Yet Another GDPR Disaster: Journalists Ordered To Hand Over Secret Sources Under 'Data Protection' Law
from the this-is-messed-up dept
When the GDPR was being debated, we warned that it would be a disaster for free speech. Now that it's been in effect for about six months, we're seeing that play out in all sorts of ways. We've talked about how it was used to disappear public court documents for an ongoing case, and then used to disappear a discussion about that disappearing court document. And we wrote about how it's been used against us to hide a still newsworthy story (and that leaves out one other GDPR demand we've received in an attempt to disappear a story that I can't even talk about yet).
When I wrote about all of this both here on Techdirt and on Twitter, I had a bunch of "data protection experts" in Europe completely freak out at me that I had no idea what I was talking about, and how any negative impact was simply the result of everyone misreading the GDPR. I kept trying to point out to them that even if that's true in theory, out here in the real world, the law was being used to disappear news stories and was creating massive chilling effects and burdens on journalists. And the response was the same: nah, you're reading the law wrong.
And now we have an even more horrifying story of the damage the GDPR is doing to journalism. There's a Romanian investigatory journalism publication called RISE Project that has reported on corruption in Romanian politics. Not surprisingly, not everyone is happy about that. OCCRP -- the Organized Crime and Corruption Reporting Project -- a partner to RISE Project has the worrisome details about how the very Romanian government that RISE Project has been breaking corruption stories on has magically found the need to use the GDPR to demand the journalists turn over their sources.
The full story is a bit complex, but in reporting on Liviu Dragnea, the president of the ruling party in Romania, RISE Project made some connections between Dragnea and a local Romanian company, Tel Drum SA, "currently involved in a massive scandal in Romania."
RISE Project journalists found proof that Dragnea and his family benefited from Tel Drum SA money and had close relationships with the corporation’s executives. They spent holidays abroad together, went hunting together and Tel Drum SA paid for various construction, maintenance and beautification works at properties belonging to Dragnea’s family. Some of these were posted on RISE Project's Facebook page.
And, magically, soon after that, the Romanian Data Protection Authority (ANSPDCP), whose boss was appointed by Dragnea's party (and who is facing some corruption accusations as well), started demanding all sorts of info from RISE Project under the auspices of the GDPR.
Among the demands?
- The purpose and legal basis of publishing on the Internet (Facebook) of personal data, at the adress https://www.facebook.com/notes/rise-project/teleormanleaks/1937024593056150;
- The date/period of time when the said personal data was published on your Facebook account;
- The source from where the personal data published on Facebook was obtained;
- The support (electronic and/or physical) where you stored the documents/images published on Facebook;
- If the mobile storage devices (tablet, HDD, memory stick) were/are password protected or encrypted;
- If you have other information/documents containing personal data of the said people;
- If the personal data or documents that contain personal data of the said people were revealed in other circumstances - with the specification of these circumstances;
- The way in which you informed the said people, in conformity with Art. 13-14 of GDPR.
This, of course, puts the organization is quite a tight spot. Giving up its sources is a massive journalistic sin, especially when the real reasons for the demands are so transparent. But the risk of being embroiled in deathly litigation can't be much fun either.
And I know (I know) those very same "data protection" geeks who were screaming at me a few weeks ago are already screaming about just how terrible this article is because clearly the GDPR has built in protections for media organizations, so obviously this is the Romanian Data Protection Authority abusing its powers. To paraphrase these GDPRbros, "the problem is clearly with the Romanian Data Protection Authority, not the law."
Once again, of course, this ignores the reality of what is actually happening today. Sure, it would be great if governments and the politically powerful didn't abuse the laws to their own advantage and against the public interest, but when has that happened recently? The backers of the GDPR brought us this mess, and created a law that can plausibly be used in a manner where the threats alone are chilling to journalism.
