CLVPartners

CLV-02
Menu

News

Statement of the EDPB on data processing during the coronavirus epidemic

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , , , ,

The European Data Protection Board (“EDPB”) has issued a statement on its website on data processing during the coronavirus epidemic.Please find our summary of the statement below:
1. The conditions of processing health data, as special category of data shall be specified by the national law in accordance with the GDPR. In this regard, the GDPR requires that the lawmaker defines specific measures and the suitable safeguards of the rights of the data subjects.

2. As per the position of the Hungarian Data Protection Authority emphasized, in the event of medical examinations such as body temperature measurement, this safeguard is the presence of a healthcare professional, therefore it is still not possible to implement such measurement at the workplace without the presence of a professional.

3. According to the EDPB’s position, the employers should inform employees if a coronavirus infected person has been identified at the workplace (to take the necessary protective measures), without revealing the identity of said person. The concerned employees shall be informed in advance and their dignity and shall be protected. Information on the infection should be first and foremost disclosed to those entitled to process these data, such as authorities and treating physicians if requested.

As the GDPR allows for a wide range of derogations in national law, we can expect a more detailed regulation of the data processing in relation to the epidemic.

The content of this article is not exhaustive and does not constitute a legal advice. Should you have any specific questions regarding any issues investigated by our articles, please contact us and we will be happy to be at your disposal.

Derogations in the application of Labour Code for the duration of state of emergency

Employment, labour law, Medium-sized companies, News, Start-ups / / , , ,

Effective as of today (19 March 2020) until 30 days after the end of state of emergency, the Labour Code shall be applied with derogations as a part of the economic measures announced yesterday. Please see our brief summary as follows:
1. Derogations to be applied unilaterally by the employer:

a) employer may also amend the announced work time schedule within 96 hours of the start of the daily working time; it is important to note that the rules of announcing annual paid leave/ vacation did not change and must be notified 15 days in advance;

b) employer may unilaterally order home office/ remote work for the employees;

c) the employer may implement the necessary and justified measures to check employees’ health status. The Government Decree does not specify the measures necessary and justified, therefore the employers must consider this for themselves, in compliance with the data protection legislation and the HDPA’s legal opinion, as the application of the GDPR has not been suspended for the duration of the state of emergency. It mainly relate to the mostly popular planned fever measure which may only be applied with the restrictions provided by the HDPA.

Collective agreement provisions deviating from the above may not be applied for the duration of the state of emergency, which also means that in any other question the Collective Agreement is applicable.

2. Derogations to be applied by the separate agreement of the parties:
The Government Decree fully extends the possibility of separate agreement between the employer and the employee, which may derogate from the provisions of the Labour Code. It may only be interpreted – although there is no express provision – that it allows the employers to agree with the employees on conditions that are detrimental to the employees – while earlier the Labour Code only allowed deviation in favour of the employees. In that way, thus allowing the establishment of specific and flexible rules for the duration of the state of emergency.

3. The right approach would be if before conclusion of the separate agreement with employees in matters are beyond the above cases and regulated in the Collective Bargains, the employers consult with the Trade Union and the Works’ council if the planned deviations will affect the bigger group of the employees.

The economic measures of the Government in relation to the coronavirus epidemic

On 18 March 2020 the prime minister has announced exceptional economic measures to reduce the impact of the coronavirus epidemic.

According to these measures, in the following sectors the employers shall not pay contributions after their employees, and the contributions of their employees are also significantly reduced (they shall not pay pension contribution, and health insurance contribution is reduced to the minimum set by law) until 30 June 2020:

• tourism
• hospitality ( gastronomy, hotels etc.,)
• entertainment
• sport
• cultural services
• passenger transport

In the above sectors, lease agreements may not be terminated and the amount of rent cannot be raised during this period.

Taxi drivers under ‘small enterperneurs” tax payers are exempted from tax payment.

The tourism sector is also exempted from paying the tourism development contribution.

The Government Decree foresees further legislative changes. We are monitoring for further possible government measures continuously.

The purpose of the publications announced on our website is to provide a brief, concise information on certain issues. The content of this website and the publications is not exhaustive and does not constitute a legal advice. Should you have any specific questions or inquires regarding any issues investigated by our publications, please contact us and we will be happy to be at your disposal.

