For the past few months, privacy activists have been accusing publishers that detect (and forbid entry to) adblock users of breaking the law. This past week, European national governments started to weigh-in on the legal issues of adblock detection.
The claim made by activists is that detecting adblock runs afoul of the 2002 ePrivacy directive on the grounds that browser plugins like Adblock Plus constitute “information stored on a user’s system”. According to activists, a users’ plugins represent private information and should be treated like ‘browser cookies’ under the EU directive. (Note: In the EU, setting or reading cookies on a user’s browser requires user consent.)
This week the governments of Netherlands and Denmark published separate responses on the issue, and the news is good for publishers. To paraphrase the positions of Netherlands and Denmark: Detecting ad-blockers is an activity which falls within the ePrivacy directive’s exceptions.
First, the Dutch response:
(Translated by S. Wiering)
An exception is made for placing and reading information on a user’s device if the intent is to obtain information about the quality or effectiveness of a delivered site, and in cases where it is determined that there will be little to no impact on the reader’s privacy. In the event that a script meets these conditions, it is excluded from the requirement of consent under Article 11.7a of the Telecommunications Act.
(Note: The Telecommunications Act is a Dutch implementation based on the EU ePrivacy Directive. [Thanks to @mmatthiessen for the clarification] )
Second, Denmark’s repsonse:
(via Google Translate)
One should not obtain consent if there is a technical necessity. We immediately take the view that this use of scanning, where you go in to a computer to see if adblockers are on, is a technical necessity.
Clearly, that’s great news for publishers — in particular publishers who use anti-adblock scripts like BlockAdblock.
Even so, Denmark’s response seems to mirror the misrepresentations of functionality as served-up to the EU by activist Alexander Hanff.
Anti-adblock scripts merely guess at the existence of an adblock plugin based on imputed information about how a webpage has been rendered within the browser. In other words, adblock detection scripts don’t “report”. They “infer”. It’s not an exact science. And it’s not possible to detect with any certainty which plugin has been installed, or that a plugin has been installed at all.
Anti Adblock scripts do not need to be stored. Nor do they retrieve “stored” information of any kind.
But, the activist keeps misrepresenting:
Clearly unhappy with Denmark’s conclusion that detecting adblock does not represent a violation of the ePrivacy Directive, Hanff went on to accuse the Danish government of getting it wrong.
(via Google Translate – back to English)
“[Adblock detection] meets none of the requirements for the exception. No website requires tracking or adblock scans to act”
Secondly, when Hanff claims that ‘No website requires adblock scans’ what exactly does “requires” mean? As I wrote in an earlier post, if “necessity” is what qualifies for an exception under the ePrivacy Directive, then logically that “necessity” must include anything upon which that website’s existence depends:
Here in the real world of non-taxpayer funded entities, one typically counts the existential financial viability of a newspaper among its necessities. If without advertising revenue the “service” itself would cease to exist, then the defense of vital and life-sustaining revenue streams are clearly “necessary” to provide the service.
How much credibility does Hanff have anyway?
When asked by the Danish government for any evidence of these meetings, Hanff was unable to provide any.
Its not looking good for Hanff. And if the statements of both Netherlands and Denmark are any indication, the legal issues surrounding the detection of ad blockers would appear to be non-issues.
Now maybe it’s time to turn the tables and question the shady activities of adblockers themselves in regards to circumvention of anti-access controls…