EU Commission’s microtargeting ads on controversial law faces fresh complaint

The European Center for Digital Rights, NOYB, launched a complaint on Thursday (16 November) against the EU Commission with the European Data Protection Supervisor for using microtargeting ads on X to promote its regulation on detecting child sexual abuse material online.

NOYB filed the complaint against the European Commission’s Directorate General for Migration and Home Affairs, saying that the ads have violated the EU’s General Data Protection Regulation (GDPR).

NOYB also noted that using microtargeted ads contradicts the Commission’s intentions of more transparency about advertising.

The file aiming to detect and remove online child sexual abuse material already attracted criticism in its original form, in which it would give power to judicial authorities to ask intercommunication services, such as WhatsApp or Gmail, to scan people’s private messages to find abusive content.

Microtargeting

As Euractiv also reported, the Dutch newspaper de Volkskrant revealed in October that the EU executive launched a micro-targeting campaign in September on X to promote its proposal in the countries that did not support the text in the EU Council of Ministers.

The ads were shown in certain countries and not to all users, depending on the information collected about them. The countries concerned are the Netherlands, Sweden, Belgium, Finland, Slovenia, Portugal, and the Czech Republic, and the ads have been viewed more than four million times.

According to the article, the ads were not shown to those interested in privacy, or are Eurosceptic, and even those interested in Christianity were left out.

Now, NOYB specified that the ads were not shown to those interested in “keywords like #Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia or Giorgia Meloni”.

However, political orientation and religious beliefs are considered sensitive information under the GDPR, the EU’s data privacy regulation, and their specific regime is further reinforced by the Digital Services Act (DSA), an EU law the Commission is charged with enforcing.

Maartje de Graaf, data protection lawyer at NOYB, said it is “mind-boggling that the EU Commission doesn’t follow the law it helped to institutionalize just a few years ago”.

Another data protection lawyer at NOYB, Felix Mikolasch, noted that the Commission “has no legal basis for processing sensitive data for targeted advertising on X. Nobody is above the law, and the EU Commission is no exception”.

In October, a Commission spokesperson told Euractiv that they are “conducting a thorough review” of the campaign, adding that “as regulators, the Commission is responsible for taking measures as appropriate to ensure compliance with these rules by all platforms”.

They also “provide regularly updated guidance to ensure our social media managers are familiar with the new rules and that external contractors also apply them in full”.

Data violation

In October, the European Data Protection Supervisor (EDPS) told Euractiv that they had reached out to the Commission under the “so-called pre-investigation procedure, requesting information related to the described use of micro-targeted ads, to be provided by 20 October”.

The authority specified that this “does not constitute opening of a formal investigation”.

The EDPS now told Euractiv that they have received the European Commission’s reply to their request for information and are in the process of reviewing it, aiming to gain a comprehensive understanding of the feedback. The watchdog will determine the next steps and take action as deemed appropriate following the review process.

NOYB informed Euractiv that they had planned to launch a complaint even before EDPS’s pre-investigation started, but taking the necessary steps took time.

As NOYB also pointed out, the advertising guidelines of social media platform X (formerly known as Twitter) also consider such categories sensitive as religious beliefs or political affiliation, which should not be targeted according to the site. Yet, the post with the advertisement is still available on X.

De Graaf said that “X claims to prohibit the use of sensitive data for ad targeting but doesn’t do anything to actually enforce this ban”.

The Commission spokesperson also noted in October that platforms cannot “display targeted advertisements based on the sensitive data of a user” under the DSA, which also applies to X since mid-August.

According to NOYB, they are “currently assessing whether to lodge a complaint against X for enabling the illegal use of sensitive data for political micro-targeting”.

The concerns about microtargeting emerged while the Commission aimed to make online political advertising more transparent, with the relevant file reaching an agreement last week among the EU Parliament, Council, and Commission, following interinstitutional negotiations known as trilogues.

[Edited by Luca Bertuzzi/Zoran Radosavljevic]

Read more with EURACTIV