Government & Policy

EU commissioner sidesteps MEPs’ questions about CSAM proposal microtargeting

Comment

EU home affairs commissioner, Ylva Johansson, at an exchange of views in front of the LIBE committee in the European Parliament

The European Union’s home affairs commissioner, Ylva Johansson, has confirmed the Commission is investigating whether or not it broke recently updated digital governance rules when her department ran a microtargeted political ad campaign aiming to drive support for a controversial child sexual abuse material (CSAM)-scanning proposal she’s spearheading.

But at a committee hearing in the European Parliament today she deflected MEPs’ enquiries for her to give more details about the ad campaign.

The governance regulation concerned is the Digital Services Act (DSA), which includes provisions relating to online advertising — including a prohibition on the use of sensitive personal data, such as political opinions, for targeting ads. While the ads in question ran on X (formerly Twitter) — which is already expected to be compliant with the DSA, having been designated by the Commission as a so-called Very Large Online Platform (VLOP) back in April.

The Commission itself, meanwhile, not only proposed this pan-EU law but is responsible for oversight of VLOPs’ DSA compliance. So — tl;dr — if EU officials have used X’s ad-targeting tools to break the bloc’s own digital rulebook it’s the very definition of an awkward situation.

The existence of the Commission’s microtargeted ad campaign seeking to drum up support for its proposed CSAM-scanning law was spotted last month by technologist, Danny Mekić. An article with his findings ran in Dutch newspaper, De Volkskrant, earlier this month

Using public ad transparency tools the DSA requires VLOPs to provide, Mekić found the Commission had run a paid advertising campaign on X, targeting users in the Netherlands, Sweden, Belgium, Finland, Slovenia, Portugal and the Czech Republic — countries that were not supportive of Johansson’s CSAM-scanning proposal according to leaked minutes from a September 14 meeting of the European Council, a co-legislative body that’s involved (along with MEPs) in determining the final shape of the CSAM law.

Per Mekić, the Commission’s ad campaign, which apparently racked up millions of views on X, insinuated that opponents of the proposed legislation did not want to protect children — messaging he dubbed “a form of emotional blackmail”.

The ads included what he suggested is a misleading claim that the majority of Europeans support the proposal — but which is based on a survey that highlighted “only the benefits but not the drawbacks of the proposed legislation”. Other surveys, by research firms YouGov and Novus, that highlighted the drawbacks showed “virtually no support” for the plan among the European population, his post also pointed out.

Going into more detail of the microtargeting used by the Commission, Mekić wrote: “X’s Transparency Report shows that the European Commission also used ‘microtargeting’ to ensure that the ads did not appear to people who care about privacy (people interested in Julian Assange) and eurosceptics (people interested in ‘nexit’, ‘brexit’ and ‘spanexit’ or in Victor Orbán, Nigel Farage, or the German political party AfD). For unclear reasons, people interested in Christianity were also excluded.

“After excluding critical political and religious groups, X’s algorithm was set to find people in the remaining population who were indeed interested in the ad message, resulting in an uncritical echo chamber. This microtargeting on political and religious beliefs violates X’s advertising policy, the Digital Services Act – which the Commission itself has to oversee — and the General Data Protection Regulation [GDPR].”

During an exchange of views with the European Parliament’s civil rights, justice and home affairs (LIBE) committee this afternoon, Johansson admitted the EU’s executive is investigating the matter.

Initially she had sought to dismiss criticism over the legality of the microtargeting — claiming in a tweet earlier this month (embedded below) that the campaign was “100%” legal.

Asked by the LIBE committee about the discrepancy between her tweet and the existence of an investigation Johansson said she had been given “new information” related to DSA compliance that merited looking into.

“When I made a tweet on the 100% legal [point] that was based on the information I had. But I have to be very open; then I got other information that there could be question marks on the compliance with the DSA — and I take this very seriously,” she told the committee. “If that is the case then of course there has to be consequences on that. So that’s why it’s important that we have to look into [it]. Of course we always have to comply with the regulation. There’s no question about that.”

The LIBE committee repeatedly pressed Johansson to provide detailed about the microtargeted ad campaign — but she declined to do so, saying she did not have any information about it and that it was for her “service”, who she suggested had been responsible for the campaign, to answer. So there was no explanation about why, for instance, Christians had been explicitly excluded from the Commission’s microtargeting.

She also avoided giving a direct response to accusations by MEPs that the use of political microtargeting by the Commission was anti-democratic — opting instead to mount a general defence of its right to promote its proposals. She also listed a number of other departments within the Commission she said had previously used ads to promote separate legislative proposals.

