The true measure of Hungary’s democratic transition won’t rely solely on elections, speeches, or symbolic gestures. It will depend on whether institutions that previously failed to protect citizens from surveillance, secrecy, and political pressure are held accountable. This includes Hungary’s data protection authority and its long-serving president, Attila Péterfalvi.
When Péter Magyar became Hungary’s new prime minister, ending Viktor Orbán’s lengthy tenure, he vowed democratic renewal, institutional repair, and a return to European standards. International reports described it as a political shift, with Magyar committing to restore the rule of law, rebuild public trust, and steer Hungary towards the European Union. The Associated Press noted the new government’s pledge for comprehensive reforms after years of democratic decline.
However, Hungary’s democratic renewal cannot be confined to parliament, prosecutors, public media, or anti-corruption bodies. It must extend to institutions meant to protect citizens from intrusive state power. Among these, Hungary’s National Authority for Data Protection and Freedom of Information (NAIH) is crucial.
This authority is tasked with defending citizens against the misuse of personal data, secret surveillance, unlawful information-gathering, and state opacity. It should be a major democratic safeguard. Under Attila Péterfalvi, however, Hungary’s privacy watchdog epitomized a broader institutional issue: excessive caution when courage was needed, formalism when rights were threatened, and silence when the public demanded a defender.
The Pegasus Test
The clearest test was Pegasus. The Pegasus Project exposed the global misuse of military-grade spyware capable of infiltrating mobile phones and accessing messages, calls, locations, and encrypted communications. Hungary was implicated, with reports suggesting journalists, lawyers, business figures, and political critics were potential targets.
For any serious data protection authority, this should have been a constitutional emergency. The issue wasn’t merely about the existence of secret authorization within state machinery. The crucial question was whether surveillance was necessary, proportionate, independently controlled, and free from political misuse.
A trusted privacy watchdog would make those questions unavoidable, demanding transparency to the fullest extent compatible with national security, and centering citizens’, journalists’, and lawyers’ rights in public debate. Instead, Péterfalvi’s authority failed to become the visible democratic shield Hungary required.
The situation worsened when investigative journalist Szabolcs Panyi, previously reported as a Pegasus target, faced espionage accusations under the Orbán government. The Associated Press reported on the case, seen by critics as politically motivated. In such circumstances, a data protection authority cannot hide behind procedure. When journalists are surveilled and criminally accused, silence is not neutrality but failure.
Facial Recognition and the Pride Ban
Another test arose with Hungary’s crackdown on LGBTQ rights and public assembly. In 2025, Orbán’s Hungary banned Pride events and permitted facial recognition technology to identify and fine participants. The Guardian reported that police could use facial recognition against attendees of banned Pride events.
This was not a technical issue; it was a fundamental-rights issue. Biometric surveillance used against peaceful demonstrators is precisely the danger a data protection authority should confront, impacting privacy, freedom of assembly, freedom of expression, and minority protection from state intimidation.
A strong watchdog would have clearly warned against turning biometric identification into a tool of political and cultural pressure. Yet Hungary did not see its privacy
Leave a Reply