Parties specifically use data about voters for their campaigns, especially in social media networks. But political views should not be evaluated, says noyb.

The international data protection organization noyb has filed a complaint against six parties with the Berlin State Data Protection Commissioner on behalf of several German citizens. Affected are the CDU, SPD, Bündnis 90/Die Grünen, the AFD, Die Linke and the Ecological Democratic Party (ÖDP). In the complaints, the parties are accused of having unlawfully addressed those affected in the 2021 federal election campaign with personalized campaign promises.

The parties are said to have used so-called microtargeting on Facebook, i.e. the targeted display of advertising to certain groups of people. In the background, Facebook evaluated the political views of the users. Max Schrems explained that both the parties and the social network had violated the European General Data Protection Regulation (GDPR). The Austrian lawyer is the founder of the European data protection organization noyb (“none of your business”).

Facebook users specifically confronted with political advertising

Data evaluations by noyb would have shown that in the 2021 federal election, Facebook users were specifically addressed with political advertising. This is not forbidden per se. However, political opinions are particularly protected under Article 9 of the GDPR and should not be the basis for targeted advertising.

“The GDPR protects data on the political attitudes of people particularly strictly,” said Felix Mikolasch, data protection lawyer at noyb. “Such data is not only extremely sensitive, but also allows large-scale manipulation of voters, as Cambridge Analytica has shown.”

Cambridge Analytica was a British data analysis company that had collected personal data from millions of Facebook users without their consent. The company used this data, among other things, in the context of the 2016 US presidential election and the British Brexit vote to create psychographic profiles of the users concerned and to run targeted political advertising.

In the complaints to the Berlin Commissioner for Data Protection and Freedom of Information, those affected demand that the parties be found to have violated the GDPR. In addition, the political actors are to be obliged not to process the personal data of the complainants any further. In addition, those affected demand that the authority impose an “effective, proportionate and dissuasive fine” on the parties.