OCCRP Strongly Objects to Romania’s Misuse of GDPR to Muzzle Media

Published: 09 November 2018



RISE Project, an award-winning investigative journalism outlet in Romania and OCCRP’s partner, was ordered Thursday by the Romanian Data Protection Authority (ANSPDCP) to reveal its sources under the threat of a fine of up to €20 million based on the European Union’s General Data Protection Regulation (GDPR) directive 679/2016.

RISE Project and its journalists are currently documenting a case relating to the theft of EU funds by the highest political echelons of Romanian politics.

OCCRP and RISE Project believe the Romanian government is trying to use the directive to quash investigative reporting. OCCRP believes this to be a serious misuse of the GDPR by self-interested politicians seeking to protect themselves. We strongly object to this request and our partner has said it will not provide information on sources to the data protection authority despite the its threat to fine RISE Project €650 per day.

The ANSPDCP sent a letter to RISE Project seeking information regarding Facebook posts published by the reporters. These posts established connections between Romania’s most powerful politicians and Tel Drum SA, a Romanian company currently involved in a massive scandal in Romania.

RISE Project has reported on Liviu Dragnea, the president of the ruling Social Democratic Party (PSD), and others who benefited over the years from Tel Drum SA money. Both Dragnea and the Romanian company are being investigated by the Romanian prosecution office for fraud involving European funds.

Dragnea and the Tel Drum SA executives are also accused by prosecutors of creating an organized criminal group and of misusing their position for personal gain.

The Romanian prosecution’s investigation was launched after an audit conducted by the European Anti-Fraud Office (OLAF) “found evidence suggesting collusion between the beneficiary of the funds, public officials and the contractor, including falsification of documents during the procurement procedure...resulting in the payment of €21 million from European Union funds.”

OLAF recommended that the Romanian government seek to recover the €21 million, and to refer the case to the Romanian National Anticorruption Directorate for action.

RISE Project journalists found proof that Dragnea and his family benefited from Tel Drum SA money and had close relationships with the corporation’s executives. They spent holidays abroad together, went hunting together and Tel Drum SA paid for various construction, maintenance and beautification works at properties belonging to Dragnea’s family. Some of these were posted on RISE Project's Facebook page.


While incurring these expenses, the true ownership of Tel Drum SA has been hidden via bearer shares. RISE Project and OCCRP note that the The Fourth EU Anti-Money Laundering Directive (EU 2015/849) (AMLD4) prohibiting bearer shares has not yet been implemented in the country although the implementation deadline was June 2017.

During the same period of time, Tel Drum SA received more than €400 million in EU and Romanian public funds.

Dragnea denies these charges and rejects any connection with Tel Drum SA or the corporation’s business.

Specifically, the data protection authority wants to know how and when RISE Project obtained the information ultimately posted to Facebook, who their source was, how they stored the documents, and what other personal information RISE Project has on Dragnea, Tel Drum executives and their friends. They demanded reporters turn the information over in 10 days or face the fines.

The full ANSPDCP letter both the original in Romanian and an English translation can be consulted here.

OCCRP and Rise Project find the timing and circumstances of this action suspicious.

RISE Project readers, as well as lawyers consulted by the organization, noted the speed at which the Romanian Data Protection Authority reacted in this case while many other cases submitted by Romanian citizens linger for months without action.

The ANSPDCP president, Ancuța Gianina OPRE, was appointed by the PSD to head the Data Protection Authority and is indicted in a corruption case related to embezzlement of state funds.

Dragnea invoked the European data protection legislation last year when he threatened RISE Project with a lawsuit after journalists published stories on his connections to Tel Drum SA executives and other Romanian business people indicted for corruption and fraud.

The president of the PSD never sued but soon after these threats were made, the Romanian Anti-Fraud Authority (ANAF) raided RISE Project’s offices, saying they suspected the organization of fraud. The investigation carried out by ANAF never uncovered any such fraud.

RISE Project discovered that the initial complaint ANAF used to target RISE was a forgery filed by a non-existent person, with a non-existent physical address who falsely claimed that she worked as an accountant at the media house.

RISE Project is an internationally respected and award winning organization that is a long-time member of OCCRP where they helped report the Russian and Azerbaijan Laundromat projects. It is a member of the Global Investigative Journalism Network and its journalists are also members of the International Consortium of Investigative Journalists with whom they reported the Panama and Paradise Papers. RISE articles and findings have been published internationally by press agencies and some of the biggest media outlets in the world.

The GDPR requires protections for journalism. Its intent was not to quash reporting and its political use by the Romanian government is cynical and repulsive. OCCRP and RISE Project urge European authorities to immediately put a halt to its misuse and Romanian authorities to immediately cease its harassment of RISE.