“I think that the commission should defend and explain and promote our proposals. We do that and we have done that. And I think it’s a good practice to do so. Because we are we are taking stance and we should defend our stance,” she told the committee.

A number of MEPs pushed back — including by pointing out that there are more appropriate channels for the Commission to engage directly and transparency with co-legislators than opaque behavioral ad targeting on platforms like Twitter/X.

“One principle of democracy is that we have procedures because the end doesn’t justify the means,” opined MEP Sophie in ‘t Veld. “And European Commission has the right to be very attached to its legislative proposals but there are privileged channels for the European Commission to communicate with the two legislators and others — not an ad campaign on Twitter.”

Despite a lot of pushback, the committee was unable to extract any other lines from commissioner on the ad campaign. But at the end of the session she did agree to respond to it in writing with some missing answers “as soon as possible” (albeit, avoiding agreeing to do so by the end of the week, as one MEP had asked).

Commercial influence

While many of the questions directed at her over the 1.5-hour long hearing focused on the controversy that’s sprung up around the ad campaign, parliamentarians also pressed the commissioner on a number of other issues — including concerns about the extent of commercial lobbying around the CSAM-scanning proposal.

This has been a topic of intense interest, especially following a report by investigative journalists published last month by BalkanInsight which looked at close contacts between Johansson’s department and companies with CSAM-scanning and other child safety tools to sell.

One of the journalists involved in that investigation, Apostolis Fotiadis, had also been invited by the committee to participate in the exchange of views — and he took the opportunity to defend their reporting from direct public attacks by Johansson.

In a blog post ahead of today’s hearing — which deploys a crisis-PR-esque headline claim of “setting the record straight” — she criticized the article as “a series of insinuations looking for a home”; claiming it paired an outline of “a selection of meetings I had, of events I attended, or conferences I addressed” with “a conspiratorial tone” in an attempt “to create the impression of financial influence where there is none”.

Fotiadis was asked by the LIBE committee about the accusation that the journalists had, essentially, been spreading disinformation — and specifically whether he believed Johansson and the Commission’s response to it amounted to a restriction on media freedom. He responded by saying he did not think that was the case. But went on to express surprise at how the Commission had reacted to the scrutiny — to its instinct to deploy “spin-doctor” tactics to try to discredit the article, rather than engaging with the substance of the concerns being raised.

The Commission risks straying close to making attacks on journalists by using such tactics, Fotiadis warned — adding: “You cannot just dismiss everything by calling fake news” — before also noting that Johansson’s office had declined multiple interview requests ahead of publication of the article.

Responding to a question from the committee about the reporting he said documents obtained by the journalists included email threads between Commission officials in Johansson’s department, DG-Home, and a “key stakeholder” advocating for the use of technology for CSAM-scanning — which indicated what he described as “privileged access” that “speaks directly to cooperation” and goes “way beyond” mere consultation or exchange of views on the proposal.

“It’s an official chain discussing invitation, how the stakeholder would be able to allocate experts that would speak in workshops — first attended by representatives of the Member States, and then afterwards actually by ministers in the Council in a meeting chaired by commissioner Johansson. So when we say facilitate, it’s obvious that the EU officials discuss what kind of experts will be available from this particular stakeholder to attend these meetings and to present the point of view, which seems to be a privileged access,” he explained.

“Also in the same email thread there’s mention of EU officials being allocated to specifically attend the cooperation between the stakeholder and DG-Home on the proposal, which to our understanding is something that goes way beyond the level of consultations or exchange of views or exchange of opinions on the proposal and speaks directly to cooperation.”

The committee took the opportunity to press Johansson about her contacts with companies and other lobbyists during the drafting of the CSAM-proposal, with MEPs saying they want clear answers to the allegations of commercial interest and heavy lobbying when the Commission was setting up and drafting the proposal.

In the event MEPs got some bare bones detail.

Asked for a list of these contacts, the commissioner responded that she’d met with Google six times; Microsoft, Meta and TikTok three times each; twice with Twitter (X); and once apiece with Apple and Amazon. She also said she’d met with the child safety organizations Thorn (twice) and Brave Movement (twice); and with Tech Alliance and ICANN once apiece.

In wider responses related to concerns about how much commercial interest had influenced the Commission, Johansson highlighted her decision for the CSAM-scanning proposal to be “technology neutral” — meaning the draft regulation does not support any specific tech solution — with the suggestion being EU lawmakers had resisted lobbying by companies for a law that would explicitly favor their existing tech tools.

She also denied that only Thorn and Microsoft have technology “that is necessary for the scanning” — claiming that’s “absolutely not true”.

