X Accused of Using Sensitive Data for Ad Targeting in the EU
X, the Elon Musk-led social media company previously known as Twitter, now faces a new privacy complaint in the EU over its ad targeting practices. Filed by Austria-based privacy rights group noyb (none of your business), the complaint accuses the platform of flouting both GDPR guidelines and its own.
According to noyb, X unlawfully used sensitive user data for the targeting of advertisements from the EU's Home Affairs directorate.
The EU Home Affairs account paid the company in September to promote a post in the Netherlands regarding the necessity of chat control legislation, the privacy rights group claims in its complaint.
X Used People's Political Affiliations and Religious Beliefs to Target Them with Ads, noyb ClaimsX's own advertising terms and conditions prohibit the use of the audience's religious beliefs and political affiliations for ad targeting on the platform. Similar guidelines are also enforced under the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) Article 9 in the EU.
The unlawful exploitation of micro-targeting features on the platform led noyb to file a complaint against the EU Commission itself in November.However, X allegedly went against them by unlawfully promoting advertisements by the EU Home Affairs account. The Home Affairs directorate has been pushing the controversial chat control" legislation for a while now.
The legislation, if brought into effect, would legalize the scanning of devices and messages, including encrypted messages to detect Child Sexual Abuse Material (CSAM).
Naturally, the proposal has given rise to strong privacy concerns with privacy rights advocacy groups pushing back against it.
In its complaint filed with the Dutch data protection authority, noyb claims that the Home Affairs staffers have unlawfully used the tools offered by X to promote the controversial legislation in the Netherlands.
X used this specially protected data to determine whether people should or should not see an ad campaign by the EU Commission's Directorate General for Migration and Home Affairs.noyb press releaseThe group is now following up with a complaint against X for allowing the unlawful practice and violating both GDPR and DSA guidelines, it said in the press release. It's worth noting that the EU Commission is in charge of overseeing the enforcement of DSA on VLOPs (very large online platforms) such as X.
Especially in recent months, after the DSA came into effect for VLOPs, X has faced increased heat from the EU over allowing illegal content and disinformation regarding the Israel-Hamas war.
However, while the bloc has been ramping up its pressure on X for DSA compliance, it hasn't asked X for a demonstration of its compliance with the regulation. However, this might not be too surprising considering that its Home Affairs directorate itself was allegedly flouting the same guidelines.
Implications of the noyb ComplaintNotably, the EU Commission stopped advertising on X just a day after noyb filed its initial complaint against the commission in September. Mentioning this, noyb data protection lawyer Felix Mikolasch called for enforcement against X to prevent the practice in the future by other users.
As of now, noyb seeks a thorough probe by the Dutch data protection officials. The non-profit group has also asked for X to be fined and prohibited from processing certain types of data for advertising purposes. If found guilty of violating GDPR article 9, X could be forced to pay a fine of up to 20 million or 4% of its yearly turnover - whichever is higher.
The post X Accused of Using Sensitive Data for Ad Targeting in the EU appeared first on The Tech Report.