Elon Musk’s social media platform, X (formerly Twitter), is facing a double whammy of privacy complaints in Europe, this time related to its ad targeting tools. The saga involves the platform allegedly allowing ads based on sensitive data like political affiliations and religious beliefs, a clear violation of both the GDPR and the DSA regulations.
Here’s a breakdown of the drama:
- The complaint: Privacy rights group noyb filed a complaint with the Dutch data protection authority against X for allowing the European Commission itself to target users with ads based on their political affiliation. Apparently, the Commission was promoting a controversial legislative proposal on scanning private messages for child sexual abuse material (CSAM) using this sensitive data.
- Violation of regulations: Both the GDPR and the DSA explicitly prohibit processing sensitive data like political beliefs for ad targeting without explicit consent. X, however, failed to enforce its own advertising guidelines and allowed this practice.
- Double trouble: This complaint comes after noyb filed a separate complaint against the Commission itself for violating the same data protection rules. Now, X is also in the crosshairs for enabling this violation.
- Regulatory Sandwich: If X is found guilty under both the GDPR and the DSA, it could face hefty fines of up to 6% of its global annual turnover. A double whammy indeed!
More twists in the story:
- Irish connection: X’s main establishment is in Ireland, meaning the Irish Data Protection Commission (DPC) will likely handle the GDPR complaint. While the DPC has voiced concerns about some of Musk’s decisions at X, they haven’t taken any drastic action against the platform yet.
- Musk’s erratic leadership: The DPC may scrutinize X’s claim of “main establishment” in Ireland, as Musk’s unilateral decision-making raises questions about whether European users are getting proper local input.
- Previous record: X has largely avoided serious penalties under the DPC’s watch, even after the GDPR came into force. However, this new complaint focusing on ad targeting rules could be a different story.
What’s next?
- The Dutch DPA will likely forward noyb’s complaint to the DPC for investigation.
- The DPC will need to decide whether to take action against X for violating its own advertising guidelines and allowing the use of sensitive data for ad targeting.
- The Commission might also face sanctions for its role in this data privacy fiasco.
This case highlights the growing scrutiny platforms like X face in Europe regarding data privacy and ad targeting. Whether X can navigate this storm and emerge unscathed remains to be seen.
Add a Comment