practice, CMS

    This Article was originally published in Issue 5.5 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

  • Expected changes in the Hungarian VAT reclaiming practice

    On the basis of current practice of the Hungarian tax authority, Hungarian taxpayers are not always able to recover value added tax they pay even the Court of Justice of the European Union had stated the possibility of VAT reclaiming.

    This is the case for example, when the seller charged VAT, although he would not have needed to do so (i.e. the buyer paid the VAT improperly to the seller and the seller paid VAT unnecessarily to the tax authority). The relating decision of the Court of Justice in a Hungarian case stated that, contrary to the current Hungarian practice, the buyer may reclaim the VAT directly, without attempting to recover the amount from the seller.

    The Court of Justice declared the same in similar situations, for example, the VAT can be reclaimed by the customer even if a contractor not performing under an agreement and refusing paying back the advance paid by the customer, or when a claim becoming irrecoverable but the party has performed his obligation derived from the agreement (also paying the VAT). According to the Court of Justice, in such cases, VAT neutrality can only be ensured if the right of reclaiming the VAT is not denied from the customer/beneficiary, and the current practise of the Hungarian tax authority must be changed.

    By Eszter Kamocsay-Berta, Managing Partner, KCG Partners Law Firm

  • The first BIM Handbook in Hungary is available

    The first Hungarian BIM Handbook has been prepared and published on the website of Lechner Tudásközpont on 22 June 2018, free of charge. Building Information Modelling (BIM) is a new approach to design, construction and facility management, where the digital representation of the building process is used to facilitate the exchange and interoperability of information in digital format. BIM is beginning to change the way buildings look, the way they function and how they are designed and built.

    The purpose of the BIM handbook is to serve as a guideline to owners, managers, designers, engineers and contractors by providing them a new point of view. The handbook will consist of 4 volumes and the first part that is available now provides details about the most important definitions and principles, like LOD (Level of Development) and LOI (Level of Information).

    For the preparation of the handbook, standards and guidelines of 12 countries and also the ISO standards had been taken into consideration.

    By Gabriella Galik, Partner, KCG Partners Law Firm

  • Competition: Leniency After the Antitrust Damages Directive in Hungary: A Compromise Between Private and Public Interests?

    Fighting against cartels has always been crucial to protecting fair competition and fostering economic growth. A proper leniency program is an important instrument for the competition authorities, allowing them to uncover and penalize such anticompetitive conduct.

    In this article we examine the major changes of the Hungarian leniency program after the implementation of the EU Antitrust Damages Directive (Directive 2014/104/EU (the “Directive”)) and the key factors to consider with respect to private enforcement before applying for leniency.

    Battle of Interests

    Leniency applicants may be rewarded with full immunity from fines if they are the first to notify the Hungarian Competition Authority (HCA) of the yet unknown cartel and provide sufficient information to conduct a dawn raid or to prove the existence of the cartel. If they are not the first, but they supply additional evidence that corroborates the findings of the HCA, they can obtain a significant reduction of the fine. Recipients of full immunity enjoy a favorable position in private enforcement cases. 

    On the other hand, there is increasing demand from harmed customers/parties for the highest possible compensation for damage caused by cartels. Otherwise they might feel that their legitimate interests in getting compensated is secondary to the interest in protecting the company, which – despite cooperating with the competition authority – still committed the infringement.  

    In seeking to create a balance, the Directive provides guidance on two major private enforcement issues: (i) access to leniency files for the harmed parties, and (ii) the extent of liability of the members of the cartels for damages.

    Access to Leniency Statements

    In leniency statements, the undertaking applying for leniency is required to describe the functioning of the cartel. Providing full access to these files might deter members of the cartel from cooperating with authorities, as doing so could expose them to third-party litigation. 

    The Hungarian legislator already protected leniency statements prior to the implementation of the Directive. Since July 2014, the Competition Act has authorized the HCA to deny access to its files if disclosure would jeopardize the successful application of the leniency program. The HCA and the courts were therefore left to balance the private interests of consumers and the public interest in protecting leniency applicants on a case-by-case basis.

    Following the implementation of the Directive – which is also applicable to ongoing proceedings initiated after December 2014 – leniency statements and settlement submissions enjoy absolute protection. They may never be disclosed, even by court order. If the claimant specifically asks for a document to be disclosed, the court will assess whether the document in fact falls within the protected category.

    Liability of an Immunity Recipient for Damages

    Only leniency applicants granted full immunity from fines are – to a certain extent –  protected by law from the payment of damages. 

    For infringements committed after June 2009, immunity recipients (if the HCA granted the immunity) were entitled to refuse to pay the cartel damages as long as the entire amount could be enforced from other liable members of the cartel. Once they paid, these other members could then claim a contribution from the immunity recipient to the extent of its fault in the infringement, and this amount was not limited. 

    After the implementation of the Directive, however, the immunity recipient – regardless of which EU competition authority grants the immunity – is only jointly and severally liable to its direct and indirect purchasers and suppliers in case of infringements committed after January, 2017. The other injured parties may only seek redress from the immunity recipient if full compensation cannot be obtained from its co-offenders. Co-offenders, along with leniency applicants granted only a reduction of the fine, face unlimited joint and several liability towards those who suffered damages as a result of the cartel.

    The contribution which the other cartel members can claim from the immunity recipient is now limited to the amount payable to its purchasers and suppliers. 

    Takeaway

    Although we expect a significant increase in the number of damages claims, immunity recipients remain protected compared to other cartel members. Before submitting a leniency application, however, a leniency applicant must carefully assess the above implications in damages lawsuits.

    By Anna Turi, Head of Competition, Mark Kovacs, Associate, Schoenherr

    This Article was originally published in Issue 5.5 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

  • Posts in social media must respect the right to privacy

    The Hungarian Ministry of Justice proposed new bills on the freedom of assembly and the protection of privacy to the Hungarian Parliament on 26 June 2018.

    With regard to the current Act on the Freedom of Assembly, the Hungarian Constitutional Court had stipulated constitutional breaches several times that manifested in the lack of proper legislation. In 2016 the Constitutional Court called upon the legislature to harmonise the criteria of the freedom of assembly and of the protection of private life. 

    The new bills would guarantee the protection of private life and the sanctity of the private home, and offers protection against every type of harassments. The protection of privacy includes increased protection against harassment via Internet, which means that the individual’s honour and right to privacy must also be respected in the social media.

    By Tamas Virag, Attorney at law KCG Partners Law Firm

  • No need for attorneys for the sale of land of low value in Hungary?

    The Hungarian Chamber of Agriculture (HCA) submitted a package of proposals to the Hungarian Parliament in June 2018 with the aim of improving the competitiveness of Hungarian agriculture.

    The package includes a proposal to abolish the obligation to be represented by an attorney at law in relation to the sale and purchase of an agricultural land, provided that its value does not exceed HUF 500,000. According to the new concept, such sale and purchase transactions could be carried out with the assistance of the Hungarian Chamber of Agriculture, however, the obligation to obtain the approvals of the relevant land protection authorities would be maintained. The Hungarian Chamber of Agriculture would also provide legal assistance in relation to the conclusion of agricultural leasehold contracts.

    The aim of this proposal is to facilitate the reorganisation of the currently fragmented land structure in Hungary, by reducing the costs related to the sale and purchase of small plots.

    By Gabriella Galik, Partner, KCG Partners Law Firm