The European Commission is facing a legal complaint over its alleged use of "unlawful" microtargeted advertisements on social media platform X, aimed at swaying public opinion in favour of its controversial bill on child sexual abuse.
ADVERTISEMENTThe Vienna-based European Center for Digital Rights (noyb) - led by lawyer turned activist Max Schrems - filed a complaint with the European Data Protection Supervisor (EDPS) on Thursday, relating to an advertising campaign it considers to be in breach of GDPR, the EU's own data protection rulebook.
According to noyb, the Commission's home affairs department - commonly known as DG Home - targeted social media users on X based on their political views and religious beliefs in September this year, in a bid to garner public support for its controversial bill on child sexual abuse.
The file submitted to the data protection watchdog lays out evidence suggesting the Commission used so-called 'keyword targeting function' - which targets X users based on keywords they search for or use in their posts - to reach people who were not interested in the keywords #Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia or Giorgia Meloni.
Such practices would be in breach of X's own policy, which prohibits targeting users according to "sensitive" categories including race, religion, and political affiliation. Pressure from the EU executive itself, concerned about information manipulation and foreign interference in elections, has forced X to tighten this very policy.
"Although people’s political opinions and religious beliefs are specifically protected by the EU GDPR, these very data categories were used for the ad campaign," noyb said in a press statement.
In response to the complaint, Johannes Bahrke, a spokesperson on behalf of the European Commission said: "We are aware of the complaint and of reports concerning a campaign run by the Commission's services on X and we are currently conducting a thorough review of this campaign."
"As regulators, the Commission is responsible to take measures as appropriate to ensure compliance with the rules that are applicable by all platforms," he added.
"And internally I can say we provide regularly updated guidance to ensure our social media managers are familiar with the new rules and that external contractors also apply them in full," he also said.
Felix Mikolasch, data protection lawyer at noyb said: “The EU Commission has no legal basis to process sensitive data for targeted advertising on X. Nobody is above the law, and the EU Commission is no exception.”
The non-profit also said it is considering lodging a similar complaint against X for "enabling the illegal use of sensitive data for political micro-targeting."
Meta's archive suggests similar targeted ads published by DG Home on Facebook and Instagram in Czech, Italian and Portuguese were taken down in June 2022 because the Commission had failed to include the necessary 'paid for by' disclaimer required on ads relating to social issues, elections or politics.
The Commission also faces accusations of using misleading statistics in a bid to sway public opinion on its proposed new law to tackle child sexual abuse, first tabled by the EU executive in May 2022.
A post on X targeted at people over 18 in the Netherlands claimed that 95% of Dutch people say detecting child sexual abuse material (CSAM) online is more important than online privacy, citing data based on recent opinion polls conducted by the Commission.
But noyb claims the messages used in the ads are "misleading" as they fail to point out the "negative effects" of the EU executive's planned new rules to tackle child sexual abuse.
A deeply divisive bill
The piece of legislation at the centre of the complaint has sparked controversy, pitting privacy advocates against children's rights defenders.
EU home affairs chief Ylva Johansson has repeatedly claimed personal responsibility for the content of the Commission's proposed law, which calls for using emerging technologies to detect new and existing child sexual abuse material (CSAM) and child grooming activities, giving national authorities the power to oblige digital services to scan users’ communications, including encrypted messages.
But digital rights lobbies claim it would instigate a mass surveillance regime and spell the end of digital privacy as we know it.
The European Parliament's justice committee also watered down the Commission's original proposal in its draft position adopted Tuesday, calling for encrypted communications to be protected and for the scanning of digital content to be a "last resort" option used only where there are “reasonable grounds of suspicion."
ADVERTISEMENTControversy surrounding the file has included allegations of economic interests and undue influence in the Commission's decision-making, to which Commissioner Johansson has been forced to respond.
This is not the first time X has been pulled into the political tussle over the proposed regulation. Johansson's impassioned statements on X, where she defends her bill as necessary to protect victims of heinous sexual crimes, are often tailed by a string of so-called community notes, designed to flag misleading content on the platform.
The EDPS itself took a critical stance on the CSAM bill in a joint opinion adopted in July last year, citing "serious concerns" regarding the potential breach of the fundamental right to privacy and the protection of personal data.
Noyb is calling on the EDPS to now slap fines on the Commission for breaching its own GDPR rules, and to prohibit the EU executive from running similar campaigns.