1 Introduction

The world of journalism is a very particular microcosm in terms of data protection. Even though it involves the collection and storage of huge amounts of personal information in the form of interviews company records, photographs and films, and their dissemination, its regulatory framework has never been so clear. Thus, it is not surprising that when it comes to media activity, there are serious concerns related to data protection (Erdos, 2015, p. 8). Indeed, publishing information related to an identified or identifiable person might constitute a serious attempt against his or her privacy.

On the other hand, it is undeniable that the work of journalism is essential in building a well-formed public opinion. Indeed, members of the media are often considered to be public watchdogs with a vital role in a democratic society. They have a duty to disseminate information and inform the public regarding all matters of public interest, which the public also has a right to receive (Guidelines on Safeguarding Privacy in the Media, p.6). Therefore, mass media have a duty to adequately report events that might be of public interest, even though this may put at risk the rights of some affected by their publication.

Therefore, there are two fundamental rights, freedom of expression and privacy, which sometimes collide. This raises an issue can only be solved by their proper balancing in each concrete case. When does the right to the protection of personal data prevails against the right to freedom of expression and information and vice versa? This is a question that has already been explored in depth from a legal perspective. However, the approval of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) and the reinforced protection of data protection rights is opening the gate to new debates. We consider that journalist and mass media organizations should be aware of this situation.

This Handbook is not aimed at focusing on theoretical aspects of this issue, but at providing information professionals - journalists, information editors, media directors, etc. - with adequate mechanisms to ensure compliance with the minimum legal and ethical standards in terms of data protection, while ensuring an adequate exercise of their profession. More precisely, this hanbook is focused on anyone working in a media organization, since they could all benefit from the exemptions or derogations derived from article 85.2 of the GDPR.

The contents of this Handbook mix several different regulatory frameworks. On the one hand, the EU regulation, mainly the GDPR. On the other hand, the regulation by the Council of Europe through the European Convention of Human Rights and the Convention for the protection of individuals with regard to automatic processing of personal data (Convention 108). To these sources must be added the jurisprudence by the ECtHR and the EUCJ. This is due to a simple reason: even though the PANELFIT project is mainly linked to the EU regulation, we are perfectly aware that all the EU Member states have signed and ratified by all EU Member states. As the Article 29 Working Party stated, “One important element that emerges from the current legislative situation in the Member States is that the media, or at least the press, are bound to respect certain rules which although not part of data protection legislation in a proper sense contribute to the protection of the privacy of individuals. Such legislation and the often rich case-law on the matter confer specific forms of redress which are sometimes considered a substitute for the lack of preventive remedies under data protection law” (A29WP, p. 7). Therefore, the guidance provided in this Handbook is intended to follow the regulation provided by all the institutions mentioned.

It is divided in several different parts. In its first sections, it is devoted to expose the legal framework about journalism and data protection issues in the EU arena. Sections four and five, instead, focus on how to deal with the main ethical issues that must be addressed by a journalist or a media organization in the framework of the GDPR and the Council of Europe regulations. Finally, our annexes provide detailed information about the balancing test and the regulatory framework at the Member state level.