- Oct 23, 2012
- 12,527
A letter from the President of the European Commission may spark an ongoing war between privacy advocates and online publishers that use anti-ad-blocking filters on their sites.
Alexander Hanff, CEO of Think Privacy Inc., has penned a letter to Jean-Claude Juncker, EC's president, this past winter, asking for clarification regarding the language of the e-Privacy Directive's Cookie Law.
Mr. Hanff wanted to know if the cookie law is referring strictly to browser cookies or the general notion of gathering "any information stored on such equipment [is] part of the privacy sphere of the users requiring protection."
Scanning for ad-blockers breaks the EU's e-Privacy Directive
The response of the European Commission was clear, and that any type of server or client-side scripts that attempt to access or collect information stored on the user's devices fall under the e-Privacy's umbrella, meaning that publishers need to ask for permission before gathering any type of data, not just about cookies.
Under Mr. Hanff's expert opinion, this also includes ad-blocking blocking technologies that prevent users from viewing a website's content if they have an ad-blocker installed in their browser.
Alexander Hanff, CEO of Think Privacy Inc., has penned a letter to Jean-Claude Juncker, EC's president, this past winter, asking for clarification regarding the language of the e-Privacy Directive's Cookie Law.
Mr. Hanff wanted to know if the cookie law is referring strictly to browser cookies or the general notion of gathering "any information stored on such equipment [is] part of the privacy sphere of the users requiring protection."
Scanning for ad-blockers breaks the EU's e-Privacy Directive
The response of the European Commission was clear, and that any type of server or client-side scripts that attempt to access or collect information stored on the user's devices fall under the e-Privacy's umbrella, meaning that publishers need to ask for permission before gathering any type of data, not just about cookies.
Under Mr. Hanff's expert opinion, this also includes ad-blocking blocking technologies that prevent users from viewing a website's content if they have an ad-blocker installed in their browser.
In order to work, those websites need to run JavaScript code in the users' browsers. These scripts gather information about the users' local configuration, an action which falls under the Commission's interpretation of scanning and collecting private user data, hence must be prompted and asked for permission.
Based on this response, to comply with this new interpretation of the cookie law, Internet publishers must ask you if they can scan your browser for ad-blocking software, and then prompt you to disable the ad-blocker if you agree.
The problem of server-side scripts
Mr. Hanff's says that his original letter only included the question of client-side scripts that scanned for ad-blockers, but he points out that the answers received from the European Commission include references and legal opinions that cover server-side scripts as well.
Under this latter category, any analytics service could potentially be affected. Mr. Hanff has answered Softpedia's inquiry, and he argues that this is true. Any analytics service, that employ client or server-side scripts, should also ask for permission. Until now, only analytics services that deployed client-side cookies were affected by the EU Cookie Law. This means that analytics services, commerical or deployed in-house, relying on server-side scripts are also impacted and may need to ask for permission.
This is just one of the questions we can raise from this letter. Of course, the ramifications of this response might need to be debated by people with actual in-depth knowledge of EU law, and not us.
What is certain is that Mr. Hanff has pledged to use the answer he received from the European Commission to start legal actions against any publisher that blocks users with ad-blockers installed to access their websites.
Below are tweets from Mr. Hanff on this matter, along with images of the answer he received from the European Commission.
In formal opinion @EU_Commission reference #adblock detection as #spyware under Recital 24 & 65 of Citizens' Rights Directive #privacy — Alexander Hanff (@alexanderhanff) April 20, 2016 To all #publishers currently detecting #adblockers in EU - look out, I am coming for you and I am very well armed. #privacy #spyware — Alexander Hanff (@alexanderhanff) April 20, 2016 I should clarify that the specific question I asked the @EU_Commission was regarding clientside scripts #adblocking #privacy (more) — Alexander Hanff (@alexanderhanff) April 20, 2016 they were very clear that ANY attempt to store or access stored information requires informed & specific consent (more) — Alexander Hanff (@alexanderhanff) April 20, 2016 so even serverside scripts which collect information from a users device is covered under this formal opinion #adblocking #privacy #spyware — Alexander Hanff (@alexanderhanff) April 20, 2016 Since so many people are bugging me for them here are photos of the relevant pages of letter. pic.twitter.com/vcTG0qdhIC — Alexander Hanff (@alexanderhanff) April 20, 2016