Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Chiara Castro

Targeting citizens based on their political views is illegal, said EU data watchdog

European Union.

Targeting EU citizens based on their political views is illegal.

This is the final verdict from the European Data Protection Supervisor (EDPS). The block's data protection watchdog found the EU Commission guilty of illegally targeting citizens with ads using sensitive personal data based on their political views.

The decision follows a privacy complaint filed by Austria-based digital rights group, Noyb, on November 2023 over targeted ads related to so-called Chat Control. The controversial proposal seeks to introduce the mandatory scanning of all citizens' private communications to halt the spread of child sexual abuse material (CSAM).

Between September 15 and 28, 2023, the EU Commission ran a targeted advertisement campaign on X (formerly Twitter) intending to raise awareness of the Child Sexual Abuse Regulation (CSAR) proposal. The campaign focused on users across eight state members (Belgium, Czech Republic, Finland, France, the Netherlands, Portugal, Slovenia and Sweden).

The Commission, however, didn't only post political messages supporting the CSAM scanning proposal, but targeted users based on their interests. Most notably, it targeted those who weren't interested in certain keywords, including #Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia, and Giorgia Meloni.

"Advertisers often use so-called "proxy data" (so data closely associated with political thinking) to target political views," experts at Noyb explained. "By doing so, the European Commission has clearly triggered the processing of personal data of EU citizens to target them with ads."

The EDPS decision aligns with Noyb's complaint – the EU Commission's behavior breached GDPR rules on the use of personal data by processing peoples' political interests "without a valid legal basis."

"We welcome the decision of the EDPS," said Felix Mikolasch, Data Protection Lawyer at Noyb. "Since Cambridge Analytica, it is clear that targeted ads can influence democracy. Using political preferences for ads is clearly illegal. Nevertheless, many political players rely on it and online platforms take almost no action."

The mother of all data protection legislation, GDPR actually gives special protection to so-called sensitive data like political opinions. Such processing is only allowed under very limited conditions, experts explain, such as explicit consent which, in this instance, didn't occur.

Despite this targeted campaign, however, EU members still can't agree on the Chat Control proposal. On December 12, 2024, the bill failed yet again to attract the necessary support.

As per the latest version, communication service providers – including encrypted messaging apps and secure email services – are required to scan all the photos, videos, and URLs you share with other users upon users' permission. Yet, you must consent to the shared material being scanned before being encrypted to keep using the functionality.

During the December 12 public voting, the representatives of 10 EU countries (Germany, Austria, Slovenia, the Netherlands, Czech Republic, Poland, Estonia, Luxembourg, Belgium, and Finland) spoke against the proposal. Lawmakers are especially concerned that the detection rules could lead to indiscriminate surveillance while opening up security backdoors for criminals to exploit.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.