Europe has moved a step closer to having dedicated rules on online political ad targeting and transparency after the European Parliament fixed its negotiating position — paving the way for talks to start between MEPs and Member States to agree a final compromise text that can be passed into pan-EU law.
MEPs said they hope agreement can be reached in time to have the regulation in place for the next elections to the EU’s Parliament — in 2024.
Parliamentarians voted for a series of changes to the Commission’s original (rather weak) proposal which was presented back in November 2021— saying they’ve beefed up the draft so that only data “explicitly provided” for online political advertising can be used by advert providers for this purpose.
MEP Patrick Breyer, a co-negotiator on the file in the parliament’s civil liberties (LIBE) committee, dubbed it “a good day for democracy” — highlighting some of the agreed amendments parliamentarian want to see, including a stipulation that refusing consent for political ads targeting must be as simple as giving it (so no consent dark patterns); another that ‘do not track’ browser settings must be respected without hassling the user with more consent prompts (so no forcing consent by tiring web users who’ve already refused with fresh pop-ups); and a requirement that users who refuse consent should still be allowed access to the platforms (so no forcing consent, period).
MEPs backed the negotiating mandate on the file by a large majority — of 433 votes in favour, 61 against (and 110 abstentions).
“Platforms would be banned from running opaque ad delivery algorithms to determine who should see a political ad; they would only be able to select recipients randomly in the pool of people delineated by the targeting parameters chosen by the sponsor,” Breyer added in a press release rounding up key changes MEPs have proposed.
These also include a proposal for a 60 day pre-election (or referendum) period — during which there would be further limits on political message targeting, with MEPs wanting to restrict this to only a voter’s language and the constituency they live in to avoid the hyper-segmention of voters that’s possible thanks to ‘personalized’ political ads which has been shown to be so toxic to democratic accountability.
“Microtargeting, a strategy that uses consumer data and demographics to identify the interests of specific individuals, will therefore not be possible,” the parliament suggests in a press release.
In other changes, MEPs have also taken aim at foreign money seeking to influence EU elections — and proposed that non-EU based entities should be banned from financing political advertisements in the EU.
Although how effectively such a ban would or could be policed is another matter. (“To determine where such an entity is established, the relevant authorities should take into account where the ultimate controller of this entity is located,” is what the parliament says on that.)
MEPs have made other changes they say are aimed at improving transparency around political ads — such as pushing for the creation of an online repository for “all online political advertisements and related data”.
“It should be easier to obtain information on who is financing an advert, on its cost, and the origin of the money used,” they write. “Other pieces of information which should also be published include whether an advertisement has been suspended for violating the rules, on the specific groups of individuals targeted and what personal data were used for this, and the views and engagement with the advertisement. MEPs aim to give journalists a specific right to obtain such information.”
The Commission’s original proposal had proposed transparency labels for political ads, as well as some restrictions on microtargeting — but the vast majority of MEPs want to see tougher regulation of an arena where tech has gained a toxic reputation as a cheap, powerful and largely consequence-free tool for fiddling with democracy.
Hence they’ve also proposed the possibility of having periodic penalties levied for repeat violations — and the obligation for large ad service providers to suspend their services for 15 days with a particular client in the case of serious and systemic infringements. They also want the Commission to be able to introduce EU-wide “minimum sanctions”.
MEPs look keen to avoid any risk of forum shopping at the Member State level from undermining the rules by creating fresh workarounds — saying their adopted text both strengthens the powers of national data protection authorities (which will be expected to oversee compliance) but also empowers the European Data Protection Board (EDPB) to “take over an investigation into an infringement and enforce the rules”, i.e. if a DPA is finding it hard to do their duty and crack down on violators.
Breyer even directly names the (much criticized) Irish Data Protection Commission as a risk in this context, writing: “If a data protection authority such as the Irish DPA fails to enforce the rules against large online platforms, the EDPB would be able to take over.”
“In cases of illegal political ads targeting [the EDPB[] will not only be able to impose financial sanctions but also to temporarily suspend the targeting of ads by advertisers who seriously and systematically violated the rules. This ensures that more affluent sponsors are not able to simply factor-in the price of financial sanctions in their budget,” he adds.
Commenting in a statement, MEP and rapporteur for the file, Sandro Gozi, also said:
There is too much undue interference in our democratic processes. As legislators we have a responsibility to fight this but also to ensure debate remains open and free. This law will not kill political advertising, despite rumours spread by large online platforms. Nor will it stymie our freedom of expression. It will only limit abusive political advertising.
The European Council agreed its negotiating mandate on the regulation back in December — saying then that it wants to build on the Commission’s proposal by providing “greater legal certainty” re: the scope of the regulation; and around some of the key definitions, including in areas such as what is to be considered political advertising and how to identify a political ad.
It also sought to claim credit for proposing stronger transparency measures. Although the Council largely aligned with the Commission’s more limited approach on restricting political microtargeting — saying it wanted to ban targeting and amplification techniques using “sensitive” personal data, including inferred data, unless an adult “explicitly consents”; or is “a member or former member of a specifically defined not-for-profit body processing the sensitive data, or is in regular contact with it”. (But agreeing that the processing of minors’ data for political ads should be entirely banned.)
While the parliament’s amendments propose to go further in restricting behaviorally targeted political ads there could still be scope for loopholes — as Breyer points out that limiting the application of the restrictions to “political advertising services” could, for instance, open a loophole for circumventing the rules if campaigns elect to directly send personally targeted letters, emails, or text messages “systematically and at large scale”. Though he suggests MEPs may push to try to address such a scenario in the forthcoming trilogue talks.
Another gap the regulation does not address is organic, self-posted political content — which is (currently) excluded from the proposed targeting restrictions. So there’s also a risk that election fiddlers could fly under the radar by using fake social media accounts to post and amplify political propaganda — something that already happens at major scale of course. So that looks like another major weak point.
That said, MEPs previously pushed for — and won — some softer limits on behavioral targeting more generally, via the Digital Services Act (which applies to digital intermediary services and platforms) — including a ban on the processing of minors’ data for ads; and a ban on the use of sensitive data for ad targeting of adults.
So the scope for tracking and profiling web users in order to target them with ‘personalized’ content is facing a growing range of restrictions in the EU, where adtech platforms are also seeing an increase in enforcements of breaches of existing data protection and ePrivacy rules.