ON THE DATA PROCESSING RELATED TO THE CORONAVIRUS EPIDEMIC

Company groups, Data protection, Medium-sized companies, News, Start-ups / / , , , ,

The Hungarian Data Protection Authority („HDPA”, „Authority”) has issued on its website a briefing regarding data processing related to the coronavirus epidemic, also including certain general legal obligations beyond data protection. We have summarized the most important details as follows:
1. It is not only a vital interest but also a legal obligation of employers to provide a healthy and safe workplace.

2. Prior to any data processing, employers may be expected to create an epidemic action plan (preventive measures, allowing alternative working conditions (“home office”), procedure to be followed if the infection appears, assignment of responsible personnel within the company, implementation of a reporting system).

3. As a preventive measure within the action plan, it is recommended to provide employees with all necessary details, especially on the most critical information on the coronavirus (rules of hygiene, symptoms, who to report to within the company). The document titled “Procedure regarding the novel coronavirus identified in the year 2020” published on the website of the National Public Health Center could provide helpful for employers when wording the information.

4. According to the Labour Code, the employees shall report to the employer if they have knowledge of a risk of infection, including the risk of their own illness. With regards to this, the reporting system shall be implemented in a way that allows for confidential processing of data.

5. In the event of a report or suspicion of infection the HDPA considers filling out a questionnaire appropriate. Particular attention shall be paid to data minimisation. Employers shall not process the data of the suspected employee related to the epidemic beyond the questionnaire. The Authority specifically notes that data related to medical history or medical documentation shall not be requested or processed by the employer!

6. It needs to be emphasized that the employer shall not begin contact investigation, this should be entrusted with the investigating authority having jurisdiction!

7. Also important to note, the employer shall not conduct medical examination (i.e. use of thermometer), however, the professional examination of employees may be initiated through the involvement of healthcare professionals (first and foremost the company doctor).

8. The legal ground for the above data processing is based on the employer’s legitimate interest, if the medical examination of employees becomes necessary, the exceptional purpose of processing shall be in the interest of providing a healthy workplace.

9. It is recommended for employers to favour measures that do not result in the processing of data (following basic hygiene, providing disinfectants, proper cleaning). We would also like to note that the legislation does not allow for employers to distribute vitamins, medicine or immune-boosting products, etc. among its employees, therefore these are not legally possible as a preventive measure.

Workforce 2020 – London

News / / , , ,

16th Annual Managing an Internation Workforce: 2020 Beyond
In February Lewis Silkin held its annual conference „Managing an International Workforce: 2020 Beyond” in London. The 16th annual conference gathered HR professionals, in house lawyers and labour lawyers from several counties. CLVPARTNERS was represented by Henrietta Hanyu and Éva Fülöp labour lawyers. Many actual and interesting topics was discussed like “Using self-employed contractors – hidden employees. From work protection perspective the mental health issues gets more emphases and in many countries relevant laws have been adopted and the employers in the process of forming their internal policies, so Hungary should also be prepared.

Of course there was a hot topic the Brexit impact on the Immigration, what changes will EU and UK face , but at the end of the day the conclusion was that there are and will be lots of uncertainty.

Actual topic was also how the the populism effects the labour law – here was mentioned Poland and Hungary but finally it was clear that the topic was very complex and no unambiguous conclusion might be made.

GPDR after Brexit – Data transfers outside the EU

Company groups, Medium-sized companies, News, Start-ups / / , , , , ,

After years of negotiations the United Kingdom has officially left the European Union, therefore the UK has become a “third country”. We would like to take this opportunity to point out the special rules concerning the UK and data transfers outside the EU in general.
Data transfer to the UK

As we have noted in our latest article on Brexit, some changes need time to enter into force. According to the withdrawal agreement concluded between the UK and the EU, there will be a transition period until 31 December 2020. In this transition period, the GDPR is still applicable in the UK, so the UK would not be considered as a third country until the end of this year.

What happens after the transition period?

It is very important to note that any data processed before the end of the transition period shall continue to be processed in accordance with the GDPR. Thus, personal data transferred to the UK during the transition period shall be guaranteed the same level of safety as currently provided by the GDPR and data subjects have no cause to worry about their right to privacy.

After the transition period, the UK and the EU still need to iron out the specifics of data protection. Certainly, for most data controllers that would be most convenient if the UK continued to apply the GDPR.

However, in the event of a “no-deal” Brexit or if the “deal” excludes data protection, the rules of transferring data outside the EU would have to be applied to the UK.

