The European Court of Justice held that national data protection authorities must be independent – Commission v Hungary (case C-288/12)

European Court of Justice (“ECJ”) held that Data Protection Directive 95/46/EC requires national supervisory authorities for the protection of personal data to operate with complete independence in the exercise of their duties. Hungary failed to fulfill such obligations by prematurely ending the term served by its national supervisory authority.

Mr. András Jóri had been appointed in 2008 as authority competent for monitoring the application of national data protection legislation (“Supervisor”) for a term of office of six years, ending in 2014. From January 2012 Hungary created a new authority responsible for the supervision of data protection and on December 31, 2011 (i.e. before expiration of the six year term) the Supervisor was removed from office. The European Commission brought an action against Hungary alleging Hungary had infringed its obligations under the Directive.

On April 8, 2014, the ECJ held that the data protection authorities established in accordance with Directive 95/46/EC must be able to operate independently and free from any external influence or pressure. It also held that “by prematurely bringing to an end the term served by the supervisory authority for the protection of personal data, Hungary has failed to fulfill its obligations [under the Directive]” so “compromising …[the Supervisor’s] independence for the purposes of the second subparagraph of Article 28(1) of Directive 95/46. The fact that it was because of institutional changes that he was compelled to vacate office before serving his full term cannot render that situation compatible with the requirement under that provision of independence for supervisory authorities…” Full opinion at http://curia.europa…