This paper examines the European Union’s regulatory challenges concerning online political microtargeting. It identifies that while the General Data Protection Regulation (GDPR) provides a foundational data governance framework, it is insufficient to mitigate democratic risks posed by algorithmic manipulation in political advertising. Employing comparative legal analysis and normative interpretation, the study systematically assesses the applicability boundaries and coordination gaps among the GDPR, the European Convention on Human Rights, and national-level political advertising laws. The paper innovatively proposes anchoring regulatory design in democratic legitimacy and electoral fairness as core human rights benchmarks—and advocates establishing dedicated transparency and restriction mechanisms for political advertising beyond the GDPR’s scope. Its contribution lies in bridging a critical theoretical gap in regulating digital election interference, offering a multilevel, human rights–oriented legislative pathway and concrete policy recommendations for EU political communication regulation. (149 words)

In this paper, we examine how online political micro-targeting is regulated in Europe. While there are no specific rules on such micro-targeting, there are general rules that apply. We focus on three fields of law: data protection law, freedom of expression, and sector-specific rules for political advertising; for the latter we examine four countries. We argue that the rules in the General Data Protection Regulation (GDPR) are necessary, but not sufficient. We show that political advertising, including online political micro-targeting, is protected by the right to freedom of expression. That right is not absolute, however. From a European human rights perspective, it is possible for lawmakers to limit the possibilities for political advertising. Indeed, some countries ban TV advertising for political parties during elections.