European governments begin deciding on Adblock detection

europe adblock law illegal

 

For the past few months, privacy activists have been accusing publishers that detect (and forbid entry to) adblock users of breaking the law.  This past week, European national governments started to weigh-in on the legal issues of adblock detection.

The claim made by activists is that detecting adblock runs afoul of the 2002 ePrivacy directive on the grounds that browser plugins like Adblock Plus constitute “information stored on a user’s system”.  According to activists, a users’ plugins represent private information and should be treated like ‘browser cookies’ under the EU directive.  (Note: In the EU, setting or reading cookies on a user’s browser requires user consent.)

I’ve written several posts on this topic already, so I won’t revisit all the reasons these arguments miss the mark here. Suffice to say that these claims about adblock detection misrepresent browser functionality, misrepresent the mechanism of adblock-detection, and misrepresent the capabilities of Javascript itself. If the claims of these activists were upheld, it would represent a dangerous expansion of the original scope of the ePrivacy Directive that in turn would jeopardize the basic functionality of millions of websites.

This week the governments of Netherlands and Denmark published separate responses on the issue, and the news is good for publishers. To paraphrase the positions of Netherlands and Denmark: Detecting ad-blockers is an activity which falls within the ePrivacy directive’s exceptions.

First, the Dutch response:

(Translated by S. Wiering)

An exception is made for placing and reading information on a user’s device if the intent is to obtain information about the quality or effectiveness of a delivered site, and in cases where it is determined that there will be little to no impact on the reader’s privacy. In the event that a script meets these conditions, it is excluded from the requirement of consent under Article 11.7a of the Telecommunications Act.

(Note: The Telecommunications Act is a Dutch implementation based on the EU ePrivacy Directive.  [Thanks to @mmatthiessen for the clarification] )

Second, Denmark’s repsonse:

(via Google Translate)

“It is the Danish Business Authority’s immediate assessment that scanning for adblockers, if affected by the use of cookies or similar technologies, fall within the exception … and thus exempted from the requirement of consent”

and…

One should not obtain consent if there is a technical necessity. We immediately take the view that this use of scanning, where you go in to a computer to see if adblockers are on, is a technical necessity.

 

Clearly, that’s great news for publishers — in particular publishers who use anti-adblock scripts like BlockAdblock.

Even so, Denmark’s response seems to mirror the misrepresentations of functionality as served-up to the EU by activist Alexander Hanff.

To be clear: Adblock detection scripts don’t “go in to a computer to see if adblockers are on” as the Danish government said. It’s possible that this characterization may have been mangled by Google Translate, but in the event that is what they meant, it’s important to clarify that scripts don’t “go in” and snoop around . They simply report on how web pages are currently being displayed. This is an important distinction. Much of the belief that anti-adblock scripts are violating privacy comes from the incorrect (misrepresented) perception that javascript somehow has the ability to report on users’ private system settings. That isn’t the case.

Anti-adblock scripts merely guess at the existence of an adblock plugin based on imputed information about how a webpage has been rendered within the browser. In other words, adblock detection scripts don’t “report”. They “infer”. It’s not an exact science. And it’s not possible to detect with any certainty which plugin has been installed, or that a plugin has been installed at all.

Anti Adblock scripts do not need to be stored. Nor do they retrieve “stored” information of any kind.

 

But, the activist keeps misrepresenting:

Clearly unhappy with Denmark’s conclusion that detecting adblock does not represent a violation of the ePrivacy Directive, Hanff went on to accuse the Danish government of getting it wrong.

just a flesh wound

He said,

(via Google Translate – back to English)

“[Adblock detection] meets none of the requirements for the exception. No website requires tracking or adblock scans to act”

First off,  the notion that “no website requires tracking” is provably incorrect. There are innumerable websites that do require storing and retrieving user activity (ie: tracking) across multiple sessions as part of their basic functionality. HTML5 LocalStorage (think, cookies on steroids) is a basic feature of thousands of web-based applications and interactive websites, and many of those websites couldn’t function effectively without it. (Which is the entire purpose of the exceptions under the ePD in the first place). But again — this is besides the point — the ePrivacy Directive doesn’t apply because Javascript is not ‘reading’ any ‘stored’ data, nor is it necessary to communicate any data back to any server. One must ask: How is privacy violated when nothing is communicated?

