Posted on
by

The conclusion of a report by the Norwegian consumer association, Forbrukerrådet, minces no words: adtech is systematically in breach of GDPR rules. The report’s title is Out of Control.

The extent of tracking makes it impossible for us to make informed choices about how our personal data is collected, shared and used, Finn Myrstad, director of digital policy in the Norwegian Consumer Council is quoted. This is a key issue. The GDPR demands meaningful consent, not just the token consent that sites and apps still often try to get away with. Earlier a French ruling stated much the same about a boiler plate consent form advocated by IAB and that form has since disappeared, or at least I don’t encounter it anymore during my web surfing.

It reads as if the report is the basis for various GDPR complaints in multiple EU countries, so it will be interesting to see those progress through the system.

I’m very much in agreement with Doc Searls position that GDPR is lethal to AdTech.
I came across a nice illustration of the effect (ht Tomasino). Below is an image that shows you what happens when you visit USAToday on its GDPR compliant version and its non GDPR version. Paul Calvano who made the image says “The US site is 5.5MB and contains 835 requests loaded from 188 hosts. When loaded from France it’s 297KB, 36 requests and contains no 3rd party content.” The image shows what a striking difference that is:

4 reactions on “AdTech: Out of Control and Systematically Breaking the Law

  2. Came across this article from last year, The new dot com bubble is here: it’s called online advertising. It takes a look at online advertising’s effectiveness. It seems the selection effect is strong, but not accounted for, because the metrics happen after that.
    “It is crucial for advertisers to distinguish such a selection effect (people see your ad, but were already going to click, buy, register, or download) from the advertising effect (people see your ad, and that’s why they start clicking, buying, registering, downloading).”
    They don’t.
    All the data gathering, all the highly individual targeting, apparently means advertisers are reaching people they would already reach. Now people just click on a link the advertising company is paying extra for.
    For eBay there was an opportunity in 2012 to experiment with what would happen if they stopped online advertising. Three months later, the results were clear: all the traffic that had previously come from paid links was now coming in through ordinary links. Tadelis had been right all along. Annually, eBay was burning a good $20m on ads targeting the keyword ‘eBay’. (Blake et al 2015, Econometrica Vol. 83, 1, pp 155-174. DOI 10.3982/ECTA12423, PDF on Sci-Hub)

    It’s about a market of a quarter of a trillion dollars governed by irrationality. It’s about knowables, about how even the biggest data sets don’t always provide insight.

    So, the next time when some site wants to emotionally blackmail you to please disable your adtech blockers, because they’ve led themselves to believe that undermining your privacy is the only way they can continue to exist, don’t feel guilty. Adtech has to go, you’re offering up your privacy for magical thinking. Shields up!

  3. GDPR and adtech tracking cannot be reconciled, a point the bookmark below shows once more: 91% will not provide consent when given a clear unambiguous choice. GDPR enforcement needs a boost. So that adtech may die.
    Marko Saric points to various options available to adtech users: targeted ads for consenting visitors only, showing ads just based on the page visited (as he says, “Google made their first billions that way“), use GDPR compliant statistics tools, and switch to more ethical monetisation methods. A likely result of publishers trying to get consent without offering a clear way to not opt-in (it’s not about opting-out, GDPR requires informed and unforced consent through opt-in, no consent is the default and may not impact service), while most websurfers don’t want to share their data, will mean blanket solutions like ad and tracker blocking by browsers as default. As Saric says most advertisers are very aware that visitors don’t want to be tracked, they might just be waiting to be actively stopped by GDPR enforcement and the cash stops coming in (FB e.g. has some $6 billion reasons every single month to continue tracking you).
    (ht Peter O’Shaughnessy)
    Bookmarked Only 9% of visitors give GDPR consent to be tracked

    Privacy regulations such as the GDPR say that you need to seek permission from your website visitors before tracking them.
    Most GDPR consent banner implementations are deliberately engineered to be difficult to use and are full of dark patterns that are illegal according to the law….. If you implement a proper GDPR consent banner, a vast majority of visitors will most probably decline to give you consent. 91% to be exact out of 19,000 visitors in my study.

  4. Back in 2022 the Belgian and other data protection boards found that IAB’s ‘Transparency and Consent Framework‘ is illegal, because it is neither transparent nor…

Comments are closed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)

Mentions