Skip to content

Spain halts Meta’s election data processing before EU vote

  • by
  • 3 min read

The Spanish Data Protection Agency (AEPD) has mandated Meta to suspend the deployment of its Election Day Information (EDI) and Voter Information Unit (VIU) functionalities in Spain ahead of the upcoming European Parliament elections. Under Article 66.1 of the General Data Protection Regulation (GDPR), the directive requires Meta to halt the collection and processing of user data associated with these features immediately.

This precautionary measure responds to concerns that Meta’s data processing practices violate the GDPR. Specifically, the AEPD identified breaches in principles related to lawful data protection, data minimisation, and retention limitation.

The functionalities in question are designed to provide Facebook and Instagram users with information about the EU elections, requiring processing personal data such as usernames, IP addresses, age, gender and user interactions.

The agency highlighted the potential risk to sure rights and freedoms posed by Meta’s data collection practices. Such practices could create intricate and intrusive user profiles, thereby increasing the likelihood of data misuse by third parties.

This, in turn, raises significant privacy concerns, especially regarding the possibility of data being used for non-explicit purposes by unknown entities.

“The Agency considers that the collection and preservation of data planned by the company would seriously jeopardise the rights and freedoms of Instagram and Facebook users, that they would see increased the volume of information that it collects about them, allowing the elaboration of more complex, detailed and exhaustive profiles, and generating more intrusive treatments,” said the agency.

The decision of Spain is based on Article 66.1 of GDPR.

In addition to the AEDP’s action, the European Commission recently initiated a proceeding against Meta to scrutinise various aspects of its operations, including disinformation, political content visibility, and election monitoring tools under the Digital Services Regulation framework.

The AEPD’s decision to enforce this measure is grounded in Article 66.1 of the GDPR, which permits supervisory authorities to adopt provisional measures with legal effect in exceptional circumstances to protect individual’s rights and freedoms.

Moreover, this decision aligns with the agency’s Circular 1/2019 which explicitly restricts the processing of personal data related to political opinions, emphasising that only freely expressed political views should be collected. It prohibits the use of technologies like big data and artificial intelligence to infer political ideologies, thereby protecting individuals from potential profiling and misinformation.

“Our election tools have been expressly designed to respect users’ privacy and comply with the GDPR. While we disagree with the AEPD’s assessment in this case, we have cooperated with their request,” Matthew Pollard, Meta spokesperson told TechCrunch.

Last week, Meta allied with other tech companies like Match and Coinbase to combat online fraud. In mid-May, the European Commission initiated a formal proceeding to investigate potential breaches of the Digital Services Act (DSA) by Meta.

In the News: Chalubo malware bricks 600,000 Sagemcom and ActionTec routers

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: