As debate over the draft ePrivacy Regulation resumes, it transpires that economic research from the ad tech lobby has grossly misled the European Parliament and the Council, writes Dr Johnny Ryan.
Dr Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer of Brave, a rapidly growing Internet browser pioneering crypto-tokens to provide privacy-friendly advertising to sustain online publishers.
Before the entry into force of the General Data Protection Regulation (GDPR), many websites confronted visitors with unfair and incomprehensible “cookie walls”. A cookie wall blocks visitors from accessing the website, unless the visitor first agrees to extensive tracking and profiling of their activity across the Web by a large number of shadowy ad tech companies.
Publishers who persist in using GDPR non-compliant cookie walls are now subject to severe penalties, and the practice should fade out as enforcement accelerates in coming months.
However, this is under threat. The ad tech lobby hopes to exploit the forthcoming ePrivacy Regulation as an opportunity to undo the GDPR’s protections against cookie walls. (The ePrivacy Regulation “particularises” how the GDPR is applied in specific areas.)
The ad tech lobby misled MEPs and EU Member States.
A year ago, Members of the European Parliament debated amendments to the Commission’s ePrivacy Regulation proposal. They worried about the prospect of the European publishing industry collapsing in the face of Google and Facebook’s overwhelming dominance.
Google and Facebook, which produce no substantial content themselves, now absorb about 70% of all online advertising spending in Europe.
In the midst of this discussion about media sustainability, an ad tech lobby group called ‘IAB Europe’ published a new research study that claimed to demonstrate that the behavioural ad tech companies it represents are an essential lifeline for Europe’s beleaguered publishers. The report was compelling.
Titled “The economic value of behavioural targeting in digital advertising”, the report claimed that behavioural advertising technology produces a whopping €10.6 billion in revenue for Europe’s publishers.
By 2020, the study claimed, this figure would double to €21.4 billion. IAB Europe promoted the report heavily to the European Parliament and the Council of Ministers.
Surely, the ad tech lobby argued, Parliament would permit websites to use “cookie walls” that force users to consent to behavioural ad tech tracking and profiling their activity across the Web. The logic is that websites need to do this because it is the only way for publishers to stay in business. This remains a notable point among many at the EU Council today.
We now know that a startling omission is at the heart of this report. Without any indication that it was doing so, the report combined Google and Facebook’s massive revenue from behavioural ad tech with the far smaller amount that Europe’s publishers receive from it.
The IAB omitted any indication that the €10.6 billion figure for “publishers” revenue included Google and Facebook’s massive share too.
Inclusion of Google and Facebook revenues enormously and incorrectly inflated the benefit that publishers derive from permitting ad tech companies to surveil their visitors.
Last month, IAB Europe finally admitted that its ‘publisher’ figures included Google and Facebook. As Google and Facebook are at pains to tell regulators, they are not publishers. They are, however, the largest members of the IAB, the global ad tech lobby, of which IAB Europe is a franchise.
The Council is currently attempting to develop a general approach on the proposed ePrivacy Regulation. The ad tech lobby continues to press perm reps to support cookie walls, despite its discredited economic research.
But on the other hand, the Council must consider the enormous privacy hazard of behavioural advertising, which these ad tech’s walls would force users to accept. This affects us all.
Every time you are shown a “behavioural” ad on a website, information about you is broadcast to tens or hundreds of companies via so-called “RTB bid requests,” in order to solicit potential advertisers’ bids for your attention.
This includes what you are looking at online, your IP address (often your physical location), and any IDs that ad-tech companies previously assigned to you to build detailed profiles about you over time. This highly sensitive personal data is broadcast widely, to maximise the number of bids.
Despite the two-year grace period leading up to the application of GDPR, the ad tech industry has failed to establish adequate controls to enforce data protection among the many companies that receive such data.
A data protection free zone
This behavioural ad tech is a “data protection free zone” – to the cost of citizens and, crucially, publishers, as their revenue gets siphoned off by the ad tech industry. Diluting the cookie wall protections in the ePrivacy Regulation would postpone the urgently needed innovation in the ad tech industry.
It could, for the moment, be able to continue business as usual, without cleaning up its act.
A cookie wall that forces a user to say OK to behavioural ad tech as a condition of reading an article is no better than a Facebook cookie wall that forces a user to say OK to their data being shared with Cambridge Analytica as a condition of reading the Newsfeed.
If this comparison seems fanciful then bear in mind that Cambridge Analytica was once a much-lauded member of the ad tech industry.
It is not tenable to claim that web-wide surveillance is a prerequisite for advertising revenue.
The protection of the fundamental rights to privacy and data protection, enshrined in the European Charter, is compatible with sophisticated advertising technology – provided that that technology handles personal data correctly. Ad tech must accept this innovation challenge.