Hungary’s data protection authority is meant to protect citizens from abuse. But when secrecy, surveillance and political power collide, European courts and institutions have repeatedly raised the same troubling question: is the watchdog truly independent, or only independent on paper?
Hungary’s National Authority for Data Protection and Freedom of Information (NAIH) is supposed to be one of the country’s key democratic safeguards. It oversees personal-data protection, supervises privacy compliance, and in principle stands between citizens and abuses by both public authorities and private actors. On paper, its structure appears solid. The authority presents itself as autonomous, and its president serves a nine-year term, a feature designed to protect independence from short-term political pressure.
But in Brussels and Strasbourg, the authority’s formal status has never been enough to silence deeper doubts. The issue is not whether Hungary has a data watchdog. It does. The issue is whether that watchdog can be trusted when the interests of the state itself are on the line.
An authority born under an independence cloud
The credibility problem did not begin yesterday. It reaches back to the reshaping of Hungary’s data-protection oversight system in the early 2010s. In 2014, the Court of Justice of the European Union ruled that Hungary had infringed EU law by prematurely ending the mandate of its previous data protection supervisor. That judgment was not a minor procedural issue. It went to the heart of European law’s requirement that supervisory authorities be genuinely independent.
The message from Luxembourg was clear: if a government can end a watchdog’s mandate before its lawful expiry, independence is not real in any meaningful constitutional sense. That ruling has continued to cast a long shadow over Hungary’s oversight framework ever since.
The concern is sharpened by the appointment model itself. According to the authority’s own institutional description, the president of NAIH is appointed by the President of the Republic on the proposal of the Prime Minister, for a renewable nine-year term. In isolation, that arrangement does not automatically prove political control. But in a country where multiple institutions have faced European criticism over their distance from executive power, it inevitably invites scrutiny.
The Pegasus scandal changed everything
If one episode turned long-standing suspicion into a wider European credibility crisis, it was the Pegasus spyware affair.
This was not a routine administrative complaint. Pegasus was linked to allegations of highly intrusive surveillance against journalists, lawyers, public-interest actors and figures connected to critical reporting or opposition life. A European Parliament analysis, drawing on reporting by Hungarian investigative outlet Direkt36, summarised claims that hundreds of individuals in Hungary may have been selected as potential surveillance targets.
That alone was serious enough. But what transformed the issue into a broader institutional problem was the response of Hungary’s oversight system. Instead of reassuring critics, NAIH’s handling of the matter fuelled deeper mistrust in Brussels. In a formal parliamentary question, MEPs asked the European Commission whether the Hungarian authority was “sufficiently independent”.
That question was itself remarkable. Once the credibility of the investigating authority becomes the subject of European scrutiny, the problem has already moved beyond data protection and into the territory of democratic legitimacy.
The wider response from the European Parliament was even sharper. In its conclusions on spyware abuses within the European Union, Parliament warned that in Hungary the use of spyware formed part of a broader pattern of pressure affecting media freedom and democratic accountability. Even though that criticism was aimed at the broader system and not solely at NAIH, the implication was difficult to ignore: oversight in Hungary was not convincing Europe when the stakes were highest.
Strasbourg has also exposed weaknesses in surveillance safeguards
The strongest criticism has not come only from politics. It has also come from the European human-rights system.
In Hüttl v. Hungary, the European Court of Human Rights examined the effectiveness of safeguards and remedies in the field of Hungarian secret surveillance. The broader significance of the judgment was unmistakable: in sensitive surveillance matters, Hungary’s mechanisms of external control were not providing the level of protection required by fundamental rights.
That line of criticism intensified in Klaudia Csikós v. Hungary, decided in November 2024. The case involved the interception of a journalist’s communications and directly engaged both privacy rights and the protection of journalistic sources. Strasbourg found violations of privacy and freedom of expression, pointing again to inadequate procedural safeguards.
The significance for the broader oversight system is clear: a regulatory framework cannot convincingly claim success if European courts repeatedly find that surveillance safeguards fail to protect fundamental rights in practice.
Rule-of-law monitoring keeps raising the same concern
The European Commission’s 2025 Rule of Law Report on Hungary did not single out NAIH as a stand-alone scandal. But that is not an endorsement. The report placed Hungarian surveillance and institutional safeguards within a wider pattern of rule-of-law concern.
In several Pegasus-related complaints, the authority concluded that it had found no evidence of unlawful surveillance. That finding stands in sharp contrast with the concerns raised by journalists, civil-society organisations and European institutions. The gap between those perspectives has contributed to the authority’s credibility problem.
Independent on paper is not the same as independent in practice
Defenders of the current system can still make a narrow legal argument. NAIH exists by law, has statutory guarantees, and is recognised within the EU’s data-protection framework. All of that is true. But it is not enough.
In rule-of-law terms, independence is not measured only by legal text. It is measured by whether an institution can investigate those in power without fear, obtain the information it needs, resist pressure, and command confidence when politically sensitive facts are at issue.
It would be legally careless to claim that every action of the authority is politically directed, or that it performs no legitimate regulatory work. The available evidence does not justify such an overstatement. But the record already supports a serious conclusion without exaggeration: Hungary’s data protection authority suffers from a significant credibility deficit in European circles, particularly in surveillance-related cases with political implications.
A watchdog that does not reassure Europe
This may be the most damaging finding of all. A data-protection authority exists to reassure citizens that someone genuinely independent stands between them and abuse. In Hungary, that reassurance has been badly weakened.
When the EU’s top court says Hungary breached the requirement of supervisory independence, when MEPs openly question whether the authority is sufficiently independent, when the European Parliament warns about spyware and democratic oversight, and when the European Court of Human Rights finds surveillance safeguards inadequate, the issue is no longer image management. It is trust.
And once a watchdog loses trust, formal guarantees alone rarely restore it.
As The European Times previously noted in its reporting on broader EU concerns over democratic backsliding in Hungary, disputes over surveillance, media freedom, judicial independence and institutional control are rarely isolated. They form part of the same constitutional picture.
In that picture, Hungary’s data-protection authority is no longer viewed merely as a technical regulator. It has become a test of whether independent oversight in the country remains robust in practice.
The most defensible conclusion is also the most restrained one: Hungary’s data watchdog retains formal independence in law, but its credibility in politically sensitive cases has been seriously weakened by court rulings, parliamentary scrutiny and continuing rule-of-law concerns at the European level.
