Towards the end of January 2019, Bulgaria’s legislature adopted the EU’s GDPR regulation, but was subsequently overruled by the Bulgarian President. The President exercised his veto right on the grounds that the legislation did not go far enough to address concerns regarding data processing for journalistic purposes and the purposes of academic, artistic or literary expression.

Veto’s background

The EU’s GDPR grants legislative discretion to EU States in the area of data processing for journalistic, academic, artistic, or literary purposes. Members are allowed to adopt appropriate measures to reconcile the right of protection of personal data with the rights to freedom of expression and information. However, GDPR itself does not set specific proportionality criteria, nor envisages obligations that are detailed enough. Hence, Bulgaria’s legislature, whilst introduced a whole new set of rules without sufficient motives and legal argumentation, raising concerns about being unjustifiably disproportionate and burdensome to journalists, members of academia, literary authors, etc.

The Presidential veto was exercised in the context of a highly publicized and negative response from journalists, local media associations and NGOs. The ultimate concern was that the legislation as drafted potentially opened the door for censorship concealed behind the controlling powers of the Commission for Personal Data Protection (“CPDP”) and lead to exertion of political pressure and informal censorship on local media. Coupled with significant fines in case of established GDPR violations, independent media in Bulgaria could easily become insolvent if faced with the impossible financial burden of the GDPR fines.

Where does Bulgaria go from here?

The law is again before Bulgaria’s parliament; awaiting either amendment or a legislative override to the Presidential veto. Only time will tell what will happen next.