Krassen Nikolov is a journalist specialised in judiciary affairs. He works for Mediapool and is a regular contributor for BulgarianPresidency.eu for the six months of the Bulgarian Presidency of the Council of the EU.
Over the past 15 years, Bulgaria has collapsed with 77 positions in the Reporters Without Borders media freedom index. It is now in 111th place, being in the last position among all EU countries and the Balkans (excluding Turkey).
“Reporters Without Borders” names the MP from DPS and media tycoon Delyan Peevski as the embodiment of this aberrant state of affairs, as well as the government’s non-transparent media funding. Now the few remaining independent media in Bulgaria may face another unexpected danger – the General Data Protection Regulation (GDPR).
GDPR enters into force on 25 May, and each country has to adapt its legislation. Bulgaria will adapt its Personal Data Protection Act. The draft was prepared by the Commission for the Protection of Personal Data and launched for public consultation for a period of 18 days, although the usual term is at least a month. The authorities have not realised that GDPR has a huge impact on the companies and the media in the country, and the draft law controversial, to say the least.
Advocate Alexander Kashumov is the director of the legal program of the non-governmental organization AIP, which has a good international reputation. Bulgaria is one of the first countries in the world to adopt a special Access to Public Information Act, on the initiative of AIP. Also, AIP is the only organisation in the country that assists pro bono citizens and journalists in seeking information and protecting their personal data.
Kashumov warns: “In the Bulgarian draft law there are texts that are probably written with good intentions, but they raise concerns that they will have a serious negative effect on the media, and if they are adopted, every journalist will have to make a preliminary assessment by 10 criteria, whether his publications violate the law”.
Journalists will assess whether the people they are writing for are truly public figures. They will have to assess whether what they are writing about really concerns the public interest and whether the disclosure of personal data serves this interest. This includes not only publishing stories, but also photographing public places. The texts in the law are so vague that virtually all journalists may be investigated for violation of the Bulgarian version of GDPR.
“There is a danger of using the public and personal journalistic databases because they necessarily include personal data. Even the profiling of figures of public interest is within the scope of the law,” the lawyer added. He reminded that the European directive does not set such requirements, but directly excludes journalists from the scope of many of the restrictions.
“The European directive states that certain obligations that otherwise exist in the processing of personal data do not apply to journalism, and this closes the issue. In Bulgaria they engage in complex legal constructions that would make journalism impossible. The Bulgarian regulations risk to increase manyfold the possibility for journalists to be charged, especially those inconvenient”, Kashumov explains.
There is another big difference between GDPR and its Bulgarian version. GDPR introduces huge fines for companies violating the privacy policy. They reach €20 million or 4% of the company’s worldwide turnover. The larger of the two fines applies. Bulgaria also intends to introduce a minimum fine threshold of €5,000. This would have a detrimental effect on small businesses, especially journalists.
“This is a totally disproportionate sanction, especially in the case of journalistic expression. We are signaling this, but for the time being we do not see an understanding, this version of the law is dangerous. The public environment in Bulgaria is not good for media freedom. Various schemes are being used to attack critical publications even at the moment. We have seen this in the last 3-4 years. Turning this legislation to protect personal data as an instrument against the media and free speech can trigger strong self-censorship, which is the biggest problem. The European Court of Human Rights calls it “chilling effect”, because it freezes journalists and they stop to speak freely for fear of possible sanctions”, said Kashumov.
In response to a question whether this is being done consciously to scare the media, Kashumov answers:
“I do not think this is intentional. These legal norms are in line with the previous practice of the Commission for Personal Data Protection, which in many cases did not take into account the importance of freedom of speech and treated the media as simple data administrator. What is the intention doesn’t matter, what is important is how this law could be used The media can be put in this clamp to be obliged to justify any processing of personal data and then be subject to fines Things are not good.”
The second major problem with the law is that it may lead to the closure of the largest public registers in the state – the Commercial Register, the Property Register and judicial registers. The reason is that search in those registers is by the Personal Identification Number of the citizens, which also falls under the protection of the law.
“Fraud and corruption are a very serious problem in Bulgaria and one of the few means of dealing with them is going public. I am worried by the law, because this could lead to a limitation of public registers, destabilisation of civilian turnover and ultimately to fraternising between the state and the crime community”, Kashumov warned.
The Bulgarian Data Protection Commission, which is the author of the GDPR Adaptation Project, has not yet responded publicly to the critics.
Leave a Reply