To date, the Hungarian data protection supervisory authority has not published or provided guidelines on the use of cookies under GDPR.
On the Hungarian data protection supervisory authority’s website, you can find a guideline for online-shops that also includes guidelines for cookies in Section 3 (link (in Hungarian)).
In summary, the following rules apply:

  1. The Hungarian Cookie Order requires informed consent prior to placing cookies. The current Cookie Order contains a definition of consent based on the consent definition in the former Data Protection Directive.
  2. Website operators must inform users in clear, precise and easily understood language that cookies are set on the website, e.g. through the use of a banner or active textboxes. The information must be given before the cookies are placed.
  3.  The information must also contain details of the purpose of storing of, or access to, information in the end-user’s terminal equipment. It is not enough to merely advise the end user of the storage or access. Therefore, stating that “we use cookies to improve your experience on the website” without further clarification is not considered to comply with the rules.
  4. The information must further contain details about who is setting cookies. Where third parties set, store or gain access to information in a user’s terminal equipment via the provider’s service, exact identification of the third parties must be given.
  5. Website users must be able to withdraw a consent already given. At the moment it seems to be sufficient to simply inform users about this right in the privacy policy.

Exemptions

If the use of cookies and the storage of data on the user’s terminal equipment is a technical prerequisite for being able to perform a service that the user has explicitly requested, such cookies will typically be exempt from the rules.

Examples:

  • authentication cookies
  • multimedia player session cookies (e.g. Flash-Player-Cookies)
  • user-input cookies
  • user interface customization cookies