Elon Musk's X Platform Faces EU Complaint Over Alleged Misuse of Personal Data for Targeted Advertising

Elon Musk's X hit with complaint over use of personal data for ads

The European Commission began investigating alleged breaches of the Digital Services Act (DSA) in December 2023. Elon Musk's social media platform X has been hit with a formal complaint because of alleged breaches of the EU's Digital Services Act (DSA): the platform appears to have used sensitive personal data for targeted advertising. The complaint is filed by nine civil society organisations including European Digital Rights (EDRi), AI Forensics and Centre for Democracy and Technology Europe (CDT). It comes after evidence compiled by AI Forensics on the basis of X's Ad Repository, found that "major brands as well as public and financial institutions engaged in targeted online advertising", based on special categories of personal data, such as political opinions, sexual orientation, religious beliefs and health conditions. Under the DSA, which entered into force for the largest online platforms - which includes X - in late 2023, platforms are prohibited from offering targeted advertising based on profiling using these special categories of data. AI Forensics uncovered evidence, for example, that "X allowed Total Energies, the multinational energy and petroleum company, to run ads on its platform excluding users who had engaged with keywords related to ecologist political figures," the complaint said. In addition, fast-food chain McDonalds could run ads "excluding X users who had engaged with keywords related to McDonalds' own trade union as well as antidepressants and suicide". The organisations call on the national Digital Services Coordinators and the European Commission to investigate the potential breach. The Commission began an investigation into X under the DSA in December 2023. In preliminary findings published last summer, the EU executive concluded that blue checkmarks used by the platforms are deceptive and that it falls short on transparency and accountability requirements. X has had the opportunity to reply in writing.

Elon Musk's X hit by complaints to EU over user data and targeted advertising - The Economic Times

Nine civil society groups filed complaints against Elon Musk's X platform with EU and French regulators, alleging illegal use of sensitive user data for targeted ads. They urge enforcement under the Digital Services Act, citing evidence from X's Ad Repository suggesting violations of GDPR protections on political, religious, and health data.Elon Musk's X social media platform has been hit by complaints by nine civil society organisations to EU and French regulators over what they say is its use of users' data for targeted advertising that may breach EU tech rules. The organisations - AI Forensics, the Centre for Democracy and Technology Europe, Entropy, European Digital Rights, Gesellschaft fur Freiheitsrechte e.V. (GFF), Global Witness, Panoptykon Foundation, Stichting Bits of Freedom and VoxPublic said they took their complaint to the European Commission and the French media regulator Arcom on Monday. They urged both regulators to take action under the Digital Services Act (DSA) which prohibits advertising based on sensitive user data such as religion, race and sexuality. X, the Commission and Arcom did not immediately respond to emailed requests for comment. "We express our deep concern regarding the use by X of users' sensitive personal data for targeted advertisements," the organisations said in a statement. They said their concerns were triggered after they looked into X's Ad Repository which is a publicly available database set up by companies as part of a DSA requirement. "We found that major brands as well as public and financial institutions engaged in targeted online advertising based on what appear to be special categories of personal data, protected by Article 9 of the GDPR, such as political opinions, sexual orientation, religious beliefs and health conditions," they said. The group called on the regulators to investigate X. GDPR refers to the EU data privacy law.