Adtech – an offer you can’t refuse

This spring, Apple will implement a new policy that will require App Store developers to ask for users’ permission in order to track them online. The announcement was met with harsh criticism by the online advertising industry — Facebook, for instance, bought full-page advertisements and launched a head-on campaign against Apple’s upcoming feature.

But why is a small opt-in box sparking such an energetic debate? And why are analysts forecasting billions of losses for Google and Facebook revenues? Let’s go in order.

Every crisis an opportunity

Why should you allow strangers to know every website you visit, every online article you read, and every purchase you make, with no assurance whatsoever about their intention, confidentiality, or reputability?

The online advertising industry seem to be worried about the answer you may give to this question: in the past, they would not bother asking you and conveniently pre-tick consent boxes on your behalf. Then the GDPR came into force, and with it, the requirement to obtain your affirmative, specific, unequivocal consent.

The adtech industry could have chosen to comply with the law, but they chose to rely on dark patterns instead — interfaces that are carefully designed to deceive you into doing things you otherwise wouldn’t. That’s how the internet got flooded with cookie banners, where it is very easy to say yes but incredibly difficult to say no. When this is not enough, the online advertising industry may even refuse to accept “no” as an answer — for instance, by claiming that they rely on their terms of service, or that they are processing your data because they have a legitimate interest in doing so.

No means no

The attitude of the online advertising industry isn’t really winning the hearts and minds of internet users, who started to use ad blockers and other privacy tools in order to make the choices the adtech industry would deny them. Unsurprisingly, software companies noticed this trend and followed suit, in an attempt to attract new users.

Apple was one of those. At first, they started to implement stronger protections against online surveillance within their browser, as well as in their own operating system. Recently, they implemented a new policy that requires iOS apps to disclose how they will be using personal data, as well as the requirement to obtain users’ affirmative consent to track their activities online.

Apple’s policy isn’t flawless either. Indeed, even if iOS apps will have to ask users to gain access to IDFA — Identifier for Advertisers, which is used to track and target Apple users — this is still being stored on every device, without users’ knowledge or consent. This is in contravention of the GDPR, which would require the storage of this information to be preceded by the affirmative consent of the user. Also, the identifier can still be used by Apple regardless of users’ choices, although they do not sell advertisement.

Having said that, every step toward stronger protections against online surveillance is a welcome development. Individuals should be given back control over how their data is being used online, and have the right not to be bothered by high-tech peeping Toms who “move fast and break things”.

“We need to inflict pain”: Adtech send their regards

The adtech industry may have faced the growing hostility against them, and endeavour to rebuild their relationship with internet users — say, by genuinely asking their permission before tracking their online activities. Unfortunately, they chose a different approach.

Facebook went all in with a rather “laughable campaign” and the pretence that they, a 770 billion tech company, would “speak up for small businesses”. Later on, Mark Zuckerberg sportingly reacted by spelling out his intention to “inflict pain” to Apple, in retaliation to their refusal to back down from their plans.

Joining forces with Facebook is the Interactive Advertising Bureau, a consortium that develops a widely adopted cookie consent framework. While the latter has been found to be illegal in many instances, the IAB does not seem to bother about these “trivialities” and is instead accusing Apple of anti-competitive behaviours.

What’s ahead

One the one hand, Apple’s move is exposing the true colours of the adtech industry, as well as the dire need of reforming a sector that systematically violates human rights. However, it is quite worrying that progress in this field is being achieved because of Apple’s own corporate policies and volition, rather than as the implementation of a legal regime that is meant to promote our data rights. We need privacy on the internet; but, most importantly, we need the internet to be open, plural, and regulated by institutions we can hold to account. In other words, we need rules that are shaped and enforced for our own good, rather than the ephemeral self-interest of some tech behemoth.

Open Rights Group wants to turn adtech and online tracking into an offer you can refuse. We are bringing the ICO to Court over their failure to enforce the law and carry out a much needed regulatory sweep on the adtech industry. Also, our work with EU partners may strike at the heart of the IAB Transparency and Consent Framework, one of the main enabler of the adtech fake consent model. Finally, we believe that the issues of consent implementation can be successfully tackled by giving legal mandate and recognition to users’ choices which are made via software settings — such as the Do Not Track signal, or the most recent Global Privacy Control. This is already a reality in California, and we are supporting efforts to introduce a similar provision in the upcoming ePrivacy Regulation.

Want to know more? Keep tuned or join us, and help us protect your rights in the digital age.