Report 25.11.2020 3 min. read Text Image Is advertising based on invasive tracking and profiling the only way to pay for online content? What individual, societal and economic costs does it bring about? What is preventing the uptake of privacy-friendly alternatives? Our new report: To Track or Not to Track? Towards Privacy-friendly and Sustainable Online Advertising shows that it’s actually possible to reform the ad tech industry without bankrupting online publishers. But in order to make that happen, EU policymakers must create a regulatory push by enforcing the GDPR and adopting new rules which would incentivise the uptake of alternatives. >> DOWNLOAD THE REPORT << The false choice between online privacy and funding the web The online advertising industry has become toxic. Internet users are tracked, surveilled, and targeted with ads that may exploit their vulnerabilities. Publishers – forced to play by the rules set by large online platforms – must prioritise content that rewards engagement, not truth or civility — and then hand up to 70% of profits over to advertising middlemen. Advertisers lose billions of dollars to bots fabricating clicks. And society at large reckons with the misinformation and polarisation that results from all this. Only big online platforms and the data brokers lurking in the background benefit. Meanwhile, many users, publishers, and governments have conceded that this is unavoidable. That we either tolerate invasive digital advertising, or else all of online publishing collapses. This is a false choice – there is a way to sustain online publishing and uphold privacy. In fact, evidence shows that contextual advertising, which does not rely on personal data, can be more profitable for publishers and equally if not more effective for advertisers. Ad targeting that is limited to shallow behavioural insights collected directly by publishers and subject to users’ control can also be a valid alternative. A vicious circle? Although the ad tech industry is under scrutiny by data protection authorities in 17 EU jurisdictions, business carries on as usual and advertising based on surveillance continues to dominate. However, the lack of GDPR enforcement, instead of helping publishers, further cements their dependence on the ad tech industry and throttles the development of privacy-friendly alternatives. We are stuck in a vicious circle. The failure of data protection authorities to send a clear signal that excessive tracking is illegal prevents the mass uptake of privacy-friendly solutions. When alternatives are not implemented at scale, gathering enough evidence to demonstrate that they can be equally if not more sustainable for publishers is a massive challenge. This further consolidates the market driven by the logic of more data and more personalisation. Fixing the root cause, not the symptoms In order to break this vicious circle, apart from enforcing the GDPR, the EU should adopt a systemic regulatory response aimed at fixing the root cause and not the symptoms of the problem. A coherent regulatory framework would include both: a prohibition on cross-site tracking and targeting in the ePrivacy regulation, and an effective restriction of the online platforms’ power to gather data in the Digital Services Act package. The former would end publishers’ reliance on ad tech middlemen and promote contextual and first-party targeting, while the latter would ensure that online platforms do not dictate the rules of the game and capture most of advertising budgets. By coupling promising new models with common-sense regulations, the EU has a chance to reform a toxic industry. But the window to do so is only temporary. We have to act now, as the ePrivacy regulation and the DSA are malleable. The report was prepared by Panoptykon’s lawyer and policy analyst Karolina Iwańska as part of her Mozilla EU Tech Policy Fellowship. Support our work! Donate to Panoptykon Foundation Fundacja Panoptykon Author Previous Next See also Article Belgian authority finds IAB Europe’s consent pop-ups incompatible with the GDPR Following a number of complaints filed in 2018 and 2019, including by Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and… 16.02.2022 Text Article Hide and Seek: Polish DPA agrees that people should be able to access their advertising profiles, but there’s no way to do so Following Panoptykon’s General Data Protection Regulation (GDPR) complaint against one of the biggest Polish news website, Interia.pl – the Polish Data Protection Authority has confirmed that online publishers should give users access to their advertising profiles generated for the purposes of… 24.01.2022 Text Article Panoptykon files complaints against Google and IAB Europe On the International Data Protection Day, 28 January 2019, Panoptykon Foundation filed complaints against Google and IAB Europe under the General Data Protection Regulation (GDPR) to the Polish Data Protection Authority (DPA). The complaints are related to the functioning of online behavioural… 28.01.2019 Text