Judit Varga called her new career path a childhood dream come true. Continue reading
Átlátszó has obtained a document showing that opposition leader Péter Magyar’s Tisza Party secretly and illegally compiled a list of its volunteers and supporters. The leaked database contained personal data (names, contact details) as well as classifications, ratings, and comments, in many cases including information about political views, private life, and even sexual orientation.
The majority of the volunteers interviewed confirmed that they had a contract with the party and had signed the GDPR declaration, but had not received any official information about the details of data processing or the data leak.
Péter Magyar previously claimed in a Facebook post that the list was leaked from one of the party’s Discord groups as a result of a Russian smear campaign, but he has not yet provided any evidence of a cyber attack. The assessments on the list—such as “committed, self-employed, family member of Fidesz”—suggest that the person who compiled it had access to internal information.
The case, which has been made public, raises serious data protection and legal concerns, according to Constitutional lawyer Zoltán Lomnici Jr., who told M1 that four main sources of law apply to data processing in Hungary or in relation to activities in Hungary:
the Fundamental Law, the Act on the Right of Informational Self-Determination (Infotörvény), the EU Charter of Fundamental Rights, and the GDPR.
He emphasized that the provisions of the Infotörvény are particularly relevant, as they clearly define what constitutes personal or special data. Political affiliation, for example, is clearly considered special data, the processing of which is only lawful under strict conditions.
The Criminal Code also provides for sanctions for this type of abuse. If the data processing is unlawful and causes significant damage, the perpetrator may be punished with up to two years’ imprisonment, especially if the abuse concerns special data. Zoltán Lomnici Jr. added that the misuse of personal data can only be committed intentionally. Therefore, categorization and classification in itself constitute a violation of the law.
According to the lawyer, civil liability for damages may also arise if those on the list suffer harm as a result of the data processing. Human error and intentional disclosure of data are also possible scenarios, but the case itself may already give rise to suspicion of misuse of personal data.
Via hirado.hu; Featured photo: Pexels