Bulgarian MPs approved the second and final reading of amendments to the country’s data protection law on January 24, which transposes the European Union’s general data protection regulation (GDPR), but some groups voiced concerns that the changes could have a negative impact on media freedom.
One of the new provisions lists 10 criteria regarding the use of personal data for “journalistic purposes and the purposes of academic, artistic or literary expression.”
An earlier draft of this provision was criticised by the Access to Information Programme, a transparency NGO, which said that it could lead to attempts to infringe on the freedom of speech of media outlets critical of the government.
Instead, the provision was amended in committee to read that the criteria would be used “to judge the balance between the freedom of speech and the right to personal data protection, as applicable.”
Although the specific criteria were taken from cases heard by the European Court of Human Rights, it was unclear whether listing them in the law would lead to a “precise balance,” which would have to be seen from future implementation of the law, the head of the Access to Information Programme’s legal team, Alexander Kashumov, wrote in a blog post last week.
The criteria in question include the nature of the data, the impact that public disclosure will have on a subject’s personal life and good name, the importance of said disclosure for public interest, the circumstance in which the personal data was acquired and “the goal, contents, format and repercussions of the publication.”
Additionally, the amended law gives additional powers to the country’s data protection commission to carry out checks that those criteria have been satisfied and open administrative proceedings if it finds breaches of the data protection law. At the same time, however, the commission’s actions cannot infringe on the protection granted to journalistic sources, according to the amended law.
Administrative sanctions for breaching this provision would carry penalties under article 83, paragraph 5 of GDPR, which envisions fines of up to 20 million euro or up to four per cent of the total worldwide annual turnover of the preceding financial year, whichever is higher.
State institutions will also be able to deny access to information requests based on data protection considerations.
The Association of European Journalists-Bulgaria, a media freedom NGO, criticised the bill saying that it ran counter to the spirit of the GDPR and failed to guarantee freedom of speech, which put it at odds with country’s constitution.
It called on President Roumen Radev to veto the bill and send it back to Parliament.
(Bulgarian Parliament photo: Clive Leviev-Sawyer)