Romania tries to use GDPR to force journalists to reveal sources
Reporters Without Borders (RSF) calls on Romania’s Data Protection Authority to
immediately cease its alarming attempts to use the European Union’s General Data
Protection Regulation (GDPR) to violate the confidentiality of the sources of investigative
journalists.
In a letter received from the Data Protection Authority on 9 November, the Romanian investigative news website RISE Project was told it could be fined up to 20 million euros if it failed to reveal the sources for the “personal data” in a series of Facebook articles and all other information related to these articles.
As grounds for issuing this order, the letter cited the GDPR, otherwise known as EU Directive 2016/679, which took effect on 25 May.
The articles to which the letter referred were published by RISE Project in the course of the investigation it has been conducting jointly with the Bulgarian investigative website Bivol into the alleged embezzlement of around 21 million euros in EU funds.
This alleged scandal is said to involve senior Romanian politicians, including Liviu Dragnea, the president of the ruling Social Democratic Party (PSD), and Tel Drum SA, a construction company already implicated in another case. The same massive corruption scandal was the subject of Bulgarian journalist Viktoria Marinova’s last broadcast on the Bulgarian TV channel TVN before her brutal murder on 6 October.
“We condemn this misuse of the European Union’s new data protection provisions with the aim of intimidating investigative reporters and violating the confidentiality of their sources,” said Pauline Adès-Mével, the head of RSF’s EU-Balkans desk.
“The GDPR is meant to give Europeans more control over their personal data and the way companies use their data. It is definitely not intended to prevent journalists from publishing information in the public interest.”
RSF is also surprised by the speed with which Romania’s Data Protection Authority wrote to RISE Project after it posted the articles on Facebook. This agency normally takes several months to respond to complaints by Romanian citizens, according to the Organized Crime and Corruption Reporting Project (OCCRP), which consulted specialized lawyers.
Reacting to this misuse of the GDPR on 12 November, European Commission spokesperson Margaritis Schinas said Romania had to make exceptions for the media. “It is of upmost importance that Romanian authorities implement that obligation in national law, to provide exemptions and derogations to protect journalist sources, in particular, from the powers of the data protection authority,” he said.
Compliance with this recommendation is all the more essential since Romania is due to take over the EU rotating presidency on 1 January
When Romania and Bulgaria joined the European Union in 2007, they were placed under a mechanism that allows the European Commission to monitor the pace of their judicial reforms and efforts to combat corruption. In this mechanism’s latest report, published yesterday, the Commission again called on Romania to “combat corruption” – the subject that investigative journalists find hardest to cover.
Romania is ranked 44th out of 180 countries in RSF’s 2018 World Press Freedom Index.