Yet Another GDPR Disaster: Journalists Ordered To Hand Over Secret Sources Under 'Data Protection' Law

from the this-is-messed-up dept

When the GDPR was being debated, we warned that it would be a disaster for free speech. Now that it’s been in effect for about six months, we’re seeing that play out in all sorts of ways. We’ve talked about how it was used to disappear public court documents for an ongoing case, and then used to disappear a discussion about that disappearing court document. And we wrote about how it’s been used against us to hide a still newsworthy story (and that leaves out one other GDPR demand we’ve received in an attempt to disappear a story that I can’t even talk about yet).

When I wrote about all of this both here on Techdirt and on Twitter, I had a bunch of “data protection experts” in Europe completely freak out at me that I had no idea what I was talking about, and how any negative impact was simply the result of everyone misreading the GDPR. I kept trying to point out to them that even if that’s true in theory, out here in the real world, the law was being used to disappear news stories and was creating massive chilling effects and burdens on journalists. And the response was the same: nah, you’re reading the law wrong.

And now we have an even more horrifying story of the damage the GDPR is doing to journalism. There’s a Romanian investigatory journalism publication called RISE Project that has reported on corruption in Romanian politics. Not surprisingly, not everyone is happy about that. OCCRP — the Organized Crime and Corruption Reporting Project — a partner to RISE Project has the worrisome details about how the very Romanian government that RISE Project has been breaking corruption stories on has magically found the need to use the GDPR to demand the journalists turn over their sources.

The full story is a bit complex, but in reporting on Liviu Dragnea, the president of the ruling party in Romania, RISE Project made some connections between Dragnea and a local Romanian company, Tel Drum SA, “currently involved in a massive scandal in Romania.”

RISE Project journalists found proof that Dragnea and his family benefited from Tel Drum SA money and had close relationships with the corporation?s executives. They spent holidays abroad together, went hunting together and Tel Drum SA paid for various construction, maintenance and beautification works at properties belonging to Dragnea?s family. Some of these were posted on RISE Project’s Facebook page.

And, magically, soon after that, the Romanian Data Protection Authority (ANSPDCP), whose boss was appointed by Dragnea’s party (and who is facing some corruption accusations as well), started demanding all sorts of info from RISE Project under the auspices of the GDPR.

Among the demands?

  • The purpose and legal basis of publishing on the Internet (Facebook) of personal data, at the adress;
  • The date/period of time when the said personal data was published on your Facebook account;
  • The source from where the personal data published on Facebook was obtained;
  • The support (electronic and/or physical) where you stored the documents/images published on Facebook;
  • If the mobile storage devices (tablet, HDD, memory stick) were/are password protected or encrypted;
  • If you have other information/documents containing personal data of the said people;
  • If the personal data or documents that contain personal data of the said people were revealed in other circumstances – with the specification of these circumstances;
  • The way in which you informed the said people, in conformity with Art. 13-14 of GDPR.

Now, I don’t know about you, but given all of the circumstances, the idea that these demands have anything to do with “data protection,” and not the government implicated by this reporting trying to find out who snitched on them, seems perhaps far fetched. But, the Data Protection Authority is warning RISE Project that if it fails to hand over all of the above information, it faces fines of up to €20,000,000. I am guessing that an independent investigative journalism operation doesn’t have that much cash to spare.

This, of course, puts the organization is quite a tight spot. Giving up its sources is a massive journalistic sin, especially when the real reasons for the demands are so transparent. But the risk of being embroiled in deathly litigation can’t be much fun either.

And I know (I know) those very same “data protection” geeks who were screaming at me a few weeks ago are already screaming about just how terrible this article is because clearly the GDPR has built in protections for media organizations, so obviously this is the Romanian Data Protection Authority abusing its powers. To paraphrase these GDPRbros, “the problem is clearly with the Romanian Data Protection Authority, not the law.”

Once again, of course, this ignores the reality of what is actually happening today. Sure, it would be great if governments and the politically powerful didn’t abuse the laws to their own advantage and against the public interest, but when has that happened recently? The backers of the GDPR brought us this mess, and created a law that can plausibly be used in a manner where the threats alone are chilling to journalism.

And if you think it’s bad now, just wait until more and more powerful individuals and entities realize this. This (again) shouldn’t surprise anyone. We’ve seen it for decades with the DMCA. Once it clicked in people’s brains that “oh, hey, this is a tool for censorship,” it got used widely as the tool to take down anything you didn’t like. And it was pretty successful at that. The GDPR is an even more powerful tool, because the potential fines are orders of magnitude larger than a copyright infringement award. Anyone still insisting that the GDPR isn’t a problem for journalists because they’ve written in exceptions — after all this — is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.

Filed Under: , , , ,
Companies: rise project, tel drum sa

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Yet Another GDPR Disaster: Journalists Ordered To Hand Over Secret Sources Under 'Data Protection' Law”

Subscribe: RSS Leave a comment
Tanner Andrews (profile) says:

Some Advantages to Off-Shore Operations

For an entity like the Romanian investigatory journalism group, being off shore (or at least having the public face off shore) could be an advantage. It is less likely that a foreign court would be sensitive to the pain felt by the presidential cronies.

