X sued for “unlawful micro-targeting” in ad campaigns


The European Centre for Digital Rights, or NOYB (non of your business), has filed a complaint against X, accusing it of unlawfully using political views and religious beliefs for targeted advertising.

When the EU Commission’s Directorate General for Migration and Home Affairs tried to rally support for the proposed “chat control” in the Netherlands, X used “specially protected data” to determine whether people should see that specific ad.

In November, NOYB, a Vienna-based non-profit, filed a complaint against the EU Commission itself for the “unlawful use of micro-targeting.”

“After we filed our first complaint in this matter, the EU Commission has already confirmed to stop advertising on X. However, to put an end to this in general, we need enforcement against X as a platform used by many others,” Felix Mikolasch, data protection lawyer at NOYB, is quoted in the press release.

NOYB accuses X of the following:

  • Abusing sensitive data for targeted ads: Sensitive data includes political views and religious beliefs determined by monitoring user clicks, likes, and replies to posts. “In September 2023, the EU Commission used this exact information to promote the highly controversial proposed chat control regulation on X. The platform’s targeting system allowed the Commission to target users based on political views and religious beliefs. To be specific: The ad campaign in question targeted X users who weren’t interested in keywords like Brexit, Nigel Farage, or Giorgia Meloni,” NOYB specified.
  • Breaking its own advertising rules: X states that political affiliation and religious beliefs should not be used in ad targeting. However, it seems the platform isn’t enforcing this ban. “On paper, X prohibits the use of sensitive data for political ads, but in reality, they still profit from techniques that we know are harmful ever since the Cambridge Analytica scandal in 2018,” Maartje de Graaf, a data protection lawyer at NOYB, said.
  • Violating: the General Data Protection Regulation (GDPR) and the Digital Services Act (DSA).

More from Cybernews:

Kyivstar telecoms back up after massive cyberattack, two Russian groups take claim

Tesla recalls nearly all vehicles on US roads over lack of Autopilot safeguards

Two men charged for running $25 million crypto Ponzi scheme

Major leak exposes users from Russian crypto exchanges

Millions of Amazon reviews fake, study finds

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked