Why was the search of the whistleblower’s home unlawful?

Whistleblower protection (or the lack thereof) has long been in the centre of the attention of the Freedom of Information Program of the Hungarian Civil Liberties Union. The latest development in this issue was the adoption of the new whistleblower act came into effect on January 1, 2014. We have closely monitored the legislative process and also the practice of responsible state bodies are under scrutiny as it is evolving now in light of the loopholes in the law. The applicability of the new legislation is one of the key issues of this case which might determine whether the procedures of the government are considered unlawful.

On 19 December 2013, police officers searched the home of András Horváth and seized several hundred pages of documents and computer storage media. Represented by the legal aid services of the HCLU, András Horváth sought legal remedy for the coercive measures against him.

In its order of 22 January 2014, which we only received on 10 February 2014, the Central District Court of Buda (BKKB) declined our latest proposal as well – unjustifiably in our opinion.

It is worth summarising the developments of the procedure against András Horváth so far, as it includes several anomalous and unlawful elements.

1. Denunciation by the NAV

A criminal complaint for the misuse of personal data by a public official was lodged by the head of the Regional Taxation Directorate-General of Central Hungary of the NAV (Mrs. Csilla Tamásné Czinege).

András Horváth is still not a suspect in a criminal procedure for which his home was searched, that is, he was not informed of the exact state of facts for which the investigation is being conducted by the Anti-Corruption Department of the Special Police Reserve Force.

As regards the state of facts, the search warrant sheds (some) light on in, but the criminal complaint may include more.

According to the search warrant, András Horváth downloaded data on 628 taxpaying entities using the information systems of the NAV from 1 January 2013 until his dismissal (on 11 November 2013), but data on 35 taxpaying entities associated with the food sector were not relevant to the work of András Horváth in any way.

From his statements aired by ATV’s “Straight talk” on 28 November 2013, the NAV concluded that he copied those data and took them out of the building of the NAV without authorisation.

Although not included in the search warrant, the Prosecutors Office later added that András Horváth also downloaded asset transfer levy data and buyers’ data for 10 cars purchased by private individuals without any relevance to his tasks as the employee of the NAV.

(In this context, it is worth noting that these data were downloaded to gather information on transportation services that were elements of the VAT frauds.)

2. The suspicion – misuse of personal data (Section 219 of the Criminal Code)

The misuse of personal data has three key factual elements:

a) Since the protection of personal data only pertains to natural persons and legal persons and other entities without legal personality do not have personal data, a search warrant cannot refer to a business entity as an injured party in a criminal accusation.

b) An indispensable element of this type of crime is the unauthorised handling of personal data by the suspect.

The NAV should have identified the specific handling authorisations that were violated by the specific data downloads in its criminal complaint for misuse of personal data.

The NAV had all the opportunities to do so since according to Data Protection and Data Safety Regulation No. 111/2001 of the NAV, staff members are given data access authorisations for the purpose of discharging their duties in an attachment to their job descriptions.

In case the criminal compliant failed to precisely specify the rules violated by András Horváth and the authority conducting the investigation failed to request the NAV to complete its submission (which it should have done in case of an incomplete complaint), then the legal basis for initiating an investigation was absent because the police could not know what data handling rules were violated by András Horváth.