Advertising for chat control: EU data protection watchdog rebukes Commission
The old EU Commission under Ursula von der Leyen receives a reprimand from the Data Protection Commissioner for GDPR violations in an advertising campaign.
Friends of chat control: The then EU Commissioner for Home Affairs Ylva Johansson and Commission President Ursula von der Leyen in November 2023.
(Image: EU-Kommission/Christophe Licoppe)
An embarrassing rebuke for the EU Commission: The European Data Protection Supervisor (EDPS) has reprimanded the EU Commission for using particularly sensitive user data for a political campaign on X (formerly Twitter). This is the result of a decision by the European Data Protection Authority, which the civil rights organization Noyb published on Friday.
In September 2023, the Commission's Directorate-General for Migration and Home Affairs (DG HOME) had commissioned a service provider to place a PR campaign for the controversial chat control on the X platform. The Commission had defined a number of key terms that were to be excluded from the campaign.
Targeting a specific political milieu
Users who sympathized with the Alternative for Germany or were critical of the EU, for example, were to be excluded. The Commission's primary aim with the campaign was to reach a certain political milieu in the Netherlands in order to win them over to chat control. The Netherlands is one of the staunchest opponents of the surveillance plans in the EU.
However, data that allows conclusions to be drawn about a person's political views is subject to special protection according to the Datenschutzgrundverordnung (GDPR). This data may only be processed under narrowly defined conditions, for example if the data subject expressly consents.
In November 2023, Noyb submitted complaints against the Commission and Platform X to the EDPS on behalf of a data subject. The activists argue that the key political terms specified by the Commission were used to specifically address X accounts that are also identifiable. The data is therefore subject to the special protection of the GDPR. As the client, the Commission is also directly responsible.
With political targeting, the Commission is violating its own rules, say the data protection experts at Noyb. "The use of political preferences for advertising is clearly illegal," says Noyb lawyer Felix Mikolasch. "Yet many political actors rely on it and the online platforms take almost no action."
Videos by heise
"But we are allowed to"
DG HOME explains the campaign's focus on a specific target group as a way of maximizing the impact of the campaign and ensuring the efficient use of financial resources given the limited budget. It also believes that any processing of such personal data is justified by the public interest. The Commission refers to the Treaty on European Union, which authorizes it to disseminate political information in the public interest.
The Data Protection Commissioner was not convinced by these arguments. "It is undisputed that the Commission did not obtain the explicit consent of the complainant for the processing of special categories of his personal data for the purpose in question", the decision states.
Furthermore, the broad authorization to inform the public in the EU Treaty cannot be used as a basis for the microtargeting of political advertising. The Commission had breached the GDPR by processing personal data "without a valid legal basis in the context of the targeted advertising campaign".
(vbr)
