Ad blocking using various applications or browser extensions is a common tool used by users when “surfing” the Internet. The benefit to the user is an ad-free browsing experience. However, advertising revenue is the primary, and sometimes sole, income for many website operators. How effectively do sites defend themselves against ad blocking? Do both parties always act in accordance with the law?
Internet users inevitably encounter online advertising in many forms - including banners, embedded videos, text ads, and pop-up windows. These ads can distract and frustrate users by slowing page loads, draining device batteries, consuming data, or even distributing malware and tracking user info. As a result, many users seek convenient, affordable ways to block ads.
Ad blockers can work in different ways, but the most common method is integrating the ad blocking directly into the browser as an extension or mobile app. The ad blocker analyses the individual elements of a webpage by address, then instructs the browser to filter out the elements that match common ad formats.
Ad creators constantly seek new ways to circumvent ad blockers, triggering an endless cycle of increasingly sophisticated technical countermeasures. As a result, regulating this technology through law becomes progressively more challenging.
Am I allowed to block ads?
Under current EU legislation, users can install ad-blocking software on their devices. In response, however, some sites and platforms have acquired tools to detect ad blockers. If a site visitor is found to be using such software, it will then implement various types of punitive measures (restrict access, request to be whitelisted).
Probably the most visible measures in recent times have been introduced by YouTube, which has gradually stepped up its fight against ad-blocking tools. First by displaying a warning message, then by limiting playback to a certain number of videos, and finally by completely blocking the service. Videos will not play until the ad blocker is disabled. Meanwhile, YouTube Premium offers an ad-free viewing experience for a subscription fee.
The procedure has met with widespread disapproval, not only from the public. Last autumn, Swedish data protection expert Alexander Hanff filed a complaint with the Irish Data Protection Commission (equivalent to the Czech Data Protection Authority). In Hanff's view, the ad blocker detection tool violates the right to privacy, specifically Article 5(3) of the ePrivacy Directive.[1] This provision, together with the Czech national regulation,[2] among other things, requires websites to obtain prior demonstrable active consent from users before using cookies. Specifically, Hanff argues that, for example, like cookies, the ad blocker detection tool stores or accesses information on the user's device without consent.
How can the site operator defend itself?
There is debate over whether ad blocker detection tools are comparable to cookies. What matters most is how these tools technically detect active ad blockers. The tools can use scripts to detect ad blockers, which, unlike cookies, do not exist as separate or separable files and are no more stored on the device than any other website content. They only allow to make an educated guess as to whether a user is actively using an ad blocker, which, from a privacy perspective, speaks in favour of detection tools.
The Irish authority has not yet provided an official statement regarding the complaint. Based on recent experience and the legal certainty of the public, we can reasonably assume that the relevant EU authorities will likely continue the established practice. This suggests it remains possible to detect ad blocker usage by website visitors through non-invasive means.[3] The long-awaited adoption of the proposed ePrivacy Regulation[4] seems unlikely to alter this practice. However, it is important to remember that ad blocking and detection technologies are diverse, differing in how much they encroach on user privacy.
Impatient web users also have access to tools that block cookies, like bars or pop-up windows. As long as rules require the universally hated proliferation of banners, it is certainly more user-friendly to install a blocking tool than to tediously select individual options on every page.
However, it is important to again ask how this blocking tool works specifically. Will it reflect my preferences? Or will it automatically reject all unnecessary cookies, or only allow cookies that improve site usability? But what if the technical solution takes the easy route and accepts all dialog boxes?
- [1] – Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).
- [2] – Section 89(3) of Act No. 127/2005 Sb., on Electronic Communications and on Amendments to Certain Related Acts (Electronic Communications Act).
- [3] – See, for example, the European Commission memorandum: Digital Single Market - stronger privacy rules for electronic communications, 2017. Available from :https://ec.europa.eu/commission/presscorner/detail/en/MEMO_17_17.
- [4] – Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) Available from: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX:52017PC0010.