EU co-legislators reached a deal on transparency and targeting of political advertising on Monday evening (8 November), including the targeting of online ads and the role of a new European public repository.
The legislative proposal aims to increase transparency in political campaigns, especially online, to avoid possible manipulations as per the ones related to the Cambridge Analytica scandal.
The agreement was reached among the EU Parliament, Council and Commission following interinstitutional negotiations, known as trilogues.
Originally, the Commission wanted the regulation to be in place before next year’s elections of the European Parliament. However, due to delays in the legislative process, the new rules will come into effect in 2025, except for the non-discriminatory provision of cross-border political advertising that will already apply during the EU elections.
The scope of the regulation has been a sticking point in the negotiation, as it entailed defining what is ‘political’.
According to the agreed text, seen by Euractiv, political opinions and other editorial content are not considered political advertising unless “payment or remuneration is provided for” or is part of in-house activities or a political advertising campaign.
Targeting ad-delivery techniques involving the processing of personal data is not permitted in the case of communications of political parties and non-profit bodies, for instance, in newsletters linked to political activities.
This applies as long as the subscription data is strictly limited to their members, former members, and subscribers, “based on personal data provided by them” and does not involve processing personal data to “target or otherwise further select the recipient and the messages they receive”.
The organisations processing personal data have to ensure that if someone does not consent to data processing for the purposes of political advertisements, they can still keep using the services the same way, just without receiving the advertising. In other words, users should be free to refuse this option without a downgrade in the service.
The consent should also be as easy to withdraw as it is to give it, and should also not be more time-consuming to do so.
Moreover, providers of online ads should take specific measures to prevent manipulative microtargeting, such as ensuring that personal data collected is limited to what is necessary. There is, however, no specific ban on microtargeting.
While the European Parliament was in favour of a ban on profiling, the EU countries opposed this restriction for non-sensitive data. Sensitive data includes political views, religious beliefs and sexual orientation, according to the EU’s data protection law.
A limitation on third-country entities was, however, introduced. In a three-month period before an EU election or referendum, non-EU sponsors cannot “provide financing in the context of elections”. However, the risk of interference can differ in each member state, so stricter national rules can apply, which could mean longer periods for such restrictions.
According to the text, providers of political advertising services are not subject to “the provisions of their services to discriminatory restrictions” solely based on the place of residence or establishment of the sponsor.
MEPs introduced establishing a public repository for all online political advertising in the European Union, or those directed at EU citizens, which will be managed by a Management Authority established by the European Commission.
While political advertisements are being published and until seven years after an ad appeared for the last time on a platform, very large online platforms (VLOPs) or very large online search engines (VLOSEs) have to be able to enable access to information about them through the repository under the Digital Services Act (DSA).
The repository needs to be established by the Commission via implementing acts within 24 months in consultation with relevant stakeholders to “take into account technological, market, and scientific developments”.
European Data Protection Board
To support the supervisory authorities in complementing their tasks, the European Commission can ask the European Data Protection Board (EDPB) “to issue guidelines addressed to the supervisory authorities” about processing “special categories of personal data to target or deliver political advertising”.
The independent supervisory authorities should be supported “to make full use of their powers” and to supervise the protection of personal data.
“Infringements of the rules applicable to processing of personal data” for targeting political advertisements can have especially negative effects during election periods. Due to this, the EDPB should make sure also to use the “tools provided in the [General Data Protection Regulation] GDPR”.
[Edited by Luca Bertuzzi/Nathalie Weatherald]
Read more with EURACTIV