Yet Another GDPR Disaster: Journalists Ordered To Hand Over Secret Sources Under 'Data Protection' Law
from the this-is-messed-up dept
When the GDPR was being debated, we warned that it would be a disaster for free speech. Now that it’s been in effect for about six months, we’re seeing that play out in all sorts of ways. We’ve talked about how it was used to disappear public court documents for an ongoing case, and then used to disappear a discussion about that disappearing court document. And we wrote about how it’s been used against us to hide a still newsworthy story (and that leaves out one other GDPR demand we’ve received in an attempt to disappear a story that I can’t even talk about yet).
When I wrote about all of this both here on Techdirt and on Twitter, I had a bunch of “data protection experts” in Europe completely freak out at me that I had no idea what I was talking about, and how any negative impact was simply the result of everyone misreading the GDPR. I kept trying to point out to them that even if that’s true in theory, out here in the real world, the law was being used to disappear news stories and was creating massive chilling effects and burdens on journalists. And the response was the same: nah, you’re reading the law wrong.
And now we have an even more horrifying story of the damage the GDPR is doing to journalism. There’s a Romanian investigatory journalism publication called RISE Project that has reported on corruption in Romanian politics. Not surprisingly, not everyone is happy about that. OCCRP — the Organized Crime and Corruption Reporting Project — a partner to RISE Project has the worrisome details about how the very Romanian government that RISE Project has been breaking corruption stories on has magically found the need to use the GDPR to demand the journalists turn over their sources.
The full story is a bit complex, but in reporting on Liviu Dragnea, the president of the ruling party in Romania, RISE Project made some connections between Dragnea and a local Romanian company, Tel Drum SA, “currently involved in a massive scandal in Romania.”
RISE Project journalists found proof that Dragnea and his family benefited from Tel Drum SA money and had close relationships with the corporation?s executives. They spent holidays abroad together, went hunting together and Tel Drum SA paid for various construction, maintenance and beautification works at properties belonging to Dragnea?s family. Some of these were posted on RISE Project’s Facebook page.
And, magically, soon after that, the Romanian Data Protection Authority (ANSPDCP), whose boss was appointed by Dragnea’s party (and who is facing some corruption accusations as well), started demanding all sorts of info from RISE Project under the auspices of the GDPR.
Among the demands?
- The purpose and legal basis of publishing on the Internet (Facebook) of personal data, at the adress https://www.facebook.com/notes/rise-project/teleormanleaks/1937024593056150;
- The date/period of time when the said personal data was published on your Facebook account;
- The source from where the personal data published on Facebook was obtained;
- The support (electronic and/or physical) where you stored the documents/images published on Facebook;
- If the mobile storage devices (tablet, HDD, memory stick) were/are password protected or encrypted;
- If you have other information/documents containing personal data of the said people;
- If the personal data or documents that contain personal data of the said people were revealed in other circumstances – with the specification of these circumstances;
- The way in which you informed the said people, in conformity with Art. 13-14 of GDPR.
Now, I don’t know about you, but given all of the circumstances, the idea that these demands have anything to do with “data protection,” and not the government implicated by this reporting trying to find out who snitched on them, seems perhaps far fetched. But, the Data Protection Authority is warning RISE Project that if it fails to hand over all of the above information, it faces fines of up to €20,000,000. I am guessing that an independent investigative journalism operation doesn’t have that much cash to spare.
This, of course, puts the organization is quite a tight spot. Giving up its sources is a massive journalistic sin, especially when the real reasons for the demands are so transparent. But the risk of being embroiled in deathly litigation can’t be much fun either.
And I know (I know) those very same “data protection” geeks who were screaming at me a few weeks ago are already screaming about just how terrible this article is because clearly the GDPR has built in protections for media organizations, so obviously this is the Romanian Data Protection Authority abusing its powers. To paraphrase these GDPRbros, “the problem is clearly with the Romanian Data Protection Authority, not the law.”
Once again, of course, this ignores the reality of what is actually happening today. Sure, it would be great if governments and the politically powerful didn’t abuse the laws to their own advantage and against the public interest, but when has that happened recently? The backers of the GDPR brought us this mess, and created a law that can plausibly be used in a manner where the threats alone are chilling to journalism.
