EU Commission's X Ad Campaign Breaches Data Protection Rules

EU's Privacy Scandal: Data Protection Rules Breached

The European Commission is under scrutiny after its ad campaign on X (formerly Twitter) violated EU data protection rules. The campaign, promoting a controversial CSAM regulation, targeted users based on inferred political views, a breach of sensitive data handling.

Key Findings

• The European Data Protection Supervisor (EDPS) confirmed the Commission's ad campaign processed sensitive data (political views) unlawfully.
• The campaign, run in fall 2023, aimed to influence public opinion on the CSAM regulation.
• The EDPS issued a reprimand but no fine, as the Commission halted the practice.

The Complaint and Investigation

Following a complaint by privacy rights group noyb, the EDPS investigated the Commission's microtargeting practices. The complaint highlighted how the campaign targeted users in the Netherlands based on keywords associated with political views. Similar issues regarding user privacy and data handling have been raised in other contexts.

Commission's Response and Implications

The Commission initially blamed X for the breach but later admitted the processing "should not have happened." The EDPS decision has implications for similar complaints against microtargeting using sensitive data. This incident underscores the growing concerns about data privacy in online platforms. This also raises questions about the ethical implications of AI and targeted advertising, as highlighted in discussions about AI-powered tools and their potential impact on privacy.

Further Developments

The EDPS decision may influence ongoing investigations into X's microtargeting practices. The incident serves as a reminder of the importance of adhering to data protection regulations, especially when dealing with sensitive information.