News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | The Privacy Consequences in the Rise of Ad Blockers Related reading: TRUSTe Releases New Assessment Manager at P.S.R.

rss_feed

Content Blockers a Boon for Privacy” ran the headline from GigOm in a recent Daily Dashboard, but is it as simple as that?

Having dug a little deeper into the announcement last week that Apple was opening up iOS9 to content blocking apps, I quickly uncovered that apps such as Blockr that were advertised as "privacy protectors" were also offering to block the “annoying cookie warnings” required by EU laws under the e-Privacy Directive. This capability has been available for a while through ad blocker extensions such as http://prebake.eu but it seemed ironic that an app marketed as a privacy management tool would seek to remove the privacy protections required in EU law.

Screen Shot 2015-09-30 at 5.26.37 PMAs we know in the privacy profession, privacy best practices and laws are built on the pillars of Transparency, Notice and Choice. It now appears that some ad blockers, acting under a banner of privacy, are achieving exactly the opposite by removing consumer visibility into the tracking that’s taking place and consumers’ ability to chose which cookies and trackers they want to accept.

Industry concern

So far all the media coverage has been around the damage that ad blockers could do to the advertising industry and the business model on which so many free apps and the free Internet depends. The very day after making it to the top of the Apple download charts with Peace, powered by Ghostery, its creator Marco Arment pulled the ad-blocking app from the App Store writing, “Just doesn’t feel good.” He continued:

format_quoteAs I write this, Peace has been the number one paid app in the U.S. App Store for about 36 hours. It’s a massive achievement that should be the highlight of my professional career.

Achieving this much success with Peace just doesn’t feel good, which I didn’t anticipate, but probably should have. Ad blockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don’t deserve the hit.”

While this move does not relate to privacy and is likely testament to the extent of the concern in the ad industry over the rise of ad blockers, it is just one of the many unintended consequences of the announcement that Apple made on September 16th.

The other unintended consequence is a potential loss of online privacy protections for European consumers. And cookie notices are no longer solely a European requirement as in recent years other countries such as Brazil have also followed suit and introduced a cookie law.

What does this mean for consumers?

For consumers I’m sure this means nothing but confusion. All our research testifies to high levels of consumer concern around privacy, enflamed by revelations around government surveillance post-Snowden and fueled by frequent data breaches hitting the headlines. Forty-two percent of U.S. consumers are more worried about their online privacy than a year ago with online tracking being one of the top five causes of concern. Eighty-six percent have taken steps to protect their privacy in the last 12 months such as deleting cookies, changing privacy settings and turning off location tracking.

The advertising industry has introduced self-regulatory programs in the U.S., Canada and the EU which offer consumers choice and are developing increasing traction with companies and growing consumer awareness. But many consumers are still turning to ad-blockers with recent industry research from PageFair and Adobe showing that in the second quarter of 2015, the number of ad-blocking software users across the globe grew by 41 percent from last year, and the loss of global revenue due to blocked advertising is estimated to reach $21.8 billion this year.

While there is no shortage of data or people within the advertising industry willing to talk about the negative impacts of ad blockers, there are far fewer people talking about the introduction of cookie notice blocking extensions and filters in ad blockers. The rise of ad blockers seems to be bad for consumer privacy as well as the ad industry.

Our online experiences will all be diminished if app developers, regulators and advertisers can’t find the right balance between creativity, innovation and privacy protections.

As the Internet of Things presents a new advertising opportunity and business model, these are important issues to address. At the same time European regulators are in the throes of finalising a technology-neutral General Data Protection Regulation and stricter requirements around consent and tracking could also have unintended consequences if we see a rise in cookie notice blockers.

What’s next, an app which blocks those “annoying long privacy policies” and just lets you sign in without having to scroll through at all?

Author
Headshot Eleanor Treharne-Jones Nonmember Contributor
Tags
Marketing/Retail
Big Data
Privacy-Enhancing Technology
4 Comments

If you want to comment on this post, you need to login.

  • comment Geoffrey Nathan • Oct 1, 2015 
    I do not believe the Cookie Notifications from European websites 'protect' our privacy. Since they appear on every European website you visit, they do not convey information. They are no more informative than the slashes and dots in the web address. They are merely background noise which folks will filter out after one or two visits, if they even notice them. Hence, ad-blocking software which treats them as 'spam' is operating correctly and fulfilling its function.
  • comment Mike O'Neill • Oct 1, 2015 
    Many of these cookie notices are indeed deliberately ineffective , do not convey information and are simply a smokescreen for hiding tracking, but some are definitely not. Our own product, CookieQ, actively manages first-party cookies by deleting them from a user's browser if they are not registered by the site as "strictly necessary", and uses the latest HTML5 APIs to block third-party elements that the user has not agreed to. We were the first to release a product in 2011 around the time Evidon/Ghostery started mischaracterising us as a "tracker" that supported their silly AdChoices opt-out (we are not, as they are, a component of the AdTech ecosystem,  have never collected or used personal data etc.), and as a result blocked by Ghostery users who end up with far worse privacy protection as a result.
There was an orchestrated attempt in the early days to ridicule the e-privacy directive which led to half-hearted guidance from some data protection authorities that opened the door to these annoying placebo banners. But user control to stop personal web activity data being collected/used without their knowledge or consent is necessary and popular, as evidenced by the rise of the Ad Blockers.
  • comment Jay Libove • Oct 2, 2015 
    Geoffrey is quite right (and more eloquent than I would have been). People who run ad blockers most likely are also blocking the very cookies about which the cookie notices uselessly advise .. meaning that it shouldn't be interpreted as "Adblockers reduce privacy" but rather "Complete ad+tracking_cookie blockers save lots of time".

We know as privacy professionals that "notice" is not meaningful in bulk cases, and "consent" is not real (as it is beyond the comprehension and/or time horizon for most users) for anything except first party specific data collection.

Thus the "loss" of "privacy" from adblockers blocking cookie notices is minimal at most.
  • comment Christophe Hug • Oct 2, 2015 
    I agree with Geoffrey. Rather than sparking outrage, the fact that such a feature even exists and is being used should encourage the privacy industry to think about innovative ways to protect people's privacy that are both user-friendly and meaningful.
All the blocker does really is to automate something that most people will do manually every time. Does anyone really read those notices the first time they access a web site, let alone read them again on a regular basis to see if anything has changed?
Related Stories
TRUSTe Releases New Assessment Manager at P.S.R.
Here at P.S.R., TRUSTe has announced the release of Assessment Manager 2.0, an update to its SaaS privacy assessment solution. New features include privacy Key Performance Indicators, enhanced reporting, risk scoring and new assessment templates, including one for the pending General Data Protection...
Read More queue Save This
Do Not Track 2.0
Earlier this week, the World Wide Web Consortium (W3C) announced another major milestone in the standardization of Do Not Track. Most notably, the technical mechanism will soon be certified for widespread implementation. While this progress is noteworthy, it’s also important to recognize that the W...
Read More queue Save This
Lovejoy: You’re All Infected
“Fact: Every one of our institutions is infected.”  Thus did Kristin Lovejoy, former CISO at IBM and current CEO at Acuity Systems, enter the Privacy. Security. Risk. stage here in Las Vegas. In fact, if your security team is telling you you’re not infected, they’re probably just bad at their jobs...
Read More queue Save This
TRUSTe Introduces New Opt-Out Feature
TRUSTe has announced its TRUSTed Ads Compliance Manager has a new component: Dynamic Platform Protection. The program employs a "single smart tag" that companies can use to streamline opt-out functions on both desktop and mobile devices. "With the addition of Dynamic Platform Detection, TRUSTe is ta...
Read More queue Save This
A regulatory roadmap to AI and privacy
To address the data privacy issues artificial intelligence development causes, the rapid deployment of the technology is "making it glaringly clear that a privacy law rethink is long overdue," TeachPrivacy President and CEO Daniel Solove writes. Solove warned against carving out policies that furthe...
Read More queue Save This
Related Stories
Tags
Marketing/Retail
Big Data
Privacy-Enhancing Technology
Recent Comments