Data transfers outside the EU

One of the most emphasized general rule of the GDPR is that transferring data outside the EU is not allowed only with a very few exceptions. There are three categories of these exceptions, “adequacy decisions” in Article 45, “appropriate safeguards” in Article 46 and “derogations for specific situations” in Article 49.

Adequacy decisions

With regards to Brexit, the second best scenario would be an EU Commission adequacy decision. Data may be transferred without any special rules or authorizations to third countries deemed to provide an adequate level of data protection. While the decision falls to the discretion of the Commission, we expect this to be a very likely outcome, as the UK has high standards of data protection in their national legislation.

Appropriate safeguards

Should the UK not be found adequate, the next option is for the data controller or processor to provide appropriate safeguards. These safeguards are subject to the approval/ adoption of the Commission and/or the supervisory authority. The most relevant of these safeguards are as follows:

• binding corporate rules (BCR) of a corporate group (approved by the supervisory authority);
• standard data protection clauses (adopted by the Commission);
• standard data protection clauses (adopted by a supervisory authority and approved by the Commission);
• an approved code of conduct together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights;
• an approved certification mechanism together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.

The abovementioned options require either significant effort from the data controller (i.e. drafting BCRs or codes of conduct) or a proactive supervisory authority (i.e. drafting and adopting standard clauses). Since the GDPR’s entry into force, no standard clauses have been adopted yet. Consequently, most data controllers might find appropriate safeguards a barrier too high to entry.

Derogations for specific situations

The last option is derogations for specific situations, to be applied for exceptional cases and will not serve as legal basis for systematic or regular transferring of personal data. The most relevant of these situations are as follows:

• explicit consent of a data subject informed of the risks of transfer to the third country;
• transfer is necessary for the performance of a contract between the data subject and the data controller or a contract concluded in the interest of the data subject;
• transfer is necessary for the establishment, exercise or defence of legal claims;
• transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent.

In any event, if the data controller uses these derogations as basis for data transfer outside the EU, the transfer may only take place if it is not repetitive and concerns only a limited number of data subjects, in addition the controller must demonstrate a compelling legitimate interest and inform the supervisory authority as well as the data subject. This is considered the least favourable option for data controllers because of their obligations to inform.

The right of exit and of entry following Brexit

Company groups, Medium-sized companies, News, Start-ups, Trade affairs / / , , , ,

The United Kingdom is set to leave the European Union on 31 January 2020. As the date draws ever so close, it is time to get acquainted with the rules to follow the departure of the country, most importantly the right of exit and of entry of union citizens.
Presently, union citizens can enter the UK with both their national identity cards or their passports and they do not need a visa to do so. Although 31 January 2020 is the day the UK shall officially leave the EU, it will be followed by a transition period, in which the rules of entry and exit shall remain unchanged.

According to the agreement between the UK and the EU, this transition period ends on 31 December 2020. The Joint Committee (comprising representatives of the EU and UK) may extend this transition period one time with an additional 1 or 2 years. As a result, the current system could hold out as late as 2022, but for now 31 December 2020 shall be deemed the relevant date.

Come 1 January 2021, – assuming no extension takes place – it will be entirely up to the British Parliament to determine the conditions of entry and exit into the country, specifically whether or not a passport and/ or visa is required.

HDPA issues statement on the monitoring of employee e-mails

Company groups, Data protection, Employment, labour law, Medium-sized companies, News, Start-ups / / , , , ,

At the end of last year, the Hungarian Data Protection Authority (HDPA) issued a statement, in which the HDPA commits itself to take all possible actions and use all available means – including adequate legal consequences to prevent further infringements – to stop the widespread practices of unlawful processing of employee e-mails. 
How does personal data enter the picture?

Even if an e-mail address was provided for the purposes of working, it might eventually be used by the employee for personal matters, or third parties might send personal e-mails to the address, which turns this into a question of data privacy. Although some advisable steps can be taken to prevent the personal use of work e-mail addresses (i.e. the prohibition of personal use of work assets), it is not seemingly possible to fully separate the two uses, since receiving a personal e-mail from a third party is generally outside the employer’s or employee’s control. It is also important to note that if an employee uses the work e-mail address for personal matters despite possible explicit prohibitions set in place, such an act will still be attributed to the employer’s data processing, thus the processing of personal data is unavoidable.

What is expected of the employers?

