Targeting EU citizens based on their political views is illegal.
This is the final verdict from the European Data Protection Supervisor (EDPS). The block’s data protection watchdog found the EU Commission guilty of illegally targeting citizens with ads using sensitive personal data based on their political views.
The decision follows a privacy complaint filed by Austria-based digital rights group, Noyb, on November 2023 over targeted ads related to so-called Chat Control. The controversial proposal seeks to introduce the mandatory scanning of all citizens’ private communications to halt the spread of child sexual abuse material (CSAM).
No legal basis for online political targeting
Between September 15 and 28, 2023, the EU Commission ran a targeted advertisement campaign on X (formerly Twitter) intending to raise awareness of the Child Sexual Abuse Regulation (CSAR) proposal. The campaign focused on users across eight state members (Belgium, Czech Republic, Finland, France, the Netherlands, Portugal, Slovenia and Sweden).
The Commission, however, didn’t only post political messages supporting the CSAM scanning proposal, but targeted users based on their interests. Most notably, it targeted those who weren’t interested in certain keywords, including #Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia, and Giorgia Meloni.
“Advertisers often use so-called “proxy data” (so data closely associated with political thinking) to target political views,” experts at Noyb explained. “By doing so, the European Commission has clearly triggered the processing of personal data of EU citizens to target them with ads.”
The EDPS decision aligns with Noyb’s complaint – the EU Commission’s behavior breached GDPR rules on the use of personal data by processing peoples’ political interests “without a valid legal basis.”
Today: @NOYBeu win against the @EU_Commission before the @EU_EDPS on political microtargeting.. https://t.co/xGKTcTfq2MDecember 13, 2024
“We welcome the decision of the EDPS,” said Felix Mikolasch, Data Protection Lawyer at Noyb. “Since Cambridge Analytica, it is clear that targeted ads can influence democracy. Using political preferences for ads is clearly illegal. Nevertheless, many political players rely on it and online platforms take almost no action.”
The mother of all data protection legislation, GDPR actually gives special protection to so-called sensitive data like political opinions. Such processing is only allowed under very limited conditions, experts explain, such as explicit consent which, in this instance, didn’t occur.
Despite this targeted campaign, however, EU members still can’t agree on the Chat Control proposal. On December 12, 2024, the bill failed yet again to attract the necessary support.
As per the latest version, communication service providers – including encrypted messaging apps and secure email services – are required to scan all the photos, videos, and URLs you share with other users upon users’ permission. Yet, you must consent to the shared material being scanned before being encrypted to keep using the functionality.
During the December 12 public voting, the representatives of 10 EU countries (Germany, Austria, Slovenia, the Netherlands, Czech Republic, Poland, Estonia, Luxembourg, Belgium, and Finland) spoke against the proposal. Lawmakers are especially concerned that the detection rules could lead to indiscriminate surveillance while opening up security backdoors for criminals to exploit.
The post Targeting citizens based on their political views is illegal, said EU data watchdog appeared first on World Online.
