you can't pass regulations requiring governments to protect personal data then get mad when a government goes to protect personal data. Who that data is about, whether a high-profile politician or an average joe, doesn't matter.
Either everyone is protected from third parties gathering data on them, or nobody is. Can't have it both ways.
To be clear, this has nothing to do with personal data protection and everything to do with journalists publishing evidence tying senior Romanian politicians to fraud and the embezzlement of public funds.
This is an issue of free speech and free press. Perverting the privacy regulations is just a means to an end for a corrupt government. Do not mistake that corruption for any sort of privacy protection.
Yeah. I'm entirely convinced that if not in GDPR, they would have found a method to go after these journalists in another law. GDPR has the added benefit of being able to blame it on "we have to comply with EU laws" though.
Yes one can. One can simply exempt the law's application to certain people, e.g. the fourth estate. GDPR does that. The problem, here, is the government is judge, jury and executioner.
Well, technically, the state is always judge, jury and executioner. These functions may devolve to different parts of the state but they are always part of the state.
Which is to say that any law that grants journalists more freedom of expression than the average person is going to run up against the problem of state then aiming to define journalists as "the people we like".
It's like current employment, where it's illegal to fire someone on the grounds of race but legal to fire them "for no reason at all". That situation can protect people but it's clearly rather weak.
> technically, the state is always judge, jury and executioner
Pardon me, I meant to say "prosecutor, judge, jury and executioner." In jury trials, the jury is the jury. Not the government. And in American civil cases, the prosecutor is a private citizen's attorneys. Not the state.
GDPR's structure is highly state-reliant. It's analogous to securities regulation in the United States. Any complaint triggers an investigation by the state, with the state able to bring and decide on charges and fines.
If you trust your government, this isn't a big deal. If you don't trust your government, it is horrific.
> That's not entirely true, for example SEC enforcement is usually a civil action
You are correct, I spoke too broadly.
Ironically, when discussing GDPR's regulatory structure, American securities law is my analogy. It's a high-cost structure. It deters new entrants and encourages bureaucracy. The cost is worth it, with securities, because the risks are so great.
GDPR is one way to do privacy regulation. From my American perspective, it's the wrong way because it implicitly trusts the government to act justly. But its results shouldn't detract from other fights to install reasonable privacy regulations.
Art. 85 of the GDPR defines the exemptions in terms of how the data is used, not with respect to who uses it.
> For processing carried out for journalistic purposes or the purpose of academic artistic or literary expression, Member States shall provide for exemptions or derogations ... if they are necessary to reconcile the right to the protection of personal data with the freedom of expression and information.
You can of course shift the argument to "what is journalism?", which does indeed have some fuzzy boundaries, but to claim that investigating and exposing widespread government corruption is anywhere near those fuzzy boundaries is a stretch, to say the least.
> Who decides which organizations are part of the fourth estate?
In the United States, given our Constitution enumerates certain freedoms for the press, there is a rich corpus of case law drawing this delineation. I am not sure if such a corpus exists in the EU, and am fairly certain it does not exist in every one of the EU's twenty-eight member states.
The First Amendment says "Congress shall make no law...abridging the freedom of speech, or of the press..." [1]. The comma is the delineation. In case law, the exploration of this delineation has produced definitions with precedent [2].
More practically, the linked-to article explores "whether the 'institutional press' is entitled to greater freedom from governmental regulations or restrictions than are non-press individuals, groups, or associations," concluding "the speech and press clauses may be analyzed under an umbrella 'expression' standard, with little, if any, hazard of missing significant doctrinal differences." (TL; DR There is a line, but it does not appear to matter much.)
This is basically the reason I don't like the idea of any law that treats journalists as some separate class or entity. Journalism is not something you should need a certain background to do, and any laws or exemptions made for it run the very real risk of being used to stifle competition or prop up state propaganda outfits.
Well, yes, you actually can. Which is why exemptions exist to most regulations. Like, as the other commenter specified, exemptions to journalistic data for the GDPR.
I never understood all the hate mongo gets. Like any tool, if people simply took the time to understand it and use it correctly, maybe they wouldn't run into issues.
> This interpretation hinges on interpreting successful sub-majority writes as not necessarily successful: rather, a successful response is merely a suggestion that the write has probably occurred, or might later occur, or perhaps will occur, be visible to some clients, then un-occur, or perhaps nothing will happen whatsoever.
> We note that this remains MongoDB's default level of write safety.
MySQL still has some unsafe behaviours. Even if it were to fix them all, I still wouldn't use it or recommend it, on account of finding it difficult-to-impossible to trust the design and engineering behind it.
Either everyone is protected from third parties gathering data on them, or nobody is. Can't have it both ways.