Some people have said that this ruling isn’t so bad, because the ruling is about advertisements and because it’s talking about “sensitive personal data.” But it’s difficult to see how either of those things limit this ruling at all.

There’s nothing inherently in the law or the ruling that limits its conclusions to “advertisements.” The same underlying factors would apply to any third party content on any website that is subject to the GDPR.

As for the “sensitive personal data” part, that makes little difference because sites will have to scan all content before anything is posted to guarantee no “sensitive personal data” is included and then accurately determine what a court might later deem to be such sensitive personal data. That means it’s highly likely that any website that tries to comply under this ruling will block a ton of content on the off chance that maybe that content will be deemed sensitive.

Here are some relevant parts of what the court actually wrote:

67 In the present case, it is apparent from the order for reference that Russmedia publishes advertisements on its online marketplace for its own commercial purposes. In that regard, the general terms and conditions of use of that marketplace give Russmedia considerable freedom to exploit the information published on that marketplace. In particular, according to the information provided by the referring court, Russmedia reserves the right to use published content, distribute it, transmit it, reproduce it, modify it, translate it, transfer it to partners and remove it at any time, without the need for any ‘valid’ reason for so doing. Russmedia therefore publishes the personal data contained in the advertisements not on behalf of the user advertisers, or not solely on their behalf, but processes and can exploit those data for its own advertising and commercial purposes.

68 Consequently, it must be held that Russmedia exerted influence, for its own purposes, over the publication on the internet of the personal data of the applicant in the main proceedings and therefore participated in the determination of the purposes of that publication and thus of the processing at issue.

It seems to me that the fact that the nature of the content was itself advertising is not the relevant thing here, but rather the fact that the website had a commercial purpose is. So, maybe this will only apply to websites operated for commercial purposes? 🤔

(I am not a lawyer…)

A company that publishes ads for sexual services without getting confirmation of consent is a risk for the society and this business model should not be allowed.

Is there something I missed which indicates that the sexual nature of the advertisement was a factor in the court’s decision?

how about we just try it first

😭