On the other hand, for a US entity, it can be good to be somewhere not too closely allied to the US govt. Being off shore offers some real protections. It is certainly not impenetrable, if the host govt decides to turn you over you can still be cooked. But it is better than being within the easy reach of the feds.

I can offer little specific guidance as to good places for relocation. (That’s not my job. My job is to try to prise the information out of the govt in the first place.)

Anonymous Coward says:

Re: Some Advantages to Off-Shore Operations

On the other hand, for a US entity, it can be good to be somewhere not too closely allied to the US govt. Being off shore offers some real protections.

Considering that the US government considers it’s authority to be worldwide, I don’t see much "real protection" there.

Narcissus (profile) says:

“the problem is clearly with the Romanian Data Protection Authority, not the law.”

Yes, it clearly is. However in a country where corruption is more a way of life than an exception (you even need to fork over some cash to get a doctor’s appointment) it would’ve been nice if somebody built in some safeguards to prevent this from happening. I’m fairly sure the RDPA could find a “friendly” judge somewhere.

Or we could not try to fix something that’s not broken but who am I to stand in the way of the bureaucrats.

Anonymous Coward says:

Sorry, but this is BS

It shouldn’t surprise anyone that a corrupt government tries to intimidate and punish journalists. The GDPR isn’t causing this disaster, it’s misused as leverage in an illegal way. If there wouldn’t be the GDPR the government would use some other bogus way for putting pressure on the journalists. This is nothing new for corrupt Romanian politicians. Please check the facts before blaming an EU regulation just because you don’t like it and it fits your political agenda.

JoeCool (profile) says:

Re: Sorry, but this is BS

Anyone still insisting that the GDPR isn’t a problem for journalists because they’ve written in exceptions — after all this — is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.

You really called it, Mike. They’re already out spewing their nonsense. 🙂

Anonymous Coward says:

Re: Sorry, but this is BS

Granted, this government would have looked for any way to stop RISE.

In this case, they’ve picked GDPR. Reasons for doing so are likely that it affords them the easiest and most punishing method to attack RISE.

Now. Since GDPR is awesome, please advise what meaningful protections it has against being abused in this fashion. Is there a way to throw it back in the Romanian government’s face? Some penalty for bad actors? What is RISE supposed to do when faced with the actions against under the GDPR?

Anonymous Coward says:

That is not all

That is not the only disaster. One by one one the non main stream world news sites are locking people out if they can not track you, you will not accept their adds which move and shake all over your screen, and do not register.

This week I lost two more non European sites. One due to adds and one that wants to spread some virus.

Anonymous Coward says:

when is it going to dawn on people that, ever since the purposefully induced ‘financial crisis’ almost every country changed to having Conservative based governments and every one of those governments is interested in nothing other than protecting itself, it’s members and associates, pluse very high positioned member of the security forces, the judicial services, the rich, the famous and the powerful while at the exact same time making sure that they all know everything about everyone else!! the planet has become nothing but a giant slavery organisation where we can be accused, arrested, tried, sentenced, then, if lucky, jailed, if unlucky ‘disappeared’! the only way it will change is when the [people finally realise they are being royally screwed, grow some and start voting these governments and ultimately these people, their laws and mindsets out of ruling positions!!

trollificus (profile) says:

Re: Re:

Your conspiracy theory is as stupid as most conspiracy theories.

Please note the absence of reality in your claims that most democracies have elected conservative governments. Germany? France? Italy, after the economic crisis in 2008? US elected Obama twice. UK had Labour, then undecided in 2010. FAR from what you claim, if you want to go country-by-country. Canada? Australia? Not conservative.

Point of fact: the government in charge of the EU is not conservative and is passing data control and ‘right to be forgotten” legislation that will benefit it greatly in assuring that the member states of the EU do NOT elect conservative governments which might act contrary to the interests of the Eurocrats in Brussels.

IOW, it’s your good guys who are doing the bad things. But “keep putting your head in the sand and ignoring the reality around you to pretend that what you want to be true actually is”. It’s a very popular thing to do.

Seegras (profile) says:

Re: Re: Re:

Your entire post rest on a completely bogus interpretation of the word “conservative”.

What we have is an overwhelming collection of authoritarian-right governments:
And the USA too: including Obama: Canada also:
And the UK, look where Labour stands:

Also, this has nothing to do with “conservative”, because

Wendy Cockcroft (user link) says:

Re: Re: Re: Re:

Great post, Seegras. I totally agree with you.

I think we also agree that if the political spectrum ran from authoritarian to libertarian we’d see a big shift in the partisan opinions around here.

The fact is, both the left/progressive and the right sides of the aisle have their authoritarian factions.

I’ve also noticed that people tend to swing right when they’re scared and left when they feel that they’ve run out of options for effecting change.

