The National Data Assets Agency is tasked with publishing information on accessing and using public data, as well as providing access to certain data sets held by public organizations.
In this respect, the Agency plays a key role in providing access to public data at request of individuals or companies. In these cases the Agency first decides to accept the request, then contacts the organizations holding the related data.
For example if a developer works on a software helping farms and agricultural enterprises to access more information on the related land parcel and on this basis makes a data access request, the Agency helps the developer to identify the public registers and organizations, which may hold data on weather, soil and water, forests, wildlife, pollution, cultural heritage protection, real estate and land developments in the respective area.
If the request is made on a market basis (e.g. a bank or an insurance company requiring data for the development of a new scoring system), the approval of the National Data Asset Council (special council of the National Data Assets Agency) is also necesssary, which is composed by the ministers tasked with overseeing the data economy of Hungary. If the approval of the Council is granted or no decision is made within a period to be set out by the respective government decree, the Agency concludes an agreement with the requestor, which can then receive the related data in anonymized form.
In line with the above, the question also arises, how the Agency and public organizations protect the data protection rights of data subjects in case the request of an individual or a company would affect personal data? In these cases the affected personal data need to be anonymized by the public organizations holding such data, prior to making it accessible to the Agency fulfilling the request . The anonymization shall be undertaken with the help of an anonymization key provided by a key service provider and only the anonymized data shall be transferred to the Agency, which provides access to the requestor. In case personal data cannot be anonymized (e.g. the data subject might be indentifiable irrespective of the anonymization), the request shall be denied. The request shall also be denied, if the relevant public data cannot be provided by law, or in cases, where the provision of the data would violate or endanger the national security, national defense or law enforcement related interests of Hungary.
Based on the new Hungarian regime’s agenda on optimizing the use of public data sets, a new data wallet project is underway as well, driven by the National Data Assets Agency. To support this initiative, there are planned new legislative steps to set out the data security standards and legal framework, which would permit data subjects to monetize their own data and exercise their right to informational self-determination.
The above briefly described new Hungarian regime on data ecosystem aims to strengthen the local digital economy and help organizations and individuals to optimize the use of data. It is highlighted that the regime is still being formulated and more information will be accessible in the second half of 2021.
Article provided by: Dániel Necz and Kinga Madocsai (SimpLEGAL, Hungary)
Dr. Tobias Höllwarth (Managing Director INPLP)