Once again, media companies are at the receiving end of ad-blocking news this week: It seems that those publishers using scripts to detect whether people visiting their websites have ad blockers installed could be in breach of European Privacy Law.
At least, that’s the case put forward by privacy campaigner Alexander Hanff, who said last week that he’d asked the European Commission whether publishers’ use of ad-blocking detection violated the ePrivacy directive, specifically when it comes to storage of information. He has since tweeted that the EC responded that ad-blocking detection tech does seem in breach of the directive.
It seems Hanff may have been on to something, though there are a few misconceptions floating around too.
First things first: Is ad-blocking detection really illegal?
Not according to the IAB. But it may require consent. The problem with legislation like 2011’s ePrivacy Directive (dubbed Cookie directive) is that the wording and terminology is very broad and, therefore, open to wide and, in this case, polarizing interpretations. “Arguably an extreme interpretation of the text would suggest it requires consent” to run ad-blocking detection, confirmed IAB Europe’s senior policy manager, Matthias Matthiesen.
How broad are we talking?
“Now we have an almost philosophical question to answer,” said Matthiesen. “Does a browser’s rendering of a website constitute ‘storage’ of information in the sense of the law? Does changing instructions based on a browser’s rendering behaviour require ‘access’ of information in the sense of the law?”
Sounds like a can of worms.
Rezonence CEO Prash Naidu added that responsive Web design also means websites regularly glean information about the device a user is accessing them with in order to deliver an appropriately formatted page. “This is deemed perfectly legit, and one could argue that determining if ads are being displayed or not falls under the same category.”
Are there any technical misconceptions here?
“The Cookie Directive was meant to answer some questions about saving cookies in a user’s browser, which is an entirely different thing. No personal information is stored on the user when detecting ad delivery.”
So what should publishers do?
The IAB Netherlands has already issued instructions. IAB Europe will send more out in the coming weeks, and they’ll look like this: Option No. 1: a consent wall that asks outright consent from every single user for running ad block detection. (Not ideal for user experience.) Option No. 2: a consent banner that informs users about the use of ad-block detection technologies and informs them that “continued use” of the site will be interpreted consent.
Any silver linings here?
The timing of this is actually pretty good: The ePrivacy directive is actually due for review in the next couple of weeks. “This bad drafting has resulted in a ton of questions, so there’s the opportunity to amend it, and perhaps introduce more exceptions,” said Matthiesen. “Because really this is a situation where essentially publishers have to ask permission from the people who are infringing on their rights, which is absurd.”