“There are no specific technologies mentioned [in the proposal] and I think this is an important part. So there’s no specific technology that’s been favoured in this proposal,” she also told the committee, adding: “So many technologies are being developed all the time — while we are speaking — and they will continue to develop. So I think it’s important that the legislation has to be technology neutral.”

Earlier this week a seminar organized by the European Data Protection Supervisor (EDPS), an advisory body to the Commission on data protection law, heard from more than 20 speakers across civil society, academia and industry expressing deep misgivings about the Commission’s approach — including a warning from the EDPS himself that the EU could be at a tipping point for freedom and democracy if it does not turn back from the plan to do non-targeted scanning of private messages.

Johansson had been invited to participate in the seminar but declined to attend. She didn’t offer a direct response to the EDPS’ concerns today but she did counter a number of arguments heard at the session earlier in the week — including refuting the suggestion that her proposal amounts to mass surveillance.

“My proposal would not mean that all communication will be scanned. Compared to the situation today it will be much more limited,” she claimed, referencing the temporary ePrivacy derogation that currently gives messaging firms a legal basis to scan non-encrypted content for CSAM (but is intended to be replaced by the proposed regulation which, critics contend, will force platforms to scan end-to-end encrypted content too). “Today companies are allowed to scan if they search for child sexual abuse material. That’s why we receive these 5.2 million videos and pictures and grooming attempts — 70% from private communication. If my proposal is adopted, this will be limited.”

She also emphasized how the proposal first requires in-scope platforms to deploy prevention measures to try to stop the spread of CSAM and/or prevent abuse of their tools by people intent on abusing children. “First comes prevention. Only if prevention is not enough, then you might be allowed to do detection — but only after a court decision,” she said. 

“So only those that really cannot deal with the problem with mitigating measures… and only after a court decision and only during a specific period they will be allowed to do the detection,” she went on. “We will also limit the reporting so that we will also receive fewer but hopefully better reports.”

Johansson’s arguments to MEPs that her proposal does not overreach also lent on the existence of other EU laws — such as the bloc’s data protection framework — which she suggested will act as balancing checks on the scope of possible CSAM-scanning. “It’s also important that we continue to comply with all relevant legislation. For example the GDPR and other requirements, there are no derogation from that in my proposal,” she said.

“It’s also important — and I know that’s been part of the debate — that it should not be a slippery slope,” she added. “The proposal specifically prohibits using the detection technologies for any other purpose than the detection of child sexual abuse online — and only with verified indicators of child sexual abuse provided by the EU Centre.”

Given her reliance on pointing to the existence of a wider EU legal framework doing the heavy lifting and protecting Europeans’ fundamental rights as a strategy to assuage critics, and given she’s also invoking respect for the rule of law as a buttress against the risk of content-scanning mission creep, it’s doubly relevant that the Commission now finds itself in a bind — forced to investigate whether its own officials ignored legal requirements in a bid to covertly sweep past critics.

Europe’s CSAM-scanning plan is a tipping point for democratic rights, experts warn

More TechCrunch

Fisker is just a few days into its Chapter 11 bankruptcy, and the fight over its assets is already charged, with one lawyer claiming the startup has been liquidating assets…

The fight over Fisker’s assets is already heating up

A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum. On Thursday, a hacker put up for sale…

Hacker claims to have 30 million customer records from Australian ticket seller giant TEG

Welcome to Startups Weekly — Haje‘s weekly recap of everything you can’t miss from the world of startups. Sign up here to get it in your inbox every Friday. Elon…

Tesla makes Musk best-paid CEO of all time and Fisker bites the dust

Dot is a new AI companion and chatbot that thrives on getting to know your innermost thoughts and feelings.

Dot’s AI really, really wants to get to know you

The e-fuels startup is working on producing fuel for aviation and maritime shipping using carbon dioxide and other waste carbon streams.

E-fuels startup Aether Fuels is raising $34.3 million, per filing

Fisker was facing “potential financial distress” as early as last August, according to a new filing in its Chapter 11 bankruptcy proceeding, which the EV startup initiated earlier this week.…

Fisker faced financial distress as early as last August

Cruise, the self-driving subsidiary of General Motors, has agreed to pay a $112,500 fine for failing to provide full information about an accident involving one of its robotaxis last year.…

Cruise clears key hurdle to getting robotaxis back on roads in California

Feel Therapeutics has a pretty original deck, with some twists we rarely see; the company did a great job telling the overall story.

Pitch Deck Teardown: Feel Therapeutics’ $3.5M seed deck

The Rockset buy fits into OpenAI’s broader recent strategy of investing heavily in its enterprise sales and tech orgs.