And if you think it’s bad now, just wait until more and more powerful individuals and entities realize this. This (again) shouldn’t surprise anyone. We’ve seen it for decades with the DMCA. Once it clicked in people’s brains that “oh, hey, this is a tool for censorship,” it got used widely as the tool to take down anything you didn’t like. And it was pretty successful at that. The GDPR is an even more powerful tool, because the potential fines are orders of magnitude larger than a copyright infringement award. Anyone still insisting that the GDPR isn’t a problem for journalists because they’ve written in exceptions — after all this — is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.
Filed Under: europe, gdpr, journalism, liviu dragnea, romania
Companies: rise project, tel drum sa
Comments on “Yet Another GDPR Disaster: Journalists Ordered To Hand Over Secret Sources Under 'Data Protection' Law”
Some Advantages to Off-Shore Operations
For an entity like the Romanian investigatory journalism group, being off shore (or at least having the public face off shore) could be an advantage. It is less likely that a foreign court would be sensitive to the pain felt by the presidential cronies.
On the other hand, for a US entity, it can be good to be somewhere not too closely allied to the US govt. Being off shore offers some real protections. It is certainly not impenetrable, if the host govt decides to turn you over you can still be cooked. But it is better than being within the easy reach of the feds.
I can offer little specific guidance as to good places for relocation. (That’s not my job. My job is to try to prise the information out of the govt in the first place.)
Re: Some Advantages to Off-Shore Operations
As far as a US enity do not forget that Broward County Florida is in the US.
Re: Some Advantages to Off-Shore Operations
Considering that the US government considers it’s authority to be worldwide, I don’t see much "real protection" there.
Re: Re: Some Advantages to Off-Shore Operations
“Considering that the US government considers it’s authority to be worldwide”
Not everyone.
Re: Re: Re: Some Advantages to Off-Shore Operations
Not everyone.
Hell, if we’re going with the sense of "authority" that includes legitimacy, I’m not sure the government really has all that much of it right here in the US.
Re: Re: Re:2 Some Advantages to Off-Shore Operations
Agreed.
I think the mid terms restored a bit of confidence in the functions of elections, but there is still a lot of uncertainty about how legitimate the government is at present.
“the problem is clearly with the Romanian Data Protection Authority, not the law.”
Yes, it clearly is. However in a country where corruption is more a way of life than an exception (you even need to fork over some cash to get a doctor’s appointment) it would’ve been nice if somebody built in some safeguards to prevent this from happening. I’m fairly sure the RDPA could find a “friendly” judge somewhere.
Or we could not try to fix something that’s not broken but who am I to stand in the way of the bureaucrats.
OCRAP
You know that’s how we all read that acronym.
Sorry, but this is BS
It shouldn’t surprise anyone that a corrupt government tries to intimidate and punish journalists. The GDPR isn’t causing this disaster, it’s misused as leverage in an illegal way. If there wouldn’t be the GDPR the government would use some other bogus way for putting pressure on the journalists. This is nothing new for corrupt Romanian politicians. Please check the facts before blaming an EU regulation just because you don’t like it and it fits your political agenda.
Re: Sorry, but this is BS
You really called it, Mike. They’re already out spewing their nonsense. 🙂
Re: Sorry, but this is BS
Granted, this government would have looked for any way to stop RISE.
In this case, they’ve picked GDPR. Reasons for doing so are likely that it affords them the easiest and most punishing method to attack RISE.
Now. Since GDPR is awesome, please advise what meaningful protections it has against being abused in this fashion. Is there a way to throw it back in the Romanian government’s face? Some penalty for bad actors? What is RISE supposed to do when faced with the actions against under the GDPR?
Re: Re: Sorry, but this is BS
What is RISE supposed to do when faced with the actions against under the GDPR?
Bankrupt themselves by going to court to defend themselves from being forced to pay a fine meant to bankrupt them.
Re: Re: Re: Sorry, but this is BS
Hah! That’ll show ’em! Blows against the empire!
Re: Sorry, but this is BS
In that case, let me know when the order is cancelled and Interpol arrest warrants are issued for the government officials involved. Should be sometime later today, right?
