At the start of July, the Dutch Minister for Economic Affairs Henk Kamp confirmed to the Dutch parliament that the detection of ad blockers does not require the consent of internet users, nor a duty to inform users. For the online advertising industry this is good news. With this blog, I want to explain why the use of ad block detection tools was under question in the first place.
The issue can be traced back to the ePrivacy Directive (2002/58/EC), which was drafted in 2002, underwent amendments in 2009, and is currently under review again. The directive mostly regulates the telecommunications sector, but in Article 5(3) requires that users give their informed consent for the storing of information or access to information already stored on their devices. The main purpose of this article was to regulate the use of internet cookies, but due to its technologically neutral wording it has opened up avenues for much broader interpretations. Such a broad interpretation could include Java scripts used to detect whether a user’s browser is displaying ads or not.
In the Netherlands, the government transposed the law into its Telecommunications Act, specifically Article 11.7a. The Minister spoke about this article in the context of a Parliamentary question posed by a Dutch Member of Parliament. The question referred to two news articles from Dutch online publishers about what she called the ‘European Commission’s statement that detecting ad blockers is illegal under European legislation’.
This statement actually came in the form of a letter, specifically addressed to a privacy activist who had shared some of the pages on his Twitter feed. In the context of those pages, he then declared that he would be taking publishers to court if they engage in the detection of ad blockers, as the European Commission had now ‘declared’ the practice illegal in its letter. However, the Commission’s letter isn’t actually that damning, and merely reiterates what the law states. What the privacy activist actually asked the Commission was whether the “storing of scripts” is illegal without the consent of users.
In its response, the Commission explained that, in principle the consent requirement is applicable as long as the practice requires storing of information or accessing information on a user’s device. The letter also clarifies that this interpretation is without prejudice to the exceptions included in the cookie provision but did not further clarify this. To say that scripts are ‘stored’ on a device is also misleading, but the Commission rather sees it as ‘accessing’ information from devices.
In any case, the European Commission does not have the responsibility of interpreting European law – this is actually the responsibility of the Court of Justice of the European Union. The Commission’s interpretation is thus not binding. Besides, directives aren’t usually directly applicable to the citizens of EU Member States. Each Member State has to transpose the law into their own national legal systems, which leaves a certain margin of discretion for implementation. Regulatory authorities will also interpret laws and apply them in different ways, evidenced by the fact that the cookie provision itself is applied in a different way in the Netherlands than it is in most EU Member States. However, in the Netherlands a definitive answer to this particular issue has now been given by the Minister for Economic Affairs.
His answers declare that the cookie provision is applicable to scripts used to detect ad blockers, but it benefits from an exception to the consent and information requirements. The Consumer and Markets Authority (Autoriteit Consument en Markt, ACM), which informed the Minister, is of the opinion that the scripts are used to obtain information about the quality or effectiveness of the page served to web users, and that its privacy impact on users is null or at most miniscule.
The Netherlands isn’t alone in this interpretation – the Danish authority has also announced to the press that detecting ad blockers does not require the consent of users. It is especially interesting that the Netherlands, which uses a strict opt-in approach for cookie consent, has come out in clarification of this, but it is very positive to see governments take a practical approach to the issue. After all, if all scripts which adapt the website’s content to the web browser it’s viewed on required consent, then consumers would need to consent to virtually anything they do on the internet when visiting a website.