Meta has been banned from launching features on Facebook and Instagram that would have collected data on voters in Spain using the social networks ahead of next month’s European Elections.
The local data protection authority, the AEPD, has used emergency powers to protect local users’ privacy. Meta confirmed to TechCrunch it has complied with the order, which can last for up to three months.
In a statement about the “precautionary measure”, the AEPD wrote it has ordered Meta to suspend implementation of Election Day Information and Voter Information Unit features in Spain — barring “the collection and processing of data implied by their use” as it puts it (the statement was translated from Spanish).
The AEPD is using emergency powers contained in Europe’s General Data Protection Regulation (GDPR) to act on local concerns. Meta’s lead data protection supervisory for the GDPR is Ireland’s Data Protection Commission but the pan-EU regulation empowers any data protection authority to act where they see urgent risks to users in their own territory.
“This decision is based on exceptional circumstances, in which it is necessary to adopt measures to avoid the collection of data, the profiling of users and the transfer of information to third parties, thus preventing personal data from being used by unknown controllers and for purposes not explicit,” the AEPD wrote.
The Spanish DPA is concerned that Meta’s planned election-related features would violate the GPDR, including in relation to the lawfulness of processing and data minimization requirements.
Political views are classed as “special category” data under the pan-EU regulation — which requires a higher bar of obtaining explicit consent from the user for processing.
Per the AEPD, Meta intends to process personal data including user name, IP address, age and gender and information about how the user interacts with the election-related functionalities. “The Agency considers that the collection and conservation of data planned by the company would seriously put at risk the rights and freedoms of Instagram and Facebook users, who would see an increase in the volume of information that it collects about them, allowing the creation of more complex, detailed and exhaustive profiles, generating more intrusive treatments,” it wrote.
“Making data that could be personal in nature available to third parties would involve a disproportionate interference in the rights and freedoms of the interested parties. This loss of control represents a high risk that these data will be used by unknown controllers and for non-explicit purposes,” the authority added.
Meta was contacted for a response to the AEPD’s action. Spokesman Matthew Pollard sent us this statement: “Our election tools have been expressly designed to respect users’ privacy and comply with the GDPR. While we disagree with the AEPD’s assessment in this case, we have cooperated with their request.”
The Spanish DPA said Meta has been planning to launch the election related features it is blocking for all users of its services with the right to vote in the European elections except Italy, where the data protection authority already has an open procedure on this matter. We’ve contacted the Garante with questions.
Back in 2022, the Italian DPA also used an urgency procedure to request information from Meta related to measures it was taking around the country’s general election.
Meta is also under scrutiny by the European Commission in relation to its preparedness for the upcoming EU elections early next month. Back in April the Commission opened an investigation of Facebook and Instagram under the bloc’s Digital Services Act, saying it suspects the platforms of breaking the election integrity rules for larger platforms.