It is illegal to target EU citizens based on their political views.
This is final verdict From the European Data Protection Supervisory Authority (EDPS). The block’s data protection watchdog found the European Commission was guilty of illegally targeting citizens in advertising where sensitive personal data was used based on their political views.
This decision follows Privacy Complaint Austria-based digital rights group Noyb targeted the so-called Chat control. The controversial proposal seeks to force scanning of all citizens’ private communications to stop the spread of child sexual abuse material (CSAM).
Internet political goals have no legal basis
The European Commission has launched a targeted advertising campaign on X (formerly Twitter) between 15 and 28 September 2023 to raise awareness of the proposals for the Child Sexual Abuse Regulation (CSAR) . The campaign is primarily targeted at users in eight member states (Belgium, Czech Republic, Finland, France, Netherlands, Portugal, Slovenia and Sweden).
However, the Commission not only issued a political message supporting the CSAM scanning proposal but also targeted users based on their interests. Most notably, it targets people who are not interested in certain keywords, including #Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia and Giorgia Meloni.
“Advertisers often use so-called ‘proxy data’ – data closely associated with political thinking – to target political views,” Noyb experts explain. “By doing so, the European Commission explicitly triggers the processing of EU citizens’ personal data for the purpose of targeting advertising to them.”
EDP’s decision is consistent with Noyb’s complaint that the European Commission acted in violation of regulations General Data Protection Regulation Rules on the use of personal data by processing people’s political interests “without a valid legal basis”.
Today: @NOYBeu beats the @EU_Commission ahead of @EU_EDPS over political micro-targeting.December 13, 2024
“We welcome the EDPS decision,” said Noyb data protection lawyer Felix Mikolasch. “Since Cambridge Analytica it has been clear that targeted advertising can influence democracy. Using political preferences in advertising is clearly illegal. Despite this, many political actors rely on it while online platforms take little to no action.”
The mother of all data protection legislation, GDPR actually gives special protection to so-called sensitive data such as political opinions. Experts explain that such processing is only allowed under very limited conditions, such as explicit consent, which did not occur in this case.
However, despite this targeted campaign, EU member states are still Unable to agree on chat controls proposal. On December 12, 2024, the bill once again failed to attract the necessary support.
according to latest versioncommunications service providers – including Encrypted messaging app and secure email Service – requires user permission to scan all photos, videos and URLs you share with other users. However, you must agree to scan shared materials before encrypting them to continue using this feature.
In a public vote on December 12, representatives of 10 EU countries (Germany, Austria, Slovenia, the Netherlands, the Czech Republic, Poland, Estonia, Luxembourg, Belgium and Finland) spoke against the proposal. Lawmakers are particularly concerned that testing rules could lead to indiscriminate surveillance while opening security backdoors for criminals.