Does not apply
The full current text of the EU GDPR is now available online.
After reading the entire document, what is clear is that the “personal data” protections afforded by the GDPR do not apply to the vast majority of anti-adblock defenses used by publishers (including BlockAdblock).
Why should we care about the GDPR?
WikiWand has puts it like this:
“The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations;”
There are few provisions that clarify the (non) application of GDPR “personal data” regulations to anti-adblock defenses beyond any doubt, but Section 26 is as clear as can be:
Section 26 – (emphasis mine)
“…The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information…”
Adblock detection does not involve “personally identifiable data”
The GDPR’s “personal data” protection measures by definition do not apply.
To summarize, when we talk about “Adblock detection”:
- We are not talking about “personal data” as defined by the EU.
- We are not talking about personal data transmission or communication to a server.
- We are not talking about storage of personal data.
- In no way are individuals identifiable as a result of Adblock detection.
Not only is the information anonymous and non-user specific — it never leaves the client.
Could there be some Adblock detection methods that do do things in a way that does violate the GDPR? Sure, that’s possible. Except I’ve never seen or heard of one.
Adblock detection is in the clear.
(But that’s not what should be concerning activists)
BlockAdblock clearly sits comfortably within EU regulations on the “personal data” grounds of the GDPR. By my reading, any claim that Adblock detection is “inherently illegal” under the GDPR is clearly false.
In my humble opinion Adblock detection under the GDPR isn’t what should be concerning privacy activists … what should probably concern all of us is the bombshell buried in the final sentence of Section 47. Just a tip, folks.
Thanks for reading.