First and foremost, employers should determine the lawful ground of the processing. The HDPA highlighted storing, archiving and searching/ indexing as the most common processing actions performed on employee e-mails. Naturally, employers have a vested interest in the monitoring of employee e-mails, as it is necessary to control and maintain the work flow, therefore the lawful ground must be substantiated by a thorough balancing test prior to the processing. Once the lawful ground is established, it is advisable to prepare an SOP on the monitoring process.

The employer must duly inform the employees about the monitoring of work e-mails, the data processing and whether or not personal use of work e-mails is permitted or prohibited at the workplace.

Before or during the monitoring, the employer must take all reasonable steps to separate work related and private e-mails. In accordance with the principle of accountability, the employer should maintain a record of the steps taken during monitoring.

Considering the fact that almost every employer provides its employees with an e-mail address for work purposes, this statement is important to all employers who wish to be compliant with the GDPR and employees interested in the protection of their private lives.

The End of The Year From HR Perspective

Employment, labour law, Medium-sized companies, News, Start-ups / / , , , , , , , , ,

The end of the year is coming up fast and there are plenty tasks to arrange at the HR Departments. Among the others, it should be checked whether the holiday due for this year have been scheduled for all employees until 31 December, as well as, if the holiday agreements have been signed for 2020. Before entry into 2020, we wish to provide you with quick to do list and also to call your attention to the latest news and the expected relevant changes.
I. Unused holiday

The question of unused holiday at the end of the year is always a cardinal issue from HR view. Therefore, it is advisable to check if each employee how the annual leaves of the current year stands. Unused leave cannot be redeemed in cash, unless the employment relationship is terminated. Leave must therefore be scheduled even if the employee does not wish to take it.

The general rule is that leave due for 2019 cannot be transferred to 2020. Therefore, the remaining holiday shall be scheduled basically for the year of 2019. However in some exceptional cases it may be transferred to the next year, as follows:

·        If employment relationship began on or after 1 October 2019, holiday may be scheduled until 31 March 2020.

·        If, due to a cause at the employee’s side, holiday could not be scheduled in 2019 (e.g. illness, maternity leave, work incapacity, etc.), it can be scheduled within sixty days of the cause ceases to exist.

·        Leave which commences in the due year and does not exceed five working days in the following year shall be deemed to have been taken in the due year.

·        The additional leave due to the age of the employee may be scheduled until 31 December 2020, if the parties concluded an agreement on it in 2019.

·        In the event of economic reasons of particular importance or any direct and consequential reason arising in connection with its operations, the employer may allocate one-fourth of the employee’s holiday by 31 March of the following year if it is stipulated so in the collective agreement.

II. The case of extraordinary work (overtime)

Considering that extraordinary work has an annual limit, it is highly advisable to check how the company stands in this regard as we approach the end of the year.

In the case of full-time work, up to 250 hours of overtime per calendar year can be ordered.

Collective agreement allows 300 hours per year. Further, the employer and the employee may conclude an agreement on additional working hours so that it must not exceed 400 hours overtime per calendar years. This agreement may be terminated by the employee by the end of the calendar year.

However, the above mentioned annual limit shall apply proportionately if the employment relationship began during the year, for a fixed period or for part-time work. It is important that if the company exceeds the annual extraordinary working time limit, it may face serious fines as a result of any labour inspections.

III. Minimum wage and guaranteed wage minimum

As of January, the minimum wage will be expectedly increased again. In 2018, a two-year agreement was made at the meeting of the Competitive Sector and Government Permanent Consultation Forum to increase the minimum wage and the guaranteed wage minimum with 8%-8 % in 2019 and 2020. Thus, the minimum wage could rise to HUF 161,000 in 2020 and the guaranteed wage minimum to HUF 210,600.

The minimum wage and guaranteed wage minimum shall be published by a government decree which has not been issued yet, but it will be expectedly published until the end of the year.

After the decree has been published, the salaries shall be reviewed and the employment contracts shall be amended accordingly.

IV. Social contributions in 2020

With changes of social contribution there is nothing to do, however from payroll perspective it is good to know that according to the bill No. T/8021 from 1st July 2020 (i) pension contributions, (ii) in-kind and (iii) financial health insurance contributions, and (iv) labour market contributions will expectedly merge so called “social security contribution”. However, the rate remains the same, so in total 18.5%.

V. Working time schedule for the year of 2020

The minister of finance has the right to reschedule the working and rest days around the public holidays which changes shall apply in case of employees working under a fix, general working time schedule.

