What’s happening?
A fresh development in the digital privacy world: a complaint has been filed against X (Twitter) for using sensitive user data inappropriately for targeted advertising. This involves some complex legal and ethical issues, so let’s break it down to make it easier to understand.
What Did X Do?
According to the complaint by noyb, a privacy advocacy group, X (Twitter) used the political and religious beliefs of its users for microtargeting ads. Specifically, they targeted users for an ad campaign by the EU Commission’s Directorate General for Migration and Home Affairs. This campaign was promoting the proposed “chat control” regulation in the Netherlands.
Why is This a Big Deal?
The crux of the issue lies in the type of data used: political opinions and religious beliefs. These are considered highly sensitive and are specially protected under the General Data Protection Regulation (GDPR). The GDPR mandates that such data can only be processed under specific, stringent conditions.
Previous Complaint Against the EU Commission
Interestingly, this isn’t the first complaint in this saga. In November, noyb had already filed a complaint against the EU Commission for using this unlawful microtargeting technique. The latest complaint against X (Twitter) is a follow-up, pointing out the platform’s role in enabling this practice.
The Alleged Violation
Here’s where it gets ironic. X’s own advertising guidelines state that political affiliation and religious beliefs should not be used for ad targeting. However, the complaint suggests that these guidelines are not being enforced, rendering them ineffective. The EU Commission’s campaign was reportedly shown to several hundred thousand Dutch users on X.
Expert Opinions
Maartje de Graaf, a data protection lawyer at noyb, highlights a discrepancy. While X officially prohibits the use of sensitive data for political ads, they allegedly profit from such techniques. This echoes concerns raised during the Cambridge Analytica scandal in 2018.
Legal Implications
The use of such sensitive data for targeting not only potentially breaches the GDPR but also the Digital Services Act (DSA). As a result, noyb has lodged a complaint with the Dutch Data Protection Authority and suggests that a fine should be imposed due to the seriousness of the violations and the number of affected users.
Felix Mikolasch, another data protection lawyer at noyb, stresses that while the EU Commission has stopped advertising on X following the initial complaint, there is a need for enforcement against X as a platform to truly address the issue.
The complaint against X (Twitter) by noyb is a significant development in the world of digital privacy. It underscores the ongoing tension between targeted advertising practices and the legal and ethical standards set by regulations like the GDPR and DSA. The outcome of this complaint could have far-reaching implications for how sensitive user data is used in digital advertising.