And if you think it's bad now, just wait until more and more powerful individuals and entities realize this. This (again) shouldn't surprise anyone. We've seen it for decades with the DMCA. Once it clicked in people's brains that "oh, hey, this is a tool for censorship," it got used widely as the tool to take down anything you didn't like. And it was pretty successful at that. The GDPR is an even more powerful tool, because the potential fines are orders of magnitude larger than a copyright infringement award. Anyone still insisting that the GDPR isn't a problem for journalists because they've written in exceptions -- after all this -- is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: europe, gdpr, journalism, liviu dragnea, romania
Companies: rise project, tel drum sa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Some Advantages to Off-Shore Operations
For an entity like the Romanian investigatory journalism group, being off shore (or at least having the public face off shore) could be an advantage. It is less likely that a foreign court would be sensitive to the pain felt by the presidential cronies.
On the other hand, for a US entity, it can be good to be somewhere not too closely allied to the US govt. Being off shore offers some real protections. It is certainly not impenetrable, if the host govt decides to turn you over you can still be cooked. But it is better than being within the easy reach of the feds.
I can offer little specific guidance as to good places for relocation. (That's not my job. My job is to try to prise the information out of the govt in the first place.)
[ link to this | view in chronology ]
Re: Some Advantages to Off-Shore Operations
[ link to this | view in chronology ]
Re: Some Advantages to Off-Shore Operations
Considering that the US government considers it's authority to be worldwide, I don't see much "real protection" there.
[ link to this | view in chronology ]
Re: Re: Some Advantages to Off-Shore Operations
Not everyone.
[ link to this | view in chronology ]
Re: Re: Re: Some Advantages to Off-Shore Operations
Not everyone.
Hell, if we're going with the sense of "authority" that includes legitimacy, I'm not sure the government really has all that much of it right here in the US.
[ link to this | view in chronology ]
Re: Re: Re: Re: Some Advantages to Off-Shore Operations
I think the mid terms restored a bit of confidence in the functions of elections, but there is still a lot of uncertainty about how legitimate the government is at present.
[ link to this | view in chronology ]
Yes, it clearly is. However in a country where corruption is more a way of life than an exception (you even need to fork over some cash to get a doctor's appointment) it would've been nice if somebody built in some safeguards to prevent this from happening. I'm fairly sure the RDPA could find a "friendly" judge somewhere.
Or we could not try to fix something that's not broken but who am I to stand in the way of the bureaucrats.
[ link to this | view in chronology ]
OCRAP
[ link to this | view in chronology ]
Sorry, but this is BS
[ link to this | view in chronology ]
Re: Sorry, but this is BS
You really called it, Mike. They're already out spewing their nonsense. :)
[ link to this | view in chronology ]
Re: Sorry, but this is BS
In this case, they've picked GDPR. Reasons for doing so are likely that it affords them the easiest and most punishing method to attack RISE.
Now. Since GDPR is awesome, please advise what meaningful protections it has against being abused in this fashion. Is there a way to throw it back in the Romanian government's face? Some penalty for bad actors? What is RISE supposed to do when faced with the actions against under the GDPR?
[ link to this | view in chronology ]
Re: Re: Sorry, but this is BS
What is RISE supposed to do when faced with the actions against under the GDPR?
Bankrupt themselves by going to court to defend themselves from being forced to pay a fine meant to bankrupt them.
[ link to this | view in chronology ]
Re: Re: Re: Sorry, but this is BS
[ link to this | view in chronology ]
Re: Sorry, but this is BS
In that case, let me know when the order is cancelled and Interpol arrest warrants are issued for the government officials involved. Should be sometime later today, right?
[ link to this | view in chronology ]
That is not all
This week I lost two more non European sites. One due to adds and one that wants to spread some virus.
[ link to this | view in chronology ]
Re: That is not all
[ link to this | view in chronology ]
Re: That is not all
Does this have something to do with GDPR, or you just wanted to complain about it?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Please note the absence of reality in your claims that most democracies have elected conservative governments. Germany? France? Italy, after the economic crisis in 2008? US elected Obama twice. UK had Labour, then undecided in 2010. FAR from what you claim, if you want to go country-by-country. Canada? Australia? Not conservative.
