Lodged on Thursday by Schrems’ campaign group Noyb with the Dutch data protection authority, the complaint purports that X unlawfully used people’s political views and religious beliefs to target them with ads.
The European Union is also accused of using X to target users based on their political views and religious beliefs.
In the complaint, Schrems alleges that X showed him an ad from the European Commission that promoted online content regulation to tackle child sexual abuse and the grooming of children online.
Schrems says the ad explicitly targets users from the Netherlands and excludes 44 “targeting segments,” such as political parties like Alternative for Germany, Vox, Sinn Fein, and the English Defense League, as well as far-right politicians Viktor Orban and Marine Le Pen.
The ad also does not target people based on their use on X of terms related to “euroscepticism and/or nationalist political views,” according to the complaint.
The filing states that the allegations are based on the ads repository of X.
X was not immediately available for comment when contacted by CNBC. In reply to a CNBC email, the Commission said that it was aware of reports of the campaign and was conducting a “thorough review.”
“Internally, we provide regularly updated guidance to ensure our social media managers are familiar with the rules and that external contractors also apply them in full,” the Commission said.
“Also, in view of an alarming increase in disinformation and hate speech on social media platforms in recent weeks, we advised Commission services already back in October to refrain from advertising at this stage on X.”
The Commission added that, under its Digital Services Act, a major content regulation law in the EU, platforms including X “must not display targeted advertisements based on the sensitive data of a user.”
Per the complaint, X is able to take users’ clicking behavior and replies to tailor content to them — a practice known as “microtargeting.” Microtargeting was used by Cambridge Analytica during the 2016 presidential election to help Donald Trump win the vote by a narrow margin, the complaint notes.
Who is Max Schrems?
Schrems is a high-profile figure in European privacy campaigning. He most notably won a legal battle against Meta parent company Facebook, defeating the company’s use of the EU-U.S. so-called safe harbor data-transferring mechanism to send Europeans’ information to the U.S.
Scrutiny of the complaint is in its early days. It has been filed with the Dutch data protection authority, which is tasked with investigating the main highlights of the complaint to assess whether there was a breach of GDPR.
X has its main European headquarters in Ireland, meaning that the Dublin data watchdog is the primary privacy regulator for the platform in Europe. Schrems is submitting the complaint to the Dutch authority, rather than Ireland, as he is a Dutch citizen.
The complaint could ultimately lead to a full-blown investigation under the European Union’s General Data Protection, a strict EU privacy regulation introduced by the bloc in 2018.
X has been in a hard place lately, with brands including Apple, Disney and Microsoft, pulling ads from the platform due to controversies surrounding Musk, including sharing a post that explored a popular antisemitic conspiracy theory.