The European privacy rights group, Noyb, has filed six complaints regarding the unlawful processing of voters’ personal data by six political parties. Noyb used data donated to the “Who Targets Me” browser to analyse political microtargeting on Facebook. The complaints are directed towards the Christian Democratic Union (CDU), Alternative for Germany (AFD), SPD, Bündnis 90/Die Grünen, DIE LINKE, and the Ecological Democratic Party.
Here we will focus on what microtargeting is, how it was used by these German political parties, and what GDPR has to say about it.
What is microtargeting?
Microtargeting is described as the creation of highly specific messages directed toward voters based on data analysis of the demographics of individuals, their consumer behaviour, and their lifestyle. This process exists of 3 steps, a cybernetic loop. This loop is a continuous process in which human behaviour is guided by digital activity, and vice versa.
The three steps are as follows:
- The collection of behaviour and characteristics,
- The data is analysed and individuals profiled,
- Data is used to alter human behaviour.
With the final step, the process begins anew, and the effect of the process is analyzed to see whether the outcome was as expected. Based on the analysis the marketeer will post advertisements to focus on a specific target audience. It must be noted that in order for this to be legitimate, users must agree that their information is used in this manner.
What does this have to do with German politics?
Keep the above process in mind while we discuss the process of how political parties use microtargeting. Websites are continuously learning about who you are: hobbies, interests, political focus, etc. By doing so, Facebook can effectively send very specific messages to that person, promising him the world. There is a special clause in GDPR for information on political opinions. In GDPR they call this ‘special category data’. This category has a higher bar for processing information.
However, this has come to a point where some of the bullet points made are entirely contradictory to what the political party actually stands for.
In one example, found by Noyb, a political party promised a commitment to climate change. While in reality, that same party wanted no limits on freedom in the name of climate action. See how this advertisement contradicts each other?
What does GDPR have to say about it?
The European privacy rights campaign group, Noyb, has filed complaints with Berlin’s data protection commission regarding offenses around the political spectrum. They suggest that neither Facebook nor the political parties requested consent from the users whose information was used. Furthermore, even if they had asked for consent regarding this “special category data,” the processing of this information would still be unlawful.
Article 9 of GDPR suspends the processing of this political data. And both Facebook and the political entity lacked the legal basis to rely on an exemption to process this kind of data. Felix Mikolasch, a privacy lawyer at Noyb, stated, “Any data on a person’s political views is protected particularly strictly by the GDPR. Such data is not only extremely sensitive but also allows large-scale manipulation of voters, as Cambridge Analytica has shown.”.
Noyb, which filed these complaints on behalf of five German individuals, hopes that these complaints will force a reform in the GDPR that makes it clear for companies what is allowed under Article 9 and what is not. This will make it harder for lawyers to ignore and create more transparency around this matter. GDPR is not perfect yet; however, it does take into account what information can be processed and when the company is allowed to process your information.
Several institutions continue to find ways to improve the regulations by others their mistakes. GDPR continues to evolve and it can be hard to track whether your websites are compliant with the regulation in place. The Nixon Digital platform offers a system that gives you a clear overview of your website portfolio. It goes even one step further and shows you whether your websites are GDPR compliant with a Cookie Management Platform. Learning from each other’s mistakes is a gift, but what if you prevent the mistake from happening in the first place?