That is not all
That is not the only disaster. One by one one the non main stream world news sites are locking people out if they can not track you, you will not accept their adds which move and shake all over your screen, and do not register.
This week I lost two more non European sites. One due to adds and one that wants to spread some virus.
Re: That is not all
Oh! And I forgot to add from the biggest aggerator of all it increasingly appears that it will be only a matter of weeks before it too is gong.
Re: That is not all
Does this have something to do with GDPR, or you just wanted to complain about it?
when is it going to dawn on people that, ever since the purposefully induced ‘financial crisis’ almost every country changed to having Conservative based governments and every one of those governments is interested in nothing other than protecting itself, it’s members and associates, pluse very high positioned member of the security forces, the judicial services, the rich, the famous and the powerful while at the exact same time making sure that they all know everything about everyone else!! the planet has become nothing but a giant slavery organisation where we can be accused, arrested, tried, sentenced, then, if lucky, jailed, if unlucky ‘disappeared’! the only way it will change is when the [people finally realise they are being royally screwed, grow some and start voting these governments and ultimately these people, their laws and mindsets out of ruling positions!!
Re: Re:
Your conspiracy theory is as stupid as most conspiracy theories.
Please note the absence of reality in your claims that most democracies have elected conservative governments. Germany? France? Italy, after the economic crisis in 2008? US elected Obama twice. UK had Labour, then undecided in 2010. FAR from what you claim, if you want to go country-by-country. Canada? Australia? Not conservative.
Point of fact: the government in charge of the EU is not conservative and is passing data control and ‘right to be forgotten” legislation that will benefit it greatly in assuring that the member states of the EU do NOT elect conservative governments which might act contrary to the interests of the Eurocrats in Brussels.
IOW, it’s your good guys who are doing the bad things. But “keep putting your head in the sand and ignoring the reality around you to pretend that what you want to be true actually is”. It’s a very popular thing to do.
Re: Re: Re:
Your entire post rest on a completely bogus interpretation of the word “conservative”.
What we have is an overwhelming collection of authoritarian-right governments: https://www.politicalcompass.org/euchart
And the USA too:
https://www.politicalcompass.org/uselection2016 including Obama: https://www.politicalcompass.org/uselection2012 Canada also:
https://www.politicalcompass.org/canada2015
And the UK, look where Labour stands: https://www.politicalcompass.org/uk2015
Also, this has nothing to do with “conservative”, because https://seegras.discordia.ch/Blog/conservativism-isnt/
Re: Re: Re: Re:
Great post, Seegras. I totally agree with you.
I think we also agree that if the political spectrum ran from authoritarian to libertarian we’d see a big shift in the partisan opinions around here.
The fact is, both the left/progressive and the right sides of the aisle have their authoritarian factions.
I’ve also noticed that people tend to swing right when they’re scared and left when they feel that they’ve run out of options for effecting change.
Meanwhile, there may be some merit in Anonymous Coward, 19 Nov 2018 @ 5:37am’s argument given that, of the major media owners, the biggest players are multinational operations. These in turn tend towards right-wingery and therefore entrench right-wing attitudes in the public. See Brexit for details.
The most pernicious thing they’ve done is to present themselves as mainstream so that any viewpoint to the left of theirs is considered left wing. I’ve not changed my mind on most of the things I agree with in over thirty years and have been characterised as a lefty because of it. As an actual non-change-liking conservative I resent the hell out of it when some toerag moves the political goal posts again.
And? I don’t see a problem here. Masnick is angry because his lawyers can no longer hack the MPAA to dig up dirt on judges they don’t like, such as Jim Hood. When Shiva rapes this rotting, festering corpse of a site I’ll be laughing my head off.
Re: "No Problem Here"
John Smith supports the suppression of corruption-exposing journalists by corrupt governments. He cheers as RISE gets threatened with a €20,000,000 fine.
John Smith would love a dictator, it seems.
Re: Re:
That is an unfair assumption. He might be aromantic and only want to be platonic friends with a dictator.
Re: Re: Re: Re:
A fair point. The aromantic approach likely has a better life expectancy, so it would be the superior choice where dictators are involved.
Re: Re:
Re: Re:
Damn bro. You can’t even get it up with revenge rape fantasies. That’s sad.
