Spain bans Meta’s election features over privacy concerns

Spain has banned Meta from launching election-related features on Facebook and Instagram ahead of the upcoming European Elections. The decision, enacted by the Spanish data protection authority (AEPD), highlights growing concerns over data privacy and the potential misuse of voter information by tech giants.

The AEPD exercised its emergency powers under Europe’s General Data Protection Regulation (GDPR) to impose the ban. Meta, which owns both Facebook and Instagram, has confirmed compliance with the order, which can remain in effect for up to three months. This decisive action aims to prevent Meta from collecting and processing sensitive voter data through its proposed Election Day Information and Voter Information Unit features.

In a translated statement, the AEPD explained that the ban was a “precautionary measure” intended to halt “the collection and processing of data implied by their use.” This measure was deemed necessary to protect local users from potential privacy violations and the risks associated with the profiling and transfer of personal data to unknown entities.

Under the GDPR, data protection authorities across the European Union have the authority to intervene when there are urgent risks to users’ privacy. Although Meta’s primary GDPR supervisory authority is Ireland’s Data Protection Commission, the regulation allows any national authority to take action within their jurisdiction.

The AEPD’s decision is based on concerns that Meta’s election features would contravene several GDPR principles, particularly regarding the lawfulness of data processing and data minimization. Political views are classified as “special category” data under the GDPR, necessitating explicit consent from users for their processing.

Meta’s planned data collection, which includes user names, IP addresses, ages, genders, and interaction data with election-related functionalities, posed significant privacy risks. The AEPD feared that such extensive data collection would enable the creation of detailed user profiles, leading to more intrusive data processing practices. The authority emphasized the potential for disproportionate interference with users’ rights and freedoms, warning that data could be transferred to third parties without users’ explicit consent.

In response to the AEPD’s action, Meta’s spokesperson, Matthew Pollard, stated, “Our election tools have been expressly designed to respect users’ privacy and comply with the GDPR. While we disagree with the AEPD’s assessment in this case, we have cooperated with their request.”

Despite Meta’s assurance of compliance, the Spanish DPA’s intervention underscores the ongoing scrutiny that tech companies face regarding data privacy, especially in the context of elections. Notably, Meta had planned to roll out these election features across all EU countries except Italy, where a similar data protection inquiry is already underway.