Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The European Union’s watchdog is facing an embarrassing mystery after it was confirmed on Friday that the Commission’s advertising campaign on X (formerly Twitter) breached EU data protection laws.
The findings of the EU’s supervisory body, the European Data Protection Supervisor (EDPS), are related to the marketing campaign that the Commission ran on X at the end of 2023 that processed the information (political opinion) of citizens to achieve advertising. .
The advertising campaign was designed to change the perception of conflicting views of EU law forcing messaging apps to record people’s CSAM (child abuse) messages. Critics have warned against the EU plan threats to the extent of democratic freedomsit threatens end-to-end encryption, and in itself is legal unheard. But the Commission plowed carelessly, it found others history knocks. And now this big secret has been dropped.
The results follow a November 2023 complaints and non-profit regional privacy rights, at night. His complaint against the Commission’s Directorate General for Migration and Home Affairs accused the department of “small illegal investigations.” In each case, the findings of the EU press confirm that the EU acted illegally, even though the EDPS only issued a reprimand (no fine).
In an article announcing the results of the complaint, Felix Mikolasch, a data protection lawyer at the nonprofit, wrote: “From Cambridge Analytica it is clear that targeted advertising can affect democracy. The use of political preferences in advertising is prohibited. However, many political players rely on and online platforms do nothing. Therefore, we welcome the EDPS proposal. “
Noyb’s complaint showed how the Commission’s advertising campaign sought to indirectly promote the CSAM rules in order to influence opinion among citizens of the Netherlands. It targeted users in the country who were not interested in keywords such as: #Qatargate, brexit, Marine Le Pen, Germany’s alternative, Vox, Christian, Christian-phobia, or Georgia Meloni.
Such keywords can be linked to people with certain political views (right-wing), making the activity a political representation, which is considered a problem (or a special group) under EU data protection law. The bloc’s legal standard for lawful processing of personal data requires prior consent, which the Commission did not do.
The EU previously told TechCrunch that the ad campaign was “designed and implemented in collaboration with a contractor.” It added that its contract includes a “data protection safeguard” aimed at ensuring compliance with relevant laws. The EU said that it was X who agreed to the campaign and “can be expected to use it in accordance with the principles of the platform and the applicable laws, in particular the GDPR (General Data Protection Regulation).”
So, in other words, the Commission wanted to prosecute X for any illegal advertising. (NB: noyb is X’s different complaint about this politics which is still being investigated by the data protection authorities.) Based on the findings of the EDPS regarding the unauthorized processing taking place on X, we have reached out to the media company for a response.
The Commission has previously said it “does not intend to initiate a reform of the special categories of persons,” stressing at the time (May 2024) that such a reform “would not happen.”
It added that it had taken steps to ensure that “existing laws are reminded of all workplaces.” And, on noyb, the reason the EDPS only issued a reprimand and not a fine is because the Commission abandoned the practice. So it seems unlikely that we will see microtargeting against the EU anytime soon.
There is also a new commissioners college now in place. So Ylva Johansson, who is the Commissioner for Home Affairs who oversees CSAM’s proposals under the last mandate when the campaign was run, is no longer in office to receive the EDPS slap.
The commission, earlier this year, asked whether the security information was changed or not, but the opinion of the EDPS confirms that all this was done and was against the law.
The findings should have implications for the noyb complaint still open against X, and other similar complaints about microtargeting using private information. Considering how marketing technologies like these work, there is a high chance that such complaints could result in real GDPR fines, where penalties can reach 4% of annual global revenue.
“We have a lot of politically motivated cases in member states,” Mikolasch said. “Many political parties are also doing illegal acts. We hope that the decision of the EDPS will be a guide for national authorities who are investigating this type of situation. “
We reached out to the Commission to respond to the EDPS decision and the spokeswoman, Patricia Poropat, accepted our request but at the time of writing she had not issued a statement.
We have also put questions to the EDPS and Ireland’s Data Protection Commission, the authorities who will be leading the investigation into X’s microtargeting, and will update this report if they respond.
I got to the comment, Danny MekicA scientist who first saw the Commission’s advertising campaign and complained about the use of microtargeting, welcomed the “fast work” of the EDPS, telling TechCrunch that he was happy with the results of the investigation. However, he asked why “a greater penalty was not imposed,” he lamented text by Johansson following the publication of his article to raise concerns, in which he claimed that the advertising campaign was “100%” legitimate.
“In this case, according to the statement of the head of the Commission, another large-scale investigation into illegal activities called ‘extraordinary events’ would have made sense,” said Mekić, and added: “The European Commission failed to pay attention to the important and proven signs of experts. .”
This report has been updated with additional comments
