Written by: Peisch András and Nemcsók Tamás

Recently enacted regulations in Hungary oblige providers of certain applications enabling encrypted communication between users to cooperate with Hungarian services that are authorized to perform secret surveillance activities. The new regulations require app providers to store and, upon the request of the authorized services, disclose the content of the messages or files transferred through the app as well as certain metadata created during the use of the app. Only providers of end-to-end encryption services are exempt from the regulations.

Under the new regulations, enacted within the framework of the general government policy in Hungary for combating terrorism and effective as of 17 July 2016, app providers offering encrypted communication services are required to store certain metadata created during the use of the app (including identification data, IP addresses and port numbers of the user) for one year following the date on which the metadata was created. Authorized services may request the app provider to disclose the aforementioned metadata to them. The Hungarian Special Service for National Security (the “SSNS”) may even request the app provider to disclose the contents of the communication to the SSNS.

App providers with a registered seat or establishment in Hungary are required to communicate directly with the authorized services and the SSNS. The authorized services and the SSNS may enter into cooperation agreements with the app providers to regulate the data transfers between them (including data transfer procedures, levels of communication, data protection, and control mechanisms). App providers that do not have their seat or an establishment in Hungary have to cooperate with the authorized services and the SSNS through a Hungarian representative.

Only providers of end-to-end encryption services are exempt from the above obligations, i.e. those that provide services enabling users to communicate without the contribution of the app provider. For providers falling within the scope of the new regulations, failure to comply with the above obligations may entail a fine of up to HUF 10 million (approx. EUR 32,000) which can be imposed multiple times in case of repeated violations. App providers are also prohibited from performing system or service developments or restructurings that could prevent or otherwise block secret surveillance.

The views expressed in this publication are solely those of the authors. The information contained in this publication is provided as is without any representation or warranty of any kind. This publication is not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.