Learn how AI, CTV, retail media and advanced workflows are transforming the programmatic landscape

Once again, media companies are at the receiving end of ad-blocking news this week: It seems that those publishers using scripts to detect whether people visiting their websites have ad blockers installed could be in breach of European Privacy Law.
At least, that’s the case put forward by privacy campaigner Alexander Hanff, who said last week that he’d asked the European Commission whether publishers’ use of ad-blocking detection violated the ePrivacy directive, specifically when it comes to storage of information. He has since tweeted that the EC responded that ad-blocking detection tech does seem in breach of the directive.
It seems Hanff may have been on to something, though there are a few misconceptions floating around too.
First things first: Is ad-blocking detection really illegal?
Not according to the IAB. But it may require consent. The problem with legislation like 2011’s ePrivacy Directive (dubbed Cookie directive) is that the wording and terminology is very broad and, therefore, open to wide and, in this case, polarizing interpretations. “Arguably an extreme interpretation of the text would suggest it requires consent” to run ad-blocking detection, confirmed IAB Europe’s senior policy manager, Matthias Matthiesen.
How broad are we talking?
Publishers are required to ask for consent to access or store information. Open for debate is whether ad-blocker detection constitutes the storing of information. Many would argue it doesn’t. The IAB Tech Lab has a methodology that’s based on Javascript, which checks the ability of a browser to display advertising. This allows publishers to redirect users to a different experience, like a pop-up asking for the ad blocker to be switched off. A browser when loading a website is following instructions, which are given to it in the form of HTML code.
“Now we have an almost philosophical question to answer,” said Matthiesen. “Does a browser’s rendering of a website constitute ‘storage’ of information in the sense of the law? Does changing instructions based on a browser’s rendering behaviour require ‘access’ of information in the sense of the law?”
Sounds like a can of worms.
Indeed. Websites rely on Javascript to make buttons; the very buttons needed to ask for consent. That’s a bit of a Catch-22, according to Matthiesen. “You need consent to ask for consent? What about caching of some website elements to improve loading speeds? Does that require consent? The Web would be full of requests,” he said.
Rezonence CEO Prash Naidu added that responsive Web design also means websites regularly glean information about the device a user is accessing them with in order to deliver an appropriately formatted page. “This is deemed perfectly legit, and one could argue that determining if ads are being displayed or not falls under the same category.”
Are there any technical misconceptions here?
There seem to be some misconceptions floating around as to what publishers are actually using Javascript to detect: Websites aren’t actually detecting if a user has installed an ad blocker; they’re verifying if ads have been delivered. Technically, they’re two very different things. All sorts of things can affect ad delivery. It could be as simple as a bug or glitches in the browsers, according to Sourcepoint general manager for international Thomas Mendrina. In that process, no personal information is collected on the user; the tech shows only whether the ad has been delivered, not whether an individual visitor is using a blocker. That kind of negates the issue of whether it’s breaching the ePrivacy directive.
“The Cookie Directive was meant to answer some questions about saving cookies in a user’s browser, which is an entirely different thing. No personal information is stored on the user when detecting ad delivery.”
So what should publishers do?
The IAB Netherlands has already issued instructions. IAB Europe will send more out in the coming weeks, and they’ll look like this: Option No. 1: a consent wall that asks outright consent from every single user for running ad block detection. (Not ideal for user experience.) Option No. 2: a consent banner that informs users about the use of ad-block detection technologies and informs them that “continued use” of the site will be interpreted consent.
Any silver linings here?
The timing of this is actually pretty good: The ePrivacy directive is actually due for review in the next couple of weeks. “This bad drafting has resulted in a ton of questions, so there’s the opportunity to amend it, and perhaps introduce more exceptions,” said Matthiesen. “Because really this is a situation where essentially publishers have to ask permission from the people who are infringing on their rights, which is absurd.”
More in Media

ChatGPT is now 20% of Walmart’s referral traffic — while Amazon wards off AI shopping agents
Data from Similarweb, a web traffic analytics company, shows that one in five of Walmart’s referral clicks in August came from ChatGPT, up 15% from July.

Media Briefing: Publishers turn to other platforms to offset losses from Google search
Publishers are turning to other platforms like Reddit and Pinterest to offset the losses they’re seeing from Google search referral traffic.

Amid competition with Roblox, Fortnite’s in-game item strategy appeals to both creators and brands
By implementing in-game item sales, Epic Games is taking cues from Roblox, where in-game sales represent a huge source of business for both creators and the brands that integrate into their experiences and items.