Reflections on the murky legal practices of political micro-targeting from a GDPR perspective

Key PointsThis article seeks to explore one of the recent controversial EU debates related to political micro-targeting (PMT): is the practice of PMT compliant with the EU’s General Data Protection Regulation (GDPR)?After examining the two most relevant ad targeting tools used for PMT, this article examines how PMT raises several questions related to (i) some of the principles listed in Article 5 of the GDPR, (ii) the uncertainty on who the data controller is, (iii) the ways to gather valid consent, (iv) excessive profiling practices, and (v) the limited privacy by design and default features.It can be argued that significant changes are necessary with regards to the manner in which political actors and social media platforms engage with their data protection obligations in PMT. If these cannot be met and/or are not being complied with, the current way in which PMT is performed could likely be considered unlawful.