New report: To track or not to track? Towards privacy-friendly and sustainable online advertising

Is advertising based on invasive tracking and profiling the only way to pay for online content? What individual, societal and economic costs does it bring about? What is preventing the uptake of privacy-friendly alternatives?

Our new report: To Track or Not to Track? Towards Privacy-friendly and Sustainable Online Advertising shows that it’s actually possible to reform the ad tech industry without bankrupting online publishers. But in order to make that happen, EU policymakers must create a regulatory push by enforcing the GDPR and adopting new rules which would incentivise the uptake of alternatives.

The false choice between online privacy and funding the web

The online advertising industry has become toxic. Internet users are tracked, surveilled, and targeted with ads that may exploit their vulnerabilities. Publishers – forced to play by the rules set by large online platforms – must prioritise content that rewards engagement, not truth or civility — and then hand up to 70% of profits over to advertising middlemen. Advertisers lose billions of dollars to bots fabricating clicks. And society at large reckons with the misinformation and polarisation that results from all this. Only big online platforms and the data brokers lurking in the background benefit.

Meanwhile, many users, publishers, and governments have conceded that this is unavoidable. That we either tolerate invasive digital advertising, or else all of online publishing collapses. This is a false choice – there is a way to sustain online publishing and uphold privacy.

In fact, evidence shows that contextual advertising, which does not rely on personal data, can be more profitable for publishers and equally if not more effective for advertisers. Ad targeting that is limited to shallow behavioural insights collected directly by publishers and subject to users’ control can also be a valid alternative.

A vicious circle?

Although the ad tech industry is under scrutiny by data protection authorities in 17 EU jurisdictions, business carries on as usual and advertising based on surveillance continues to dominate. However, the lack of GDPR enforcement, instead of helping publishers, further cements their dependence on the ad tech industry and throttles the development of privacy-friendly alternatives.

We are stuck in a vicious circle. The failure of data protection authorities to send a clear signal that excessive tracking is illegal prevents the mass uptake of privacy-friendly solutions. When alternatives are not implemented at scale, gathering enough evidence to demonstrate that they can be equally if not more sustainable for publishers is a massive challenge. This further consolidates the market driven by the logic of more data and more personalisation.

Fixing the root cause, not the symptoms

In order to break this vicious circle, apart from enforcing the GDPR, the EU should adopt a systemic regulatory response aimed at fixing the root cause and not the symptoms of the problem. A coherent regulatory framework would include both:

• a prohibition on cross-site tracking and targeting in the ePrivacy regulation, and
• an effective restriction of the online platforms’ power to gather data in the Digital Services Act package.

The former would end publishers’ reliance on ad tech middlemen and promote contextual and first-party targeting, while the latter would ensure that online platforms do not dictate the rules of the game and capture most of advertising budgets. By coupling promising new models with common-sense regulations, the EU has a chance to reform a toxic industry. But the window to do so is only temporary. We have to act now, as the ePrivacy regulation and the DSA are malleable.

The report was prepared by Panoptykon’s lawyer and policy analyst Karolina Iwańska as part of her Mozilla EU Tech Policy Fellowship.

Support our work! Donate to Panoptykon Foundation