Facebook is once again in the eye of the storm because of its targeting system and the treatment of its users’ data. According to TechCrunch, NOYB, a European privacy rights group, has sued all political parties in Germany after examining the data collected by “Who Targets Me”, a browser extension that analyzes political microtargeting on Facebook.
In the complaint filed with the Berlin Data Protection Commission, the group has denounced the 6 main German parties: the Christian Democratic Union (CDU), Alternative for Germany (AFD), the Social Democratic Party of Germany (SPD), Alliance 90/The Greens, The Left and the Democratic Ecologist Party.
All of them allegedly made use of the personal data of German users to send targeted and personalized advertising in the past national elections of 2021, through Facebook’s advertising platform.
According to the European Union’s General Data Protection Regulation (GDPR), all data on the political opinions of European citizens is categorized as “sensitive data”, which is treated more strictly than other data and generally requires the express approval of the individual before this information can be used.
“We were able to determine that Facebook had not obtained consent from users for the processing of sensitive data and that the parties had targeted users based on (prior) political views,” NOYB told TechCrunch. “Neither the parties nor Facebook obtained consent from any of the users”.
In addition, the group’s lawyer, Felix Mikolasch, a privacy lawyer, said in a statement: “Any data about a person’s political opinions is particularly strictly protected by the GDPR. This data is not only extremely sensitive, but also allows voters to be manipulated on a large scale, as Cambridge Analytica has demonstrated.”
The Cambridge Analytica case was one of the most high-profile Facebook/Meta cases, but not the first or the last related to the management of users’ personal data. Recently, the Amsterdam court ruled that Facebook illegally processed Dutch user data for advertising purposes and shared this personal data with third parties without informing or seeking users’ consent.
In addition, the Irish Data Protection Commission fined both Facebook and Instagram, Meta’s social networks, for forcing users in their new terms and conditions to consent to the processing of their personal data for advertising purposes.