The comments here make me wonder if the internet’s worth all the fuss.
Re: Re:
It is.
Re: Greatest, fastest library in history still very much a library
The Internet makes finding articles, thoughts, documents much easier to find. We can find more faster in less than a second than we would ever find in a traditional library in days (at best). However, much like the brick-and-mortar paper libraries, not everything we can find is worth finding. The speed and volume do not eliminate the need for critical thought. This definitely applies to comments. The Anonymous Cowards and OOTBs really don’t seem to have much going on between the ears, but Techdirt has a good number of intelligent contributors to the comments section. The latter group makes tolerating the former worthwhile.
Re: Re: Greatest, fastest library in history still very much a library
That’s funny coming from someone posting anonymously.
Re: Re: Re: tl;dr
…no, he’s posting pseudonymously. You’re posting anonymously.
Re: Re: Re:2 tl;dr
And you’re posting pedantonymously.
Re: Re: Re:3 tl;dr
I mean, it’s relevant. mcinsand criticized ACs, and then an AC was all like "but you’re an AC!" and I’m like "no he’s not, he has a name right there."
If it makes you feel any better, I’m sure he didn’t mean all ACs. Probably just Chip and Hamilton.
Re: Re: Re:4 tl;dr
Gotta admit though, "pedantonymously" is an amusing portmanteau (Protologism? I’m not sure, I seem to have misplaced my Pocket Chomsky).
Re: Re: Re:5 tl;dr
Maybe it’s a malamanteau. https://xkcd.com/739/
Re: Re: Re:6 tl;dr
Damn, there really is an xkcd for everything.
Re: Re:
All what fuss? Maybe all those knee jerk reactions that occurred when print newspapers were a new thing? Because everything is new on the internet and it never existed before.
Amirite?
Re: Re:
Wow.
TechDirt comments make you want to bail on the Internet?? Wow. The list of places with worse content and/or comments is…wow. Just, don’t look, otherwise you’d have to answer your own question “No, it isn’t.”
Sorry, it’s just that being put off by the comments on TD is like being turned of YouTube comment threads because of the difficulty of the intellectual content there. It’s just…wow…
On a separate note ...
The request is a pretty good template to send to any business you have a grudge with. Should cost them a pretty penny to compile all this information.
And yes, while it is a pretty far-reaching interpretation, the GDPR does appear to provide a legal basis for requesting this information. Although it is not clear if a government office can blanket-request copies of these data without breaching data protection laws themselves. After all, the GDPR is about the relationship between individuals and businesses, with government agencies acting as referees or enforcers, but not data collection authorities.
Re: On a separate note ...
The question is, when governments do abuse the legislation, what kind of corrective action can be taken against the government? Is there a penalty for the abuse?
Re: Re: On a separate note ...
If it’s anything like the DMCA penalties for abuse are entirely theoretical, requiring a near impossibly high bar to be met to kick in, and as such in practice don’t exist.
Re: Re: Re: On a separate note ...
If that is the case, then the GDPR is bad legislation.
GDPR proponents, come at me and clear this up. Are there strong protections, methods of redress, and penalties for abuse of the GDPR? Are they easily accessible and understood?
Re: Re: Re:2 On a separate note ...
Are there strong protections, methods of redress, and penalties for abuse of the GDPR?
Not just ‘Are their penalties for abuse?’, but ‘Are the penalties(assuming they exist) even remotely similar in scale?’
If one side faces potentially tens of millions in fines, and the other side only has to deal with penalties a fraction of that size(that they can simply offload to the taxpayers), then even if there are penalties for abuse they’re worthless as a deterrent.
Re: Re: Re:3 On a separate note ...
If there were protections I wouldn’t have posted this comment.
Methinks it’s one of those "being seen to be doing something" laws.
Re: On a separate note ...
One thing I resent the hell out of where the GDPR is concerned is that TV channel providers over FreeView (and presumably other cable/broadband services) demand that I sign in to watch TV on their catch-up features before they let me do so. This is a new thing, it only happened in the last few months.
They don’t really need my personal details, the idea is to monitor what I watch in order to use it for marketing, etc.