Secondly, when Hanff claims that ‘No website requires adblock scans’ what exactly does “requires” mean? As I wrote in an earlier post, if “necessity” is what qualifies for an exception under the ePrivacy Directive, then logically that “necessity” must include anything upon which that website’s existence depends:

Here in the real world of non-taxpayer funded entities, one typically counts the existential financial viability of a newspaper among its necessities. If without advertising revenue the “service” itself would cease to exist, then the defense of vital and life-sustaining revenue streams are clearly “necessary” to provide the service.

How much credibility does Hanff have anyway?

To date, Hanff continues to claim that he has the support of multiple EU commissioners, who he says he has met with. While we already know that Hanff has continuously misrepresented ad block detection, and the functionality of Javascript itself, we don’t have much evidence of how he privately presented this information to EU commissioners — or if he even met with any at all.

When asked by the Danish government for any evidence of these meetings, Hanff was unable to provide any.

 

Its not looking good for Hanff. And if the statements of both Netherlands and Denmark are any indication, the legal issues surrounding the detection of ad blockers would appear to be non-issues.

Now maybe it’s time to turn the tables and question the shady activities of adblockers themselves in regards to circumvention of anti-access controls…

  • Anne Crowley

    Good to see Dutch courts making a decision based on actual understanding of technology! This Hanff is painting a very untruthful picture of how things work! The adblocker detection script is not a violation of privacy because it doesn’t transmit that information. It’s that simple!

  • Chris de Boer

    When I buy (and read) a paper newspaper there is no one and no method to detect whether I read the adds. When I want to read a newspaper online I (in most cases) have to pay for a subscription. If a website must use adds to earn money in order to earn enough then please use paid subscriptions instead for the content. I despise any content that I do not want to see and that are a nuisance any other way. No legislation necessary and no fuss about privacy.

    • You are absolutely right, Chris. When you buy (and read) a paper newspaper, you have every right to ignore the ads. You can even take the time before reading the newspaper to actually cut all the ads out so they are not physically there when you sit down to read content (though you’d probably have to buy two copies of the paper to actually accomplish that without also removing large chunks of the content).

      Having done all that, at no time did you ever stop delivery of the ads, you just made a point to ignore them or remove them after they were delivered to you. Similarly, you can also buy the paper, and ignore all the contents except the racing form or classifieds or opinion section or the Sunday funnies. That is totally your call. But never at any time did you stop the presses, and remove anything before it was delivered.

      In fact this is how the reading view in Edge and the similar reader mode in Safari work. All content is delivered, and THEN you can view what you really want to see.

      BTW, you also have every right to boycott the paper, and never buy it. You can go into competition with the paper, and deliver a better product without ads. But, see if you are able to get people to pay for an unsubsidized subscription. The high cost of production, and increasing subscription prices is one reason the print newspaper industry is desperately trying to evolve.

      What I can’t imagine is how you might think you would pay a subscription to EVERY website you would ever go to in order to avoid ads. No one would; they would change their browsing habits, and be far more selective about the sites they frequented.

      Also Chris, I’d like to add I think you have every right to decide how your browser displays content. It is your browser after all. And if you want to use an ad blocker, I don’t see any difference between that and skipping over the television ads in DVR content. At the same time, publishers have exactly that same right to tell you if you want to see the content you MUST accept it all.

      Understanding that is a huge pendulum swing in opposite directions, PUBLISHERS must also pay attention to their readers, and not deliver an experience that drives them nuts. That is the reason for the increased use of ad blockers (that, and unsafe content). If web publishers don’t want to go the way of newspaper print publishers, they’d better address that. And the ones who do will end up being the most successful.