As the GDPR turns five, certain EU lawmakers want to rip out some of its protections, so they can use our deeply personal information to tailor political ads and tip political elections and campaigns in their favour, Eleanor Brooks and Balazs Denes write.
On election day, we choose the political candidates who share our vision for the future.
For our choice to be effective, we need to know what candidates stand for.
But when politicians are able to show voters advertisements that are personalised to them and not part of an open public debate, this opens the door to manipulation.
It is unacceptable if politicians use our sensitive information, like religion, ethnicity, sexual orientation or health status, to target different parts of the population with different messages.
If they say different things to different voters, it allows them to spread misinformation to fire up their supporters and deter people from going to the polls.
Currently, there are no EU-wide rules governing political advertising, meaning each EU country has its own set of national laws.
However, many of these laws are too outdated to keep up with the digital age, which has created a black hole in which high-level transparency requirements and limitations on targeting techniques of political advertisements are largely missing.
The General Data Protection Regulation (GDPR) and the Digital Services Act (DSA), which regulate how our personal data can be used, are applicable to advertising.
However, stronger, systemic measures and new procedures are needed.
Targeted political advertising is used to manipulate voters and deepen social divisions
Many of us first learned of the real danger of targeted political advertising when the Cambridge Analytica scandal broke.
The data analytics firm that worked for Donald Trump built a system that sent Facebook users personalised political advertisements.
Known as microtargeting due to the detailed sensitive information on each user, including their psychological profile, the advertisements were highly tailored and designed to manipulate swing voters to vote for Donald Trump and deter Black Americans from voting for his opponent.
Following the fallout of Cambridge Analytica’s role in Donald Trump’s successful 2016 election campaign, the EU recognised the need for EU-wide laws to prevent politicians from abusing advertising tools to manipulate public debate.
While the GDPR, which turned five today, goes a long way to protecting our personal data and privacy, so far, weak enforcement hasn’t stopped power-hungry politicians from deceiving voters by showing different messages to different people.
Politics shouldn't be able to corrode democracy
The Civil Liberties Union for Europe has worked extensively on this issue to highlight the corrosive impact that targeted political messaging has on democracy.
As well as undermining our elections, targeted political advertising can be used to deepen harmful social division by easily reaching certain groups of citizens with misinformation.
For example, a political campaign could obtain data identifying individuals who have concerns or hesitations about vaccines and target them with advertisements that exaggerate the potential side effects of vaccines to discourage them from getting vaccinated.
Our report investigating online political advertising during the 2022 Hungarian parliamentary elections revealed that Viktor Orbán’s campaign sent tailored advertisements to people they already had data on, as well as sending targeted advertisements according to gender, in which advertisements discussing the war in Ukraine were sent only to male Facebook users.
Although the recent decision to fine Meta is a step in the right direction to strengthen GDPR enforcement, harmonised political advertising rules are needed to ensure free and fair elections.
Political actors want to give themselves privileged access to our sensitive data
Currently, a political advertising regulation is being drafted aiming to introduce new rules to strengthen transparency and limit the use of our personal data, aiming to ensure voters can make informed choices free from coercion.
But the draft regulation presented by the European Commission fell short of these objectives.
Instead of safeguarding us from manipulation, they want to create a double standard that would allow political actors to use our sensitive data for political advertising while commercial players would continue to be banned under the DSA.
The European Parliament responded by drafting a position which strengthens the data protection element of the draft law to bring it in line with the GDPR and the DSA.
Now we are in the last weeks of secretive trilogue negotiations, where behind closed doors, EU lawmakers will try to find a compromise.
Sensitive data is a red line
For us at Liberties, sensitive data is a red line. We urge the EU to include a total ban on sensitive data for political advertising.
Even if a user’s consent is required before their sensitive data can be used for political advertising, there is still a risk that sneaky tactics will be used to trick people into giving consent without being properly informed.
On 5 June, in a closed-door meeting, we expect a decision will be made at the political level on whether to ban the use of sensitive data for political advertising.
EU lawmakers still have the opportunity to achieve what they originally set out to do: protect our right to vote by keeping our sensitive data safe.
In effect, getting rid of protections over our sensitive data allows politicians to choose who votes when it’s voters who should be choosing our leaders.
Eleanor Brooks is a communications specialist, and Balazs Denes is the Executive Director of the Civil Liberties Union For Europe.
At Euronews, we believe all views matter. Contact us at email@example.com to send pitches or submissions and be part of the conversation.