It could be read and heard in the media that in the future the usage of IT devices provided by the employer for work purposes is going to be prohibited for private use following the amendment of the Hungarian Labour Code (Mt.). However, the proposed amendment is not limited to the employer’s control of the use of IT equipment. In mid-March the Parliament will consider a proposed legislation which will amend or supplement the provisions of Mt. concerning data processing. Dr. Mónika Kapetz, lawyer of Kapolyi Law Firm provides a brief summary about the most important things on this matter.
In legal areas covered by GDPR (General Data Protection Regulation), the provisions of GDPR concerning data processing have direct effect and became directly applicable in Hungarian law. However, in order to ensure the necessary legal coherence for the application and enforcement of GDPR, it became necessary for the Hungarian Parliament to adopt amending statutory provisions affecting certain sectorial laws.
The employee’s individual rights
The protection of individual rights in labor law is considered to be as priority, particularly because of the subordinate nature of the employment relationship. The protection of individual rights is not absolute. In order to operate properly, the employer shall take certain actions and create internal regulations that may concern some segment of the employee’s individual rights. These include a part of the control measures, the handling of employee data or even ordering tasks from the employee other than specified in the contract. Mt. lays down two important conditions in connection with the employer’s procedure in order to protect the individual rights. This procedure shall be solely and directly related to the proper operation of the employer, and the proper operation of the employer must also be strictly interpreted. The employer may only decide to initiate the procedure if it is strictly necessary, ie. objectively necessary. In addition, Mt. sets out the general requirement of proportionality.
“However, if the amendment will pass, the employer must also inform the employee in advance, in writing, about the circumstances justifying the necessity and proportionality of the limitation. It will give an opportunity to the employee to check the compliance with Mt.’s requirements and the lawfulness of the procedure and to take effective actions protecting his individual rights in case of a breach.” – said dr. Mónika Kapetz.
The new data processing requirements will be defined in a new subchapter of Mt., namely under “Data processing”. The amendment makes it clear, not only the employer but both the work council and trade union are entitled to request a statement or disclosure of data in order to exercise their rights or fulfill their obligations under Mt., furthermore they may request the disclosure of documents as well.
The amendment also makes it clear that the employer may manage health data generated during the occupational medical examination. About this kind of data processing the employee needs to be informed in writing.
Biometric Data Processing
The amendment makes it possible as well that in certain cases the employer may also process the employee’s biometric data in accordance with the requirements of enhanced protection of biometric data. This shall be done only to prevent unauthorized access to a thing or data in case the unlawful access would threat the life, physical safety, health, or any other interest of the employee or others protected by law. Mt. will contain an exemplary list about the values protected by law in case of which the processing of biometrics will be permitted. These such highly protected values could be the protection of classified information at confidential level, custody of firearms, ammunition, explosives, safe storage of toxic or dangerous chemicals, biological and nuclear materials and protection of property of qualified, at least particularly high value under the Criminal Code ie the protection of property worth over fifty million HUF. In accordance with the principle of accountability set out in the Regulation, the employer has to prove that the requirements of the processing of biometric data are met.
What about the certificate of criminal record?
Obtaining the certificate of criminal record by the employer was usually a difficult demand. After the amendment, Mt. will regulate those cases when the certificate might be lawfully processed. Employee’s criminal records may be processed for the purpose of investigating whether the employment of an employee or a candidate in the given job is restricted or excluded by law or by the employer. Limiting or excluding condition may be imposed by the employer if the employment of the person concerned in the given job would result in danger of damaging the employer’s significant financial interests, legally protected secrets, firearms, ammunition, explosives, toxic or dangerous chemical, biological materials or nuclear materials.
The control – usage of IT equipment
The rules on data processing arising from employer’s control powers will also be amended. Within the framework of the amendment will come into effect a rule which entitles the employee to use an information technology, computer tool or system (collectively a computer tool) provided by his employer for the sole purpose of performing his employment, unless otherwise agreed between the employer and the employee. It practically means that the focus of the regulations has been shifted from the exclusion of privacy control to prohibiting private use.
“During the inspection the employer is entitled to check the data stored on the computer tool until he can decide whether or not the data is private. The data required to verify compliance with the above limitation shall be qualified as employment related data. The same apply if the employee uses his own IT device to carry out his tasks as it is agreed between the Parties,” – the lawyer recalls.
In cases where GDPR provides the possibility of collective regulations, regulations of collective agreements may only cover issues not regulated by labor law, since collective agreements may not deviate from the provisions of Mt described above.