That thorn in the side of tech platforms, Nyob, is now taking aim at X over its ad targeting tools.
Nyob—”none of your business”—has filed a complaint with the Dutch data protection authority, alleging that the company has been using users’ political views and religious beliefs for targeted advertising.
The microtargeting—similar to that used by Cambridge Analytica to help Donald Trump win the 2016 presidential election—allegedly used user behavior such as clicks, likes, and replies to target the ads.
And X, says Noyb, used the data to target an ad campaign by the EU Commission’s Directorate General for Migration and Home Affairs, which promoted proposed chat control regulation in the Netherlands. The ad, says Noyb, targeted users who weren’t interested in particular keywords, including Marine Le Pen, Alternative für Deutschland, Vox, Christian, Brexit, Nigel Farage and Giorgia Meloni.
The ad, it says, appeared despite the Commission’s own role in enforcing the DSA, and was seen by a minimum of several hundred thousand Dutch X users.
“It is mind-boggling that the EU Commission doesn’t follow the law it helped to institutionalize just a few years ago,” says Maartje de Graaf, Nyob data protection lawyer.
“Moreover, X claims to prohibit the use of sensitive data for ad targeting, but doesn’t do anything to actually enforce this ban.”
Noyb, founded by Austrian privacy campaigner Max Schrems, is best-known for its successful lawsuit against Meta parent Facebook, through which the company’s use of the EU-U.S. safe harbor data-sharing deal under which the company was transferring EU users’ data to the U.S.
The group has already filed a lawsuit against the Commission with the European Data Protection Supervisor over the Dutch ad, but is now going after X too. “After we filed our first complaint in this matter, the EU Commission has already confirmed to stop advertising on X. However, to put an end to this in general, we need enforcement against X as a platform used by many others,” says Felix Mikolasch, Noyb data protection lawyer.
Using the categories of political opinions and religious beliefs to target ads potentially breaches the EU General Data Protection Regulation, as well as the Digital Services Act (DSA), which requires consent for that use of personal data for ad targeting. It is also against X’s own policies.
“On paper, X prohibits the use of sensitive data for political ads, but in reality they still profit from techniques that we know are harmful every since the Cambridge Analytica scandal in 2018,” says de Graaf.
The complaint calls on the Dutch data protection authority to confirm that X violated GDPR, ban it from processing special personal data for advertising purposes and slap an “effective, proportionate, and dissuasive” fine on the company. Potential fines could amount to 4% of global annual turnover for violating GDPR, and 6% for violating the DSA.
X has been approached for comment, but has responded with its usual “Busy now, please check back later” auto-reply.
Read the full article here