Point of fact: the government in charge of the EU is not conservative and is passing data control and 'right to be forgotten" legislation that will benefit it greatly in assuring that the member states of the EU do NOT elect conservative governments which might act contrary to the interests of the Eurocrats in Brussels.
IOW, it's your good guys who are doing the bad things. But "keep putting your head in the sand and ignoring the reality around you to pretend that what you want to be true actually is". It's a very popular thing to do.
[ link to this | view in chronology ]
Re: Re:
What we have is an overwhelming collection of authoritarian-right governments: https://www.politicalcompass.org/euchart
And the USA too:
https://www.politicalcompass.org/uselection2016 including Obama: https://www.politicalcompass.org/uselection2012 Canada also:
https://www.politicalcompass.org/canada2015
And the UK, look where Labour stands: https://www.politicalcompass.org/uk2015
Also, this has nothing to do with "conservative", because https://seegras.discordia.ch/Blog/conservativism-isnt/
[ link to this | view in chronology ]
Re: Re: Re:
Great post, Seegras. I totally agree with you.
I think we also agree that if the political spectrum ran from authoritarian to libertarian we'd see a big shift in the partisan opinions around here.
The fact is, both the left/progressive and the right sides of the aisle have their authoritarian factions.
I've also noticed that people tend to swing right when they're scared and left when they feel that they've run out of options for effecting change.
Meanwhile, there may be some merit in Anonymous Coward, 19 Nov 2018 @ 5:37am's argument given that, of the major media owners, the biggest players are multinational operations. These in turn tend towards right-wingery and therefore entrench right-wing attitudes in the public. See Brexit for details.
The most pernicious thing they've done is to present themselves as mainstream so that any viewpoint to the left of theirs is considered left wing. I've not changed my mind on most of the things I agree with in over thirty years and have been characterised as a lefty because of it. As an actual non-change-liking conservative I resent the hell out of it when some toerag moves the political goal posts again.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"No Problem Here"
John Smith would love a dictator, it seems.
[ link to this | view in chronology ]
That is an unfair assumption. He might be aromantic and only want to be platonic friends with a dictator.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
So Shiva is a necrophiliac rapist in your opinion?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Greatest, fastest library in history still very much a library
[ link to this | view in chronology ]
Re: Greatest, fastest library in history still very much a library
That's funny coming from someone posting anonymously.
[ link to this | view in chronology ]
Re: tl;dr
...no, he's posting pseudonymously. You're posting anonymously.
[ link to this | view in chronology ]
Re: Re: tl;dr
And you're posting pedantonymously.
[ link to this | view in chronology ]
Re: Re: Re: tl;dr
I mean, it's relevant. mcinsand criticized ACs, and then an AC was all like "but you're an AC!" and I'm like "no he's not, he has a name right there."
If it makes you feel any better, I'm sure he didn't mean all ACs. Probably just Chip and Hamilton.
[ link to this | view in chronology ]
Re: Re: Re: Re: tl;dr
Gotta admit though, "pedantonymously" is an amusing portmanteau (Protologism? I'm not sure, I seem to have misplaced my Pocket Chomsky).
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: tl;dr
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: tl;dr
Damn, there really is an xkcd for everything.
[ link to this | view in chronology ]
Re:
Amirite?
[ link to this | view in chronology ]
Re:
TechDirt comments make you want to bail on the Internet?? Wow. The list of places with worse content and/or comments is...wow. Just, don't look, otherwise you'd have to answer your own question "No, it isn't."
Sorry, it's just that being put off by the comments on TD is like being turned of YouTube comment threads because of the difficulty of the intellectual content there. It's just...wow...
[ link to this | view in chronology ]
On a separate note ...
And yes, while it is a pretty far-reaching interpretation, the GDPR does appear to provide a legal basis for requesting this information. Although it is not clear if a government office can blanket-request copies of these data without breaching data protection laws themselves. After all, the GDPR is about the relationship between individuals and businesses, with government agencies acting as referees or enforcers, but not data collection authorities.
[ link to this | view in chronology ]
Re: On a separate note ...
[ link to this | view in chronology ]
Re: Re: On a separate note ...
