Report: Nudifying Apps on Meta Platforms are Violating EU Transparency Rules
Online advertising is one of the primary channels through which disinformation, scams, and harmful content reach European citizens. Very Large Online Platforms (VLOPs)—platforms with more than 45 million users in the EU, such as Meta—are required, under the EU’s Digital Services Act (DSA), to provide meaningful transparency into the origin of advertisements and to prevent abusive practices. This legal framework is meant to make it possible for regulators, researchers, and the public to identify who is behind each ad they see, trace funding sources, and detect patterns of coordinated manipulation.
Yet in practice, design choices in ad-buying systems can undermine these obligations. Even when platforms formally comply with the DSA’s requirement to disclose who benefits and pays for ads, loopholes in their user interfaces can give malicious actors room to operate. In this joint investigation with Indicator, the American Sunlight Project (ASP) examines how one such loophole works, enabling over 4000 ads for digital nudifying apps to run undetected to millions of European citizens, including minors. We explain why it matters for enforcement, and how it mirrors earlier problems identified in Facebook’s political ad archive over the last decade. We provide a set of concrete policy and product recommendations that would bring Meta’s ad-buying system into closer alignment with both the letter and the spirit of the DSA, and call on Meta and the European Commission to adopt these changes and close this loophole to protect the privacy, safety, and bodily autonomy of women and girls.
