On Wednesday, Wojciech Wiewiorówski, the European Data Protection Supervisor (EDPS), opined that Europe’s Digital Services Act proposal should go further in its effort to promote online transparency and safety by eliminating targeted advertising.
“Given the multitude of risks associated with online targeted advertising, the EDPS urges the co-legislators to consider additional rules going beyond transparency,” Wiewiorówski’s report [PDF] says.
“Such measures should include a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking, as well as restrictions in relation to the categories of data that can be processed for targeting purposes and the categories of data that may be disclosed to advertisers or third parties to enable or facilitate targeted advertising.”
UK watchdog sniffs around Google Chrome’s Privacy Sandbox as it may give Choc Factory all the sweeties
Targeted online ads get aimed at individuals by giants like Google and Facebook that harvest the online habits of internet users so they can deliver marketing that corresponds with detected or inferred interests. Typically, such precision comes at the cost of privacy.
Google has been a staunch advocate for targeted advertising, which the company insists leads to more relevant ads and better revenue for publishers – a claim that has been disputed. But faced with pressure from privacy advocates, a creeping thicket of privacy regulations, and competitors that exploit its soft spot for surveillance, Google has committed to phasing out a major mechanism for delivering targeted web ads – third-party browser cookies. Consequently, it has been scrambling to develop alternative systems for aiming ads through its Privacy Sandbox project. For the online ad industry, it’s a race against regulation.
The coming storm
The DSA and DMA aim to clarify the responsibilities of online service providers, platforms, and gatekeepers, to protect people’s rights online, and to provide a governance structure that encourages both innovation and competition. The former is focused on how digital service providers handle content while the latter concerns itself with the behavior of gatekeepers.
Neither of these proposals has been finalized or formally adopted; they will be hashed out in the European Parliament and by EU member states through the Council of the European Union in the months and years ahead. But even before they were introduced, US technology companies like Google – a primary target of the proposals – were lobbying against potential restrictions.
Last October, Karan Bhatia, VP of government affairs and public policy at Google, warned that the DSA could prevent Google from developing user-centric features like surfacing a map with the nearest restaurant in response to the search query “Thai food nearby.”
And when the proposals debuted in December, the US Chamber of Commerce, a private sector advocacy group, said, “Based on preliminary review, the US Chamber is concerned about the direction of today’s proposals, which target American companies almost exclusively by imposing onerous new regulatory requirements backed by steep financial penalties.”
Wiewiorówski’s advocacy for an eventual prohibition on targeted advertising may be more of a negotiating position than a realistic goal.
His opinion talks about clarifying restrictions on the sharing of personal info with advertisers for tailored web ads. The compromise position among privacy-minded Eurocrats appears to be, at very least, to make targeted advertising opt-in.
That’s still a bridge too far for companies like Google and Facebook that have fought tooth-and-nail to preserve the opt-out regime they’ve traditionally enjoyed. But given the social media-driven turmoil of 2020 and early 2021, ongoing antitrust concerns about internet giants, and repeated privacy scandals related to data harvesting, it’s hard to imagine that internet companies will be able to continue operating in a lightly regulated environment.
In an email to The Register, Dr Lukasz Olejnik, an independent privacy researcher and consultant, said he expects the EDPS opinion will be very influential as the DSA proposal get debated in Brussels.
“In this particular case it plays along the sentiment already expressed by a few political groups in the European parliament, which was also felt in the last summers’ resolution calling for a ban on micro-targeted ads,” Olejnik said. “There will be a strong opposition though, and considering the fact that ban is not included in the original proposal filed by the European Commission, I have some doubts about a full ban. However, many things will remain in flux this and likely also the next year.”
Olejnik said it’s too early to tell whether calls to ban targeted ads can be satisfied with the Privacy Sandbox solutions being tested by Google and other ad industry firms.
But if Privacy Sandbox technologies like Google’s Federated Learning of Cohorts (FloC) algorithm prove sufficiently private for EU lawmakers, “the call for a ban on targeted ads could be neatly realized on a fait accompli basis,” he said.
“This would then make policymakers very happy as they could claim that they scored a success, even though the technology was going in this direction regardless.” ®