EU Faces GDPR Complaint Over Controversial Microtargeted Ads on X
Privacy Group noyb Challenges EU Commission’s Ad Targeting Practices
The European Union finds itself embroiled in a privacy controversy as digital rights organization noyb files a formal complaint against the EU Commission’s Directorate General for Migration and Home Affairs. The complaint, submitted to the European Data Protection Supervisor (EDPS), alleges unlawful microtargeting practices related to ads promoting the Commission’s controversial child sexual abuse material (CSAM) scanning proposal on X (formerly Twitter).
Key Allegations in the Complaint
- Unlawful use of sensitive data: noyb claims the Commission targeted users based on political views and religious beliefs without proper consent
- Potential joint liability: The organization is considering filing a separate complaint against X for providing the targeting tools
- Misleading statistics: The ads cited questionable polling data about Dutch public opinion on privacy versus CSAM detection
The Legal Landscape
The complaint highlights several potential violations:
- GDPR breaches: Processing special category data without explicit consent (Article 9)
- DSA violations: The Digital Services Act prohibits using sensitive data for ad targeting
- Potential fines: Up to 4% of global turnover for GDPR violations, 6% for DSA breaches
How the Targeting Worked
Public ad transparency tools revealed the Commission targeted users who weren’t interested in topics like:
- #Qatargate
- Brexit
- Marine Le Pen
- Alternative für Deutschland
- Christian-related topics
The Broader Context
The ads promoted the Commission’s controversial CSAM scanning proposal, which would:
- Require platforms to scan all user messages
- Potentially undermine end-to-end encryption
- Face significant opposition from privacy advocates and EU lawmakers
Reactions and Next Steps
noyb lawyers emphasized the irony of the situation:
“It is mind-boggling that the EU Commission doesn’t follow the law it helped to institutionalize just a few years ago.” - Maartje de Graaf, noyb
“The EU Commission has no legal basis to process sensitive data for targeted advertising on X. Nobody is above the law.” - Felix Mikolasch, noyb
The EDPS now has authority to:
- Investigate potential violations
- Issue fines against EU institutions
- Impose processing bans or corrective measures
Ongoing Developments
- The Commission has launched an internal investigation
- EU lawmakers have proposed alternative CSAM detection approaches
- The final legislative outcome remains uncertain as trilogue negotiations continue
This case represents a significant test of the EU’s ability to hold its own institutions accountable under the very data protection laws they created.
📚 Featured Products & Recommendations
Discover our carefully selected products that complement this article’s topics:
🛍️ Featured Product 1: Infinity Tools Multi-Layer Inlay System Accessory Package
Image: Premium product showcase
Advanced infinity tools multi-layer inlay system accessory package engineered for excellence with proven reliability and outstanding results.
Key Features:
- Industry-leading performance metrics
- Versatile application capabilities
- Robust build quality and materials
- Satisfaction guarantee and warranty
🔗 View Product Details & Purchase
🛍️ Featured Product 2: Infinity Tools Nested Heart – Multi-Layer Inlay System
Image: Premium product showcase
Professional-grade infinity tools nested heart – multi-layer inlay system combining innovation, quality, and user-friendly design.
Key Features:
- Cutting-edge technology integration
- Streamlined workflow optimization
- Heavy-duty construction for reliability
- Expert technical support available
🔗 View Product Details & Purchase
💡 Need Help Choosing? Contact our expert team for personalized product recommendations!