It is so creepy! They shouldn’t be demanding my data as a condition of service. Needless to say, Our Glorious Leaders are doing nothing about it. So much for referee-ing.
Watch What You Ask For
You really have to watch what you ask for. When someone from the government offers to help, Be Very Afraid.
Re: Watch What You Ask For
Every Nation weats the Paint chips it Dserves!
'What do you mean they exploited the loopholes?!'
The parallels with the DMCA grow ever larger, with the people insisting that the law’s not to blame, it’s those dastardly people exploiting it, ever so conveniently ignoring how easy to abuse it is and the people who were saying that before it was passed.
If you pass a law with entirely one-sided penalties, where those on the receiving end either fold or go under due to ruinous fines/legal action and there’s no similar penalty for abuse of the law, you don’t get to be surprised when it’s used/’abused’ to go after people/organizations/companies that someone doesn’t like.
You might as well be shocked that a rock thrown in the air comes down on someone’s head thanks to gravity. Everyone knew it would happen, they’ve seen it happen before, and if you somehow thought it wouldn’t this time despite not putting in place anything to stop it from happening then you’ve nothing to blame but your own ignorance, willful or otherwise.
Story you can't talk about?
Hi Mike,
why, per chance, would you be bound by the GDPR?
This is a purely european shitshow, that has no bearing on you.
This is from a german, that really hates (with a capital H) the GDPR.
GDPR delenda est!!!
Cheers, oliver
Re: Giving them enough rope to hang themselves
Clearly it’s a ploy to give the one making the demands time to come out with even more details TD can then use to mock them in a public post pointing out that, nah, they’re not going to do any of that, because would you look at that, they aren’t in the EU.
Is this "I can’t talk about the GDPR demand" or "there is a GDPR demand about a story, but I cannot talk about the story itself"?
Re: Re:
Two separate stories. One that has been disappeared, one that can’t even be discussed. Not complicated unless you’re trying to…ohhhh…
Searches his bingo card…
who had this as one of the horrible outcomes they EU kept saying would NEEEEEEEEEEVER happen.
“Bad people sometimes abuse laws, therefore we should just trust surveillance corporations like Google and Facebook to watch out for our best interests out of the goodness of their hearts” – Mike Masnick
Re: Re:
Yeah. That’s totes what he said.
You’re a moron.
Re: Re:
Bad people sometimes abuse laws, therefore we should just craft better laws that are less easily abused by the rich and powerful to censor their critics.
Re: Re:
Trying to remember … but I do not recall Mike ever posting such to this blog. Got a link?
Re: Re:
Because the government is such a shining beacon of privacy and protection? Oh, right – up until the secret services are up in all our asses looking for the next meal ticket or opportunity to lick someone’s boots.
Google and Facebook aren’t saints, but they’re not going to toss me in jail.
Snowden’s leaks really made you piss in your panties huh?
Anyone ready?
To install a remote installation that Grabs data from news and such on all politics and crime syndicates??
Probably wont get a link from Google, but who cares…we sit in the background HOLDING/GATHERING INFO ont he popular people..
I am in marketing here in the US. GDPR pretty much wiped out our database of European people we email. We have to find other ways to reach people.
From a personal perspective, I wish the US would pass GDPR, every bit of it. The bullshit that companies are trying to pass off as protecting consumers is just that, bullshit. I will take the bad with the good, because the good companies are trying to get for the US isn’t good.
GDPR isn't a problem for journalists
Anyone still insisting that the GDPR isn’t a problem for journalists because they’ve written in exceptions — after all this — is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.
GDPR isn't a problem for journalists
Anyone still insisting that the GDPR isn’t a problem for journalists because they’ve written in exceptions — after all this — is not to be taken seriously. They are putting their heads in the sand and ignoring the reality around them to pretend that what they want to be true actually is.
This is less a GDPR disaster (not that GDPR itself is all that good), it’s more of a corrupt government disaster. On the whole, Romania misusing EU laws to strongarm its citizens is better than being out of the EU and out of any oversight. As another Eastern-European, I vastly prefer being the subject of occasional misuse of well-meant laws from EU politicians that can’t imagine the travesty my government is, compared to the alternative of being under Russian influence and constant use of whatever laws the government wishes to have.