According to the decree of the minister of finance in the next year 21 August (Friday) and the 24 December 2020 (Thursday) shall be rest days, and the 29 August and the 12 December (Saturdays) 2020 are qualified as working days.

VI. Retirement age in 2020

According to Act LXXXI of 1997 employees were born in 1956 may be entitled to old-age pension when they reach the age of 64 plus 183 days. Therefore, the above mentioned employees will be eligible for pension in 2020.

It is remained unchanged that the employee’s employment shall not be terminated due to the retirement.

Establishment of separate administrative court system will be postponed indefinitely for an indefinite period of time

News /

A controversial proposal to establish a separate administrative court system in Hungary, which would also have merged the labour courts with the regional courts, is now on hold indefinitely.
As highlighted previously in The Word, at the end of 2018 the Hungarian Parliament passed an act (Act CXXX of 2018, the ‘Act’) on the establishment of a new administrative court system. The concept was that it would operate under the direction of a newly established Supreme Administrative Court and under the operative leadership of the Ministry of Justice. At the same time, the labour court would be merged into the general regional courts.
In the last six months there has been huge international debate surrounding the Act, during which the Hungarian government was severely criticised for jeopardising the values of the European Union, such as the concept of the constitutional state and the independence of judges.

As a result, on 30 May 2019 the Hungarian government submitted a bill to the Parliament on postponing the establishment of the administrative court system. According to the official justification for the bill the government wishes to bring an end to the groundless debates around the Act and related criticism regarding the constitutional state.

As a result, the separate administrative court system will be not established by 1 January 2020 and this plan will be postponed for an indefinite period of time. The administrative and labour courts will also continue to work unaltered as a separate court, that is, the labour court will be not merged into the general regional courts.

Trusted Working Hours

Employment, labour law, Medium-sized companies, News, Start-ups / / ,

ECJ has decided on the dilemma: setting up a system enabling the duration of time worked each day by each worker to be measured is a must.
The European Court of Justice requires to set up such an objective, reliable and accessible system, which allows to enable the duration of time worked each day by each worker (number of hours worked and hours of overtime worked, also when that work was done) to be measured.

The European Court of Justice gave its judgment on May 14, 2019 in the Federación de Servicios de Comisiones Obreras contra Deutsche Bank SAE case No. C-55/18 conducted on the basis of the reference for a preliminary ruling of the Spanish National High Court (Audiencia Nacional). According to this, solely the practice of setting up a system enabling the duration of time worked each day by each worker to be measured is compatible with the laws of the EU.

In the view of the European Court of Justice, the above obligation is reasoned by two key circumstances.
With regard to, that employment relationships are asymmetric by nature, where employees are considered as „weaker parties”, registration is necessary particularly due to the fundamental right to the limitation of maximum working hours and to daily and weekly rest periods, which may be derived from the safety and health protection of workers. As, in the absence of sufficient database, there would be no effective evidence available for employees in case of an incidental infringement of their rights.
In consequence thereof, authorities and courts facilitate the supervision regarding the enforcement of the above rights in the course of which only controlling these records provides an acceptable solution.

Therefore, the obligation extends to the set up of such an objective, reliable and accessible system, which allows to enable the duration of time worked each day by each worker to be measured, especially to recall the number of hours worked and when that work was done, also the number of hours of overtime worked unchanged, moreover, which is also in compliance with the special provisions regarding the form of registration, attributes of each sector of activity concerned, or the specific characteristics of certain undertakings set forth by the member states, if any (see: transport sector).

Although, several constructions of performance of work – especially of flexible working hours – have been developed by the international practice lately, which often lack clear expectations related to the methods of measuring duration of time worked, Act I of 2012 on Labor Code (“Labor Code”) disposes rather unambiguous thereof in Hungary, which is also in consonance with principles of the laws of the EU.

As a general rule, employers register the durations of regular working time and overtime, stand-by duty, periods of leave and the duration of overtime undertaken voluntarily according to Section 134(1) of the Labor Code, while the above obligation includes registration of the latter two elements of this list in respect of adoption of trusted working hours pursuant to Section 96(2).

In this context, we kindly draw the attention of our honorable Client to that it is expressly recommended to supervise the definition of the adopted working arrangements and the sufficient recordkeeping related to the above with regard to the timeliness of this issue.

CLVPartners
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.