No, doxxing is not legal in Romania.
Doxxing—publicly exposing private personal data without consent—violates Romanian privacy laws, including the 2018 General Data Protection Regulation (GDPR) transposition and the 2022 Cybercrime Law. The National Supervisory Authority for Personal Data Processing (ANSPDCP) actively enforces breaches, while the 2026 Digital Services Act (DSA) alignment further tightens obligations on online platforms to remove unlawful content. Penalties range from fines up to €20 million or 4% of global turnover, with criminal liability possible under Article 226 of the Criminal Code for harassment or threats enabled by doxxing.
Key Regulations for Doxxing in Romania
- GDPR (Law 190/2018): Mandates explicit consent for processing personal data; unauthorized disclosure constitutes a breach, triggering ANSPDCP investigations.
- Cybercrime Law (Law 167/2022): Criminalizes the dissemination of private data with intent to intimidate, stalk, or facilitate crimes, punishable by 1–5 years imprisonment.
- Digital Services Act (DSA) Compliance (2026): Requires intermediaries to expeditiously remove doxxing content upon notice, with strict liability for non-compliance under Romanian e-commerce regulations.