Meanwhile, there may be some merit in Anonymous Coward, 19 Nov 2018 @ 5:37am’s argument given that, of the major media owners, the biggest players are multinational operations. These in turn tend towards right-wingery and therefore entrench right-wing attitudes in the public. See Brexit for details.

The most pernicious thing they’ve done is to present themselves as mainstream so that any viewpoint to the left of theirs is considered left wing. I’ve not changed my mind on most of the things I agree with in over thirty years and have been characterised as a lefty because of it. As an actual non-change-liking conservative I resent the hell out of it when some toerag moves the political goal posts again.

mcinsand (profile) says:

Re: Greatest, fastest library in history still very much a library

The Internet makes finding articles, thoughts, documents much easier to find. We can find more faster in less than a second than we would ever find in a traditional library in days (at best). However, much like the brick-and-mortar paper libraries, not everything we can find is worth finding. The speed and volume do not eliminate the need for critical thought. This definitely applies to comments. The Anonymous Cowards and OOTBs really don’t seem to have much going on between the ears, but Techdirt has a good number of intelligent contributors to the comments section. The latter group makes tolerating the former worthwhile.

trollificus (profile) says:

Re: Re:


TechDirt comments make you want to bail on the Internet?? Wow. The list of places with worse content and/or comments is…wow. Just, don’t look, otherwise you’d have to answer your own question “No, it isn’t.”

Sorry, it’s just that being put off by the comments on TD is like being turned of YouTube comment threads because of the difficulty of the intellectual content there. It’s just…wow…

Peter (profile) says:

On a separate note ...

The request is a pretty good template to send to any business you have a grudge with. Should cost them a pretty penny to compile all this information.

And yes, while it is a pretty far-reaching interpretation, the GDPR does appear to provide a legal basis for requesting this information. Although it is not clear if a government office can blanket-request copies of these data without breaching data protection laws themselves. After all, the GDPR is about the relationship between individuals and businesses, with government agencies acting as referees or enforcers, but not data collection authorities.

That One Guy (profile) says:

Re: Re: Re:2 On a separate note ...

Are there strong protections, methods of redress, and penalties for abuse of the GDPR?

Not just ‘Are their penalties for abuse?’, but ‘Are the penalties(assuming they exist) even remotely similar in scale?’

If one side faces potentially tens of millions in fines, and the other side only has to deal with penalties a fraction of that size(that they can simply offload to the taxpayers), then even if there are penalties for abuse they’re worthless as a deterrent.

Wendy Cockcroft says:

Re: On a separate note ...

One thing I resent the hell out of where the GDPR is concerned is that TV channel providers over FreeView (and presumably other cable/broadband services) demand that I sign in to watch TV on their catch-up features before they let me do so. This is a new thing, it only happened in the last few months.

They don’t really need my personal details, the idea is to monitor what I watch in order to use it for marketing, etc.

It is so creepy! They shouldn’t be demanding my data as a condition of service. Needless to say, Our Glorious Leaders are doing nothing about it. So much for referee-ing.

That One Guy (profile) says:

'What do you mean they exploited the loopholes?!'

The parallels with the DMCA grow ever larger, with the people insisting that the law’s not to blame, it’s those dastardly people exploiting it, ever so conveniently ignoring how easy to abuse it is and the people who were saying that before it was passed.

If you pass a law with entirely one-sided penalties, where those on the receiving end either fold or go under due to ruinous fines/legal action and there’s no similar penalty for abuse of the law, you don’t get to be surprised when it’s used/’abused’ to go after people/organizations/companies that someone doesn’t like.

You might as well be shocked that a rock thrown in the air comes down on someone’s head thanks to gravity. Everyone knew it would happen, they’ve seen it happen before, and if you somehow thought it wouldn’t this time despite not putting in place anything to stop it from happening then you’ve nothing to blame but your own ignorance, willful or otherwise.

Anonymous Coward says:

Re: Re:

Because the government is such a shining beacon of privacy and protection? Oh, right – up until the secret services are up in all our asses looking for the next meal ticket or opportunity to lick someone’s boots.

Google and Facebook aren’t saints, but they’re not going to toss me in jail.

Snowden’s leaks really made you piss in your panties huh?

Anonymous Coward says:

I am in marketing here in the US. GDPR pretty much wiped out our database of European people we email. We have to find other ways to reach people.

From a personal perspective, I wish the US would pass GDPR, every bit of it. The bullshit that companies are trying to pass off as protecting consumers is just that, bullshit. I will take the bad with the good, because the good companies are trying to get for the US isn’t good.

Anonymous Coward says:

This is less a GDPR disaster (not that GDPR itself is all that good), it’s more of a corrupt government disaster. On the whole, Romania misusing EU laws to strongarm its citizens is better than being out of the EU and out of any oversight. As another Eastern-European, I vastly prefer being the subject of occasional misuse of well-meant laws from EU politicians that can’t imagine the travesty my government is, compared to the alternative of being under Russian influence and constant use of whatever laws the government wishes to have.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...