EU warns Romania not to abuse GDPR against press

"It is of upmost importance that Romanian authorities implement that obligation in national law, to provide exemptions and derogations to protect journalist sources, in particular, from the powers of the data protection authority," he said.

The comments follow demands by Romania's data protection authority to force journalists working at the Rise Project, an award-winning investigation portal, to reveal their sources in a probe of a top politician accused of corruption.

Ancuta Gianina Opre, Romania's data protection authority, issued the threat in a letter last week - telling the reporters they have ten days to respond to nearly a dozen questions.

Although Ancuta Gianina Opre was appointed to the position by the political party that is under the Rise Project probe, the letter claims she is acting under the powers given to her by the new EU data protection regulation (GDPR).

But article 85 of the GDPR is supposed to give journalists wide leeway.

However, the vague wording of the article does not say how EU states should do it - leaving open a loophole for politicians and people in power to exploit.

Opre's office has yet to respond to EUobserver questions on how it applies article 85, and how it strikes a balance between the freedom of expression and data protection.

For its part, the commission says it is now analysing Romania's exemptions and derogations for journalists, to see if they conform to the regulation.

Andrea Jelinek is the chair of the European Data Protection Board [EDPB], charged with overseeing the compliance of the EU's data protection regulation and rules.

Last month, she told this website that politicians using data protection to stop reporters probing how public money is spent is a poor excuse.

"To say or to pretend it is a data protection issue and so you can't investigative, it is just an easy way to keep questions away for those who don't want to answer," she said, speaking in a personal capacity.