OpenAI buys Rockset to bolster its enterprise AI

The U.S. government announced sanctions against 12 executives and senior leaders of the Russia-based cybersecurity giant Kaspersky. In a press release, the Department of the Treasury’s Office of Foreign Assets…

US government sanctions Kaspersky executives

Style DNA, an AI-powered fashion stylist app, creates a personalized style profile from a single selfie. The app is particularly useful for people interested in seasonal color analysis, a process…

Style DNA gets a generative AI chatbot that suggests outfit ideas based on your color type

Rates of depression, anxiety and suicidal thoughts are surging among U.S. teens. A recent report from the Center of Disease Control found that nearly one in three girls have seriously…

Khosla-backed Marble, built by former Headway founders, offers affordable group therapy for teens

Cover says what sets it apart is the underlying technology it employs, which has been exclusively licensed from NASA’s Jet Propulsion Laboratory.

A new startup from Figure’s founder is licensing NASA tech in a bid to curb school shootings

Spotify is introducing a new “Basic” streaming plan in the United States, the company announced on Friday. The new plan costs $10.99 per month and includes all of the benefits…

Spotify launches a new Basic streaming plan in the US

Photographers say the social media giant is applying a ‘Made with AI’ label to photos they took, causing confusion for users.

Meta is tagging real photos as ‘Made with AI,’ say photographers

Website building platform Squarespace is selling Tock, its restaurant reservation service, to American Express in a deal worth $400 million — the exact figure that Squarespace paid for the service…

Squarespace sells restaurant reservation system Tock to American Express for $400M

Featured Article

Change Healthcare confirms ransomware hackers stole medical records on a ‘substantial proportion’ of Americans

The February ransomware attack on UHG-owned Change Healthcare stands as one of the largest-ever known digital thefts of U.S. medical records.

19 hours ago
Change Healthcare confirms ransomware hackers stole medical records on a ‘substantial proportion’ of Americans

Google said today that it globally paused its experiment that aimed to allow new kinds of real-money games on the Play Store, citing the challenges that come with the lack…

Google pauses its experiment to expand real-money games on the Play Store

Venture firms raised $9.3 billion in Q1 according to PitchBook data, which means this year likely won’t match or surpass 2023’s $81.8 billion total. While emerging managers are feeling the…

Kevin Hartz’s A* raises its second oversubscribed fund in three years

Google is making reviews of all your movies, TV shows, books, albums and games visible under one profile page starting June 24, according to an email sent to users last…

Google is making your movie and TV reviews visible under a new profile page

Zepto, an Indian quick commerce startup, has more than doubled its valuation to $3.6 billion in a new funding round of $665 million.

Zepto, a 10-minute delivery app, raises $665M at $3.6B valuation

Speak, the AI-powered language learning app, has raised new money from investors at double its previous valuation.

Language learning app Speak nets $20M, doubles valuation

SpaceX unveiled Starlink Mini, a more portable version of its satellite internet product that is small enough to fit inside a backpack.  Early Starlink customers were invited to purchase the…

SpaceX debuts portable Starlink Mini for $599

Ali Rathod-Papier has stepped down from her role as global head of compliance at corporate card expense management startup Brex to join venture firm Andreessen Horowitz (a16z) as a partner…

Brex’s compliance head has left the fintech startup to join Andreessen Horowitz as a partner

U.S. officials imposed the “first of its kind” ban arguing that Kaspersky threatens U.S. national security because of its links to Russia.

US bans sale of Kaspersky software citing security risk from Russia 

Apple has released Final Cut Pro for iPad 2 and Final Cut Camera, the company announced on Thursday. Both apps were previously announced during the company’s iPad event in May.…

Apple releases Final Cut Pro for iPad 2 and Final Cut Camera

Paris has quickly established itself as a major European center for AI startups, and now another big deal is in the works.

Poolside is raising $400M+ at a $2B valuation to build a supercharged coding co-pilot

The space industry is all abuzz about how SpaceX’s Starship, Blue Origin’s New Glenn, and other heavy-lift rockets will change just about everything. One likely consequence is that spacecraft will…

Gravitics prepares a testing gauntlet for a new generation of giant spacecraft

LTK (formerly LiketoKnow.it and RewardStyle), the influencer shopping app with 40 million monthly users, announced on Thursday the launch of a free direct message tool for creators to instantly share…

Influencer shopping app LTK gets an automatic direct message tool

YouTube appears to be taking a firm stance against Premium subscribers who attempt to use a VPN (virtual private network) to access cheaper subscription prices in other countries. This week,…

YouTube confirms crackdown on VPN users accessing cheaper Premium plans