GDPR in Hungary: A Road to Hell?
By Zsuzsa Detrekői
EU’s main data regulation was meant to help people get control over their personal data. Instead, it is used to stifle journalism, as a recent case in Hungary shows.
Confused about the difference between freedom of expression and privacy, a Hungarian court adopted last week a preliminary injunction obliging the local publisher of Forbes, an American business magazine, to recall from newsstands the issue of the magazine featuring the list of the richest Hungarians.
The court’s decision was prompted by a complaint from Hell Energy Drink, a large domestically owned energy drink manufacturer, which was annoyed by the appearance of its owners on the list. Hell Energy Drink argued that Forbes breached its owners’ privacy.
Although the decision is not final, the magazine was immediately withdrawn from newsstands and the names of Hell Energy Drink’s owners were removed from the online version of the list.
Clearly, freedom of expression is unknown to them.
Protecting Data or Journalism?
Run by a Hungarian family, Hell Energy Drink was founded back in 2006. Within three years, it became the largest energy drink manufacturer in Hungary. The family has always kept a low profile, using all means, including legal ones, to discourage journalists from publishing articles about them. In 2013, they sued Origo, one of the most read news portals in Hungary asking for compensation worth €330,000 Euro, an extremely high amount by Hungarian standards. They accused Origo of defamation in an article that spoke about the rise of the company. In 2015, the court ruled partly in favor of the family, and ordered Origo to correct their statements and issue an apology.
In their case against Forbes, Hell Energy Drink invoked the General Data Protection Regulation (GDPR), EU’s key data law, which took effect in 2018. Through GDPR, the EU aimed primarily to give control to individuals over their personal data. However, it seems to have unintended, and serious, consequences for press freedom.
The relation between free press and privacy is not clearly covered by the GDPR. Its 153 recital states that
“Member States law should reconcile the rules governing freedom of expression and information, including journalistic, academic, artistic or literary expression with the right to the protection of personal data pursuant to this Regulation.”
The regulation also states that processing of personal data solely for journalistic purposes “should be subject to derogations or exemptions from certain provisions” of the GDPR if reconciling the right to the protection of personal data with the right to freedom of expression and information is necessary. GDPR also states that this “should apply in particular to the processing of personal data in the audiovisual field and in news archives and press libraries.”
To be able to do so, governments across Europe need to adopt legal provisions laying down the list of such exemptions and derogations. However, such provisions have not been adopted yet anywhere in Europe (including Hungary), according to our last count.
Learning Legalese
The decision of the court in the Forbes case is an extreme interpretation of the GDPR, jeopardizing the way news media operate. According to GDPR, all data processing requires a proper legal basis. As all news articles usually contain names or other personal data, newspapers are legally obliged to find a legal basis for publishing such information.
Four out of the six legal bases put forward by the regulation do not fit the news media case. They include performance of a contract, compliance with a legal obligation, performance of a public task and protection of “vital interests.” Especially when press articles are critical, to imagine that media outlets could get the consent of the people (the data subjects) criticized in articles is absurd.
Therefore, the only legal basis for news media to use personal data in articles is the so-called “legitimate interest.” To demonstrate that legitimate interest allows publication of such data, a three-part verification needs to be carried out before publishing any article. This verification consists of a legitimate interest test (why the story serves the public interest), a necessity test (how the publication of names and personal data is needed to make the article informative) and a balancing test (demonstrating that the interest of the public to know about the topic covered in the story exceeds the individual’s interest to keep its personal data hidden from the public eye).
Running such a verification process for each article, however, is a labor intensive, time consuming effort for any news media organization.
All in Private
Privacy is obviously a very important civil right, especially today when personal data is crucial to running companies, institutions and even whole economies. The problem, however, is that the balance is rapidly shifting towards protecting privacy at any cost, even by hurting freedom of expression, which is also a basis of democracy.
The Hungarian case is a perfect example. To protect the right to freedom of expression, courts need to interpret broadly work related to that freedom such as journalism. The Hungarian court was far from broadly interpreting freedom of expression when it made its decision in the Forbes case.
Yet more EU laws on privacy are likely to further hurt independent reporting. ePrivacy, a new EU law that is now being drafted, is expected to extend data protection to legal entities. If it does, it would further complicate efforts to report independently and most likely lead to a total loss of transparency, which helps corruption to thrive.
In its glorification of privacy, Europe seems to lose commonsense.
Zsuzsa Detrekői is a TMT lawyer and the former general counsel of a major Hungarian online content provider. Currently she is legal counsel of a major ISP in Hungary. She also provides legal support for the Association of Hungarian Content Providers. Her research area is online content and internet related regulations about what she wrote her thesis on and achieved PhD in 2016. She is a Fellow at the Center for Media, Data and Society.
