Overview
This article requires Member States to balance data protection under GDPR with freedom of expression and information. Exemptions may be provided for journalistic, academic, artistic, or literary processing from certain GDPR provisions if necessary. Member States must notify the European Commission of laws adopted and any subsequent amendments.
Key Principles
Freedom of Expression: Protect journalistic, academic, artistic, or literary activities.
Exemptions: Certain GDPR obligations may be modified to support freedom of expression.
Legal Basis: Member States must provide statutory frameworks for balancing rights.
Transparency: Notify the Commission of applicable laws and amendments.
Rights Protection: Ensure data protection and freedom of expression coexist without conflict.
Organizational Applicability
This article applies to:
Member State authorities implementing laws balancing GDPR and freedom of expression.
Controllers and processors engaged in journalistic, academic, artistic, or literary activities.
Supervisory authorities overseeing exemptions and compliance.
Legal and compliance teams managing rights and obligations for processing activities under exemptions.
Implementation Requirements
Establish statutory rules to balance data protection with freedom of expression.
Define exemptions for journalistic, academic, artistic, or literary processing where necessary.
Notify the European Commission of adopted laws and amendments.
Ensure mechanisms exist to monitor compliance with exemptions while protecting data subjects’ rights.
Implementation Guidance
Maintain a registry of exemptions and applicable laws.
Train staff and data processors on the scope and limitations of exemptions.
Coordinate with supervisory authorities to verify lawful application of exemptions.
Periodically review legal frameworks and exemptions for consistency and effectiveness.
Periodic Review
Frequency: Annually or when new exemptions, laws, or amendments are introduced.
Responsible Role: Member State authorities, Compliance Team, or Legal.
Outcome: Ensure a lawful balance between data protection and freedom of expression while maintaining transparency with the Commission.
Non-Compliance Risks
Fines: Up to €20 million or 4% of global annual turnover for entities failing GDPR obligations.
Legal Exposure: Challenges arising from improper exemptions or failure to notify the Commission.
Reputational Damage: Loss of public trust due to perceived infringement on freedom of expression or data protection.
Operational Risk: Improper handling of exemptions may result in legal disputes or regulatory scrutiny.