Privacy Activist Files Complaint Against The EU Commission Over Its Highly Targeted (Misleading) Ads About CSAM Scanning
A few weeks back we wrote about a report that the EU Commission, in its push for dangerous client-side scanning mandates, had started buying highly targeted ads to try to influence people to support the policy. The ads, first revealed by Wired, were incredibly misleading. But, also, as we noted, appeared to violate EU's privacy laws with the targeting.
The micro-targeting ad campaign categorized recipients based on religious beliefs and political orientation criteria-all considered sensitive information under EU data protection laws-and also appeared to violate X's terms of service. Meki found that the ads were meant to be seen by select targets, such as top ministry officials, while they were concealed from people interested in Julian Assange, Brexit, EU corruption, Eurosceptic politicians (Marine Le Pen, Nigel Farage, Viktor Orban, Giorgia Meloni), the German right-wing populist party AfD, and anti-Christians."
Meki then found out that the ads, which have garnered at least 4 million views, were only displayed in seven EU countries: the Netherlands, Sweden, Belgium, Finland, Slovenia, Portugal, and the Czech Republic.
At first, Meki could not figure out the country selection, he tells WIRED, until he realized that neither the timing nor the purpose of the campaign was accidental. The Commission's campaign was launched a day after the EU Council met without securing sufficient support for the proposed legislation Meki had been studying, and the targeted counties were those that did not support the draft.
The folks at noyb, whom we've written about many times before, wasn't going to let this slide and have filed a complaint against the EU Commission, arguing that the targeting violates the GDPR.
The complaint is kind of amusing, as it points out that the EU Commission itself has spoken out against targeted advertising.
Of course, this is hardly the first time that the EU Commission has been accused of violating the very data protection laws it insists everyone else follow. It's not even the second time. No matter what you think of the GDPR, at some point you have to wonder how seriously it can be taken when the body that pushed it so heavily for years, and likes to be condescendingly smug at the US for not adopting its own version of the GDPR... can't even abide by its own regulations.