The EU has taken its first steps into a sensitive space by proposing a new Regulation on Political Advertising (RPA). Simply put, the RPA does two things, which this commentary will address in turn. First, it replaces national laws on the transparency of political advertising with a single set of rules. These provide progressively more information to citizens who see an ad, to the public through ad libraries, and to regulators and private actors who are authorised to request information. Second, the RPA tightens the GDPR’s ban on using sensitive data for targeted political advertising. It leaves member states free, however, to further regulate the use of political advertising.The RPA takes a number of important steps in political advertising law. It strengthens the transparency of the (so far largely unregulated) online political advertising environment. It expands ad libraries with information on targeting and funding. And it allows a broad range of private actors (including civil society and journalists) to request data from a broad range of companies (including ad agencies and small platforms). At the same time, the RPA not only represents the EU’s most significant effort to address concerns about political advertising’s democratic impact, but (because it fully harmonises transparency) also shapes how individuals, researchers, and national regulators can scrutinise political advertising. It is therefore important to determine whether the regulation lives up to the Commission’s hype
