When Personal Becomes Profitable: Sensitive Targeting on X
X let advertisers target users by sensitive personal data (political beliefs, sexual orientation); 30+ major brands were found doing so, raising GDPR and DSA concerns as VLOPs are barred from such targeting.
Executive summary
AI-generatedThis summary was generated by AI from the original report to make it easier to scan and cite. It is not a substitute for the source — read the original above.
AI Forensics examined advertising data exported from X's public Ads Repository covering September 2023 to May 2025, manually reviewing targeting parameters used by a sample of major-brand advertisers to identify categories considered sensitive under GDPR, since the platform does not provide API access for broader automated analysis.
The review found that more than 30 major brands targeted or excluded users based on sensitive personal attributes, including political opinions, sexual orientation, religious beliefs, and health conditions. Cited examples include TotalEnergies excluding users interested in green politicians and environmental activists, Dell Technologies targeting based on medication interests, sexual orientation, and faith, and Saudi Arabia's Public Investment Fund using exclusions tied to ethnic origin, faith, and sexual orientation.
The report concludes that this targeting practice raises concerns under both GDPR and the Digital Services Act, which bars very large online platforms from ad targeting based on sensitive personal data. AI Forensics published the underlying targeting data to allow independent verification of the practices identified.
Think this summary is wrong? Contact us.