This unprecedented global pandemic has created more privacy concerns than anyone was fully prepared to deal with. Governments want to keep their populations safe and reduce their people’s dependency on already overtasked healthcare systems, and they’ve yet to find a suitable solution that values the privacy of patients. Hungary’s government has decided that suspending GDPR privacy protections as part of its response to COVID-19 was a suitable solution. Privacy experts disagree.
What is GDPR?
The GDPR, or General Data Protection Regulation, is Europe’s solution to data privacy. The GDPR applies to every entity that collects data that pertains any way to citizens of the European Union. GDPR compliance is enforced with extremely high fines. Any entity found to be noncompliant with the guidelines for data safety and privacy imposed by GDPR is subject to fines designed to nearly bankrupt the company, motivating entities to heavily monitor their compliance.
The GDPR is designed to make companies honest about what data they’re collecting, fully informing users of what will be stored. They are only allowed to collect the minimum amount of data, and use it for a very small assortment of purposes. All data must be accurate and stored securely, encrypted and treated with the highest sense of confidentiality.
Overall, the GDPR is a strong policy that highly prioritizes data safety and the control of personal information for everyone in the European Union. The bill works fantastically – when it is allowed to work.
Governments Like Hungary’s Are Taking Liberties
Some of the most private and confidential information about any individual is their medical data, which also needs to be handled according to GDPR standards. In the wake of the pandemic, the Hungarian government has given themselves permission to stop abiding by GDPR guidelines. By claiming a state of emergency, the government has given itself unfettered access to all data about every individual and full permission to use that data as they see fit.
The government claims that pausing the GDPR will help them track the spread of the virus, allowing them to enact useful preventative measures and affording them with an opportunity to recognize patterns or infected individuals. The problem with the state of emergency used to remove these protections is that it isn’t the standard state of emergency – technically, the government can have access to everyone’s private data for forever.
This State of Emergency Could Last For Eternity
Hungary’s Parliament had previously constructed states of emergency to last for fifteen days before needing revision and renewal. The COVID pandemic inspired a new bill that would allow for an indefinite state of emergency without this revision or renewal period. This means that Parliament has given themselves long term permissions, from now until forever, to circumvent GDPR on the grounds of emergency.
The ruling party responsible for enacting the measure sits in a supermajority. There will be no opposition to this indefinite rule change – it can last for as long as the ruling party lasts. One lone politician, Barnadett Szel, is attempting to oppose the longstanding measure in Hungary’s Constitutional Court. While her priorities are correct, it is safe to assume that she will not be able to successfully counter the supermajority’s measures.
What Hungarian Citizens Can Do
Vocally opposing the measure is not enough. Taking actionable steps to protect their own privacy and take matters into their own hands moving forward is the only viable option. People in Hungary should exclusively use VPNs (like TorGuard) when accessing the internet, check the third party permissions of any apps they use, and avoid answering unnecessary questions or providing unnecessary data to anyone. The government will always have access to the things they have access to.