The AEPD orders a precautionary measure for Meta
On May 31, 2024, the Spanish Data Protection Agency (AEPD) ordered the temporary suspension in Spain of two functionalities developed by Meta, called “Election Day Information (EDI)” and “Voter Information Unit (VIU)”. These functionalities were designed to provide information to Facebook and Instagram users about the European Parliament elections, scheduled for June 9, except for Italy, which already had an open procedure by the state agency on this matter.
The AEPD took this measure arguing that the processing of personal data involved in these functionalities could violate several principles of the EU General Data Protection Regulation (GDPR), as it intended to collect personal data such as name, IP address, age, gender, and information on how users interact with these functionalities to create detailed and complex profiles. In this case, the AEPD argues that the principles of lawfulness, data minimization, and storage limitation are not respected.
It is worth recalling that political opinions are a special category of personal data processing as established in Article 9.1 of the GDPR, which requires extreme caution in carrying out this processing. Therefore, the AEPD considers that this increase in data collection could pose a serious risk to the rights and freedoms of Instagram and Facebook users, and could result in loss of control over these data, creating a high risk of them being used by unknown third parties for unspecified purposes.
This temporary ban lasts for a maximum of three (3) months and was implemented under Article 66.1 of the GDPR, which allows supervisory authorities to adopt provisional measures in exceptional circumstances to protect the rights and freedoms of individuals.
The AEPD warned that the use of big data, artificial intelligence, and microtargeting in electoral processes can lead to manipulation of people through exhaustive profiling and disinformation.
According to AEPD Circular 1/2019, Article 5 states that “only political opinions freely expressed by individuals in exercising their rights to ideological freedom and freedom of expression, as recognized in Articles 16 and 20 of the Spanish Constitution, may be collected. Under no circumstances may other types of personal data be processed from which, by applying technologies such as big data processing or artificial intelligence, a person’s political ideology can be inferred.”
The European Commission announces the opening of a procedure against Meta
The European Commission has initiated a formal procedure to assess whether Meta has violated the Digital Services Act (DSA). The President of the Commission, Ursula von der Leyen, emphasized the importance of protecting European citizens from misinformation and manipulation, especially during democratic elections.
This procedure will investigate four main areas:
- The dissemination of misleading advertisements and disinformation.
- The reduction of the visibility of political content on its platforms.
- The deactivation of the CrowdTangle monitoring tool without an adequate replacement. CrowdTangle is a META tool that allows, among other things, real-time election monitoring. The Commission considered its removal as a potential harm to electoral processes, especially with the European Parliament elections and other elections in various Member States.
- Deficiencies in the mechanism for reporting illegal content and the internal complaint handling system (“Notice-and-Action”) that could constitute violations of various articles of the DSA. The Commission will conduct a thorough investigation, reserving the right to take additional measures if Meta’s corrective actions prove insufficient.
The AEPD’s decision to temporarily suspend Meta’s electoral functionalities underscores the importance of protecting personal data and ensuring transparency in electoral processes. We will have to stay tuned to know the outcome of this procedure.