Nine civil society organisations have filed a complaint with the EU against X for ‘illegal’ ad targeting. Tim Green, director for MEF’s ID and Data programme asks: what does this mean, and what happens next?
It seems pretty obvious why oil company Total Energies might want to run ads on X excluding users interested in ecology. Or that McDonalds would block consumers who have shown interest in Mackie Dee’s own trade union.
But it’s a bit confusing that Shein, the fast fashion company, would actively target X users interested in French far-left politics.
Maybe curiosity about Michel Foucault correlates with a taste for cheap strappy sandals. Who knows?
But anyway, what’s emerged this week is that this kind of activity may contravene the EU’s Digital Services Act. Nine civil society organisations think so. In the last few days, they issued a petition to the European Commission accusing X of ‘facilitating targeted advertising based on sensitive personal data’.
The DSA, which came into full effect for major platforms like X in late 2023, prohibits profiling using sensitive information for advertising. This includes political opinions, religious beliefs, sexual orientation, and health conditions. Under Article 9 of the GDPR, this kind of targeting requires clear and specific consent. “
The DSA, which came into full effect for major platforms like X in late 2023, prohibits profiling using sensitive information for advertising. This includes political opinions, religious beliefs, sexual orientation, and health conditions. Under Article 9 of the GDPR, this kind of targeting requires clear and specific consent.
In fact, the EU is already investigating X for these alleged violations. In December 2023, it started a probe into X’s compliance with transparency and accountability obligations.
Of course, when all the legal phraseology is stripped away, this all comes back to privacy. In short: targeted advertising (through what it includes or excludes) can expose deeply personal aspects of a person’s identity.
If the complaints are upheld, X could face substantial sanctions – including fines up to six percent of EU turnover. It might also be compelled to overhaul its ad-targeting systems.
Although the investigation is ongoing, there is plenty for MEF members to consider here – especially those involved in advertising, messaging, digital identity, and data management.
1. Mobile advertisers using programmatic or behavioural techniques must reassess their audience segmentation. If it’s derived from user behaviour, content engagement or inferred traits, it might be classified as “sensitive”. User agreement to generic terms is no longer sufficient. It has to be explicit. For MEF’s ad-tech community, transparency here is a reputational and regulatory imperative.
2. Mobile messaging firms are impacted too. In-message advertising and conversational commerce is growing. So, as above, profiling users based on keywords, groups joined, or chat activity (even anonymised) could trigger DSA restrictions. MEF members should explore auditing and governance tools within messaging APIs and CPaaS platforms.
3. First-party data strategies offer a compelling solution. Businesses that develop direct, consent-based relationships with users will be better insulated from regulatory shocks.
MEF will continue monitoring developments closely. Legislation, especially in Europe, is starting to impact platforms that collect data and (potentially) infringe privacy. Our members should audit their own targeting practices and prepare for tighter regulatory expectations.
This is particularly relevant for members of MEF’s Content & Advertising and ID & Data programmes. Both hold monthly Interest Group meetings to discuss the importance of privacy and compliance.
MEF and its members have long supported industry self-regulation and privacy-by-design. The EU investigation supports this approach. It reinforces the value of adopting codes of conduct, transparency standards, and cross-border compliance models aligned with both the GDPR and DSA.
Stay informed and join the debate at MEF.
Find out more about the themes discussed – Join the MEF ID & Data Interest Group.