If it's anything like the DMCA penalties for abuse are entirely theoretical, requiring a near impossibly high bar to be met to kick in, and as such in practice don't exist.
[ link to this | view in chronology ]
Re: Re: Re: On a separate note ...
GDPR proponents, come at me and clear this up. Are there strong protections, methods of redress, and penalties for abuse of the GDPR? Are they easily accessible and understood?
[ link to this | view in chronology ]
Re: Re: Re: Re: On a separate note ...
Are there strong protections, methods of redress, and penalties for abuse of the GDPR?
Not just 'Are their penalties for abuse?', but 'Are the penalties(assuming they exist) even remotely similar in scale?'
If one side faces potentially tens of millions in fines, and the other side only has to deal with penalties a fraction of that size(that they can simply offload to the taxpayers), then even if there are penalties for abuse they're worthless as a deterrent.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: On a separate note ...
If there were protections I wouldn't have posted this comment.
Methinks it's one of those "being seen to be doing something" laws.
[ link to this | view in chronology ]
Re: On a separate note ...
They don't really need my personal details, the idea is to monitor what I watch in order to use it for marketing, etc.
It is so creepy! They shouldn't be demanding my data as a condition of service. Needless to say, Our Glorious Leaders are doing nothing about it. So much for referee-ing.
[ link to this | view in chronology ]
Watch What You Ask For
You really have to watch what you ask for. When someone from the government offers to help, Be Very Afraid.
[ link to this | view in chronology ]
Re: Watch What You Ask For
[ link to this | view in chronology ]
'What do you mean they exploited the loopholes?!'
The parallels with the DMCA grow ever larger, with the people insisting that the law's not to blame, it's those dastardly people exploiting it, ever so conveniently ignoring how easy to abuse it is and the people who were saying that before it was passed.
If you pass a law with entirely one-sided penalties, where those on the receiving end either fold or go under due to ruinous fines/legal action and there's no similar penalty for abuse of the law, you don't get to be surprised when it's used/'abused' to go after people/organizations/companies that someone doesn't like.
You might as well be shocked that a rock thrown in the air comes down on someone's head thanks to gravity. Everyone knew it would happen, they've seen it happen before, and if you somehow thought it wouldn't this time despite not putting in place anything to stop it from happening then you've nothing to blame but your own ignorance, willful or otherwise.
[ link to this | view in chronology ]
Story you can't talk about?
why, per chance, would you be bound by the GDPR?
This is a purely european shitshow, that has no bearing on you.
This is from a german, that really hates (with a capital H) the GDPR.
GDPR delenda est!!!
Cheers, oliver
[ link to this | view in chronology ]
Giving them enough rope to hang themselves
Clearly it's a ploy to give the one making the demands time to come out with even more details TD can then use to mock them in a public post pointing out that, nah, they're not going to do any of that, because would you look at that, they aren't in the EU.
[ link to this | view in chronology ]
Is this "I can't talk about the GDPR demand" or "there is a GDPR demand about a story, but I cannot talk about the story itself"?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
who had this as one of the horrible outcomes they EU kept saying would NEEEEEEEEEEVER happen.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
You're a moron.
[ link to this | view in chronology ]
Re:
Bad people sometimes abuse laws, therefore we should just craft better laws that are less easily abused by the rich and powerful to censor their critics.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Google and Facebook aren't saints, but they're not going to toss me in jail.
Snowden's leaks really made you piss in your panties huh?
[ link to this | view in chronology ]
Anyone ready?
Probably wont get a link from Google, but who cares...we sit in the background HOLDING/GATHERING INFO ont he popular people..
[ link to this | view in chronology ]
From a personal perspective, I wish the US would pass GDPR, every bit of it. The bullshit that companies are trying to pass off as protecting consumers is just that, bullshit. I will take the bad with the good, because the good companies are trying to get for the US isn't good.
[ link to this | view in chronology ]
GDPR isn't a problem for journalists
[ link to this | view in chronology ]
GDPR isn't a problem for journalists
[ link to this | view in chronology ]
[ link to this | view in chronology ]