A campaign aimed at shifting public opinion on a controversial proposal requiring messaging services to monitor for child sexual abuse material has been deemed in violation of EU privacy regulations.
The European Commission’s data protection watchdog, following a complaint by privacy advocacy group noyb, has ruled that a 2023 Commission advertising campaign on X (formerly Twitter) illegally employed “political micro-targeting.”
According to noyb’s Friday statement, the Commission attempted to indirectly influence Dutch users’ views on a contentious chat control regulation by targeting left-leaning and liberal X users to alter public sentiment.
The 2022 draft law on child sexual abuse material (CSAM) has drawn criticism from digital rights advocates for potentially compelling messaging apps to conduct widespread online surveillance to detect and report child abuse material. Reports indicate that the EU Council temporarily suspended voting on this legislation in June.
Noyb stated that the Commission’s strategy involved using “proxy data” to target specific demographics while deliberately avoiding conservative audiences. This was achieved by excluding users who engaged with keywords such as Qatargate, Brexit, Marine Le Pen, Alternative für Deutschland, Vox, Christian, Christian-phobia, or Giorgia Meloni. Noyb emphasized that the targeting involved sensitive political opinions without explicit user consent, a violation of EU regulations.
“Using political preferences for ads is clearly illegal,” declared noyb’s data protection lawyer, Felix Mikolasch, noting the common use of such tactics by political entities and the inadequate response from online platforms.
Noyb reports that the European Data Protection Supervisor (EDPS) confirmed the unlawful nature of the EU’s actions. However, only a reprimand, not a fine, was issued because the practice had ceased.
The EU previously argued to TechCrunch that X bore responsibility for implementing the campaign according to the rules. The EU also stated to the publication that it “did not intend to trigger the processing of special categories of personal data.”
“We take note of the [EDPS] decision on the Commission’s campaign to raise awareness about the Commission’s legislative proposal to prevent and combat child sexual abuse material online. We will now assess the EDPS decision,” Commission Spokesperson Patricia Poropat told TechCrunch.