Our suggestions are the following:

1. Political parties and interest groups that use advertising, and online platforms that host this paid-for content, should be required to meet certain transparency requirements. In particular, they should be required to publish a wide range of data about political advertisements and what targeting methods are offered by them. This obligation should be mandatory for both platforms and interest groups.

2. Political parties, interest groups and platforms, in fulfilment of their transparency obligations, should be required to conduct and publish Data Protection Impact Assessments relating to online political campaigns hosted on relevant platforms. Data Protection Authorities (DPAs) have the authority to order binding remedial action. This includes issuing fines to online platforms and political parties or interest groups and referral of the DPA’s findings to national electoral commissions. Joint liability of platforms and political parties could force them to follow the rules.

3. Political messages should have different limitations according to certain factors, such as whom the message is for, whether it is tailored and targeted to a homogenous group of people, and whether it has an immediate or recent political context. We have to differentiate between political messages that merely inform people about an election date, or messages from NGOs informing the public about public health rules during the COVID-19, and a tailored message to eldery men that tries to convince them to vote against abortion. These factors should be weighed on a case-by-case basis. This approach of weighing up relevant factors to detect political advertising means that authorities need not try to regulate the content of political advertising.

The table was created by Paige Morrow from Article 19 and also used by Dr. Julian Jaursch in his paper Defining Online Political Advertising. Liberties added an additional column to these factors to evaluate.

4. The Commission and national DPAs must properly enforce the GDPR. According to the GDPR, individuals may only be targeted on the basis of their personal data if the person opts-in to be targeted by political messages. The European Commission should elaborate guidance to clarify how the GDPR should be applied for political advertising.

5. Online platforms, political actors, and user organisations should cooperate and set clear agreements to help protect users’ fundamental rights on online platforms and ensure vibrant and diverse political discourse. This could serve as a first step of a code of practice similar to the existing code on disinformation or the agreement on discriminatory advertising in the United States.

There are several other solutions that are worth thinking about. Who Targets Me lists five options to intervene in order to shift the balance back to a more diverse political discourse. Among these solutions, “limitation on the number of campaigns that can be run” is an achievable solution. This would limit the number of simultaneous and distinct ads.

Read our paper here: Solutions For Regulating Micro-targeted Political Advertising