Europe has come a step closer to having specific rules for online political ad targeting and transparency after the European Parliament adopted its negotiating position. -EU law.
MEPs said they hope an agreement can be reached in time for the regulation to be in force for the next EU parliamentary elections – in 2024.
MPs voted in favor of a series of changes to the Commission’s original (rather weak) proposal, presented in November 2021, saying they have tightened the draft so that only data “explicitly provided” for online political advertising can be used. used by advertising providers For this purpose.
MEP Patrick Breyera co-negotiator on the file in parliament’s civil liberties committee (LIBE) called it “a good day for democracy— highlighting some of the agreed amendments that MPs want to see, including a provision that refusing consent to target political ads should be as easy as giving it (i.e. no consent dark patterns); another that ‘do not track’ browser settings should be respected without bothering the user with more permission requests (i.e. not forcing permission by tiring internet users who have already declined with new pop-ups); and a requirement that users who deny consent must still be allowed access to the platforms (so don’t force consent, period).
MEPs supported the negotiating mandate on the dossier with a large majority: 433 votes in favour, 61 against (and 110 abstentions).
“Platforms shouldn’t use opaque ad serving algorithms to determine who gets to see a political ad; they could only randomly select recipients from the pool of people delineated by the targeting parameters chosen by the sponsor,” Breyer added in a press release finalizing the main changes proposed by MEPs.
These also include a proposal for a 60-day pre-election period (or referendum) – during which there would be further restrictions on the targeting of political messages, with MEPs wanting to restrict this to just the language of the voter and the constituency in which they live for the hyper-segmentation of voters, made possible by “personalized” political advertising that has been shown to be so toxic to democratic accountability.
“Microtargeting, a strategy that uses consumer data and demographic data to identify the interests of specific individuals, will therefore not be possible,” the parliament suggests in a statement. press release.
In other changes, MEPs have also targeted foreign money to influence EU elections – and have proposed banning non-EU-based entities from funding political advertising in the EU.
Although how effectively such a ban would or could be enforced is another matter. (“To determine where such an entity is located, the relevant authorities should take into account where the ultimate controller of this entity is located,” says parliament.)
MEPs have made other changes they say aim at improving transparency around political advertising, such as pushing for the creation of an online repository for “all online political advertising and related data”.
“It should be easier to obtain information about who is funding an ad, about the costs and where the money used came from,” they write. “Other pieces of information that should also be published include whether an ad has been suspended for breaking the rules, about the specific groups of individuals targeted and what personal data has been used to do so, and the opinions and engagement with the ad . MEPs want to give journalists a specific right to obtain such information.”
The Commission’s original proposal had suggested transparency labels for political advertising, as well as some restrictions on microtargeting – but the vast majority of MEPs want tighter regulation of an arena where technology has acquired a toxic reputation as cheap, powerful and largely consequential. free tool to play with democracy.
That is why they have also proposed the possibility of imposing periodic fines for repeated violations – and the obligation for major advertising service providers to suspend their services for a given customer for 15 days in the event of serious and systematic violations. They also want the Commission to be able to introduce EU-wide “minimum sanctions”.
MEPs want to prevent forum shopping at member state level from undermining the rules by creating new workarounds. They say their adopted text not only strengthens the powers of national data protection authorities (who are expected to monitor compliance), but also the powers of the European Data Protection Board (EDPB) to “take over an investigation of a breach and enforce the rules”, i.e. if a data protection authority finds it difficult to do its duty and to crack down on offenders.
Breyer even directly cites the (much-criticized) Irish Data Protection Commission as a risk in this context, writing: “If a data protection authority such as the Irish DPA fails to enforce the rules against major online platforms, the EDPB could to about.”
“In the case of illegal political advertising [the EDPB[] will not only be able to impose financial penalties, but also temporarily suspend the targeting of advertisements by advertisers who seriously and systematically violate the rules. This ensures that more affluent sponsors cannot simply factor the price of financial sanctions into their budgets,” he added.
In a statement, MEP and rapporteur on the file, Sandro Gozi, also said:
There is too much undue interference in our democratic processes. As legislators, we have a responsibility to fight this, but also to ensure that the debate remains open and free. This law will not put an end to political advertising, despite rumors spread by major online platforms. Nor will it hinder our freedom of expression. It will only restrict offensive political ads.
The European Council agreed negotiating mandate on the regulation in December — when he said he wants to build on the Commission’s proposal by providing “greater legal certainty” on: the scope of the regulation; and around some of the key definitions, including in areas such as what should be considered political advertising and how to identify a political advertisement.
It also tried to claim credit for proposing stronger transparency measures. While broadly agreeing with the Commission’s more restrictive approach to restricting political microtargeting, the Council said it wanted to ban targeting and amplification techniques using “sensitive” personal data, including derived data, unless an adult “gives explicit consent”; or is “a member or former member of a specifically defined non-profit organization that processes the sensitive data, or has regular contact with it”. (But agree that tThe processing of data of minors for political advertising should be completely prohibited.)
While the parliament’s amendments propose going further in restricting behaviorally targeted political advertising, there may still be loopholes – as Breyer points out that limiting the application of the restrictions to “political advertising services”, for example, would be a loophole could open for circumvention of the rules if campaigns choose to send personally targeted letters, emails or text messages “systematically and widely”. Though he suggests that MEPs could try to address such a scenario in upcoming trilogue talks.
Another gap that the regulation fails to address is organic, self-posted political content, which is (currently) excluded from the proposed targeting restrictions. So there is also a risk that election fiddlers will fly under the radar by using fake social media accounts to post and amplify political propaganda – something that is, of course, already happening on a large scale. So that seems like another big weakness.
That said, MEPs have previously pushed for – and won – some softer limits on behavioral targeting in general, through the Digital Services Act (which applies to digital intermediary services and platforms) – including a ban on the processing of data from minors for advertising; and a ban on the use of sensitive data for advertising aimed at adults.
So the ability to track and profile web users to target them with ‘personalized’ content is facing a growing number of restrictions in the EU, where adtech platforms are also seeing an increase in enforcement for breaches of existing data protection and ePrivacy rules.
