Facebook’s efforts to circumvent ad blockers may be in violation of European Union law.
In early August the social network announced plans to work advertisements into users’ feeds even if they were using an ad blocker. However those plans might hit a roadblock in Europe.
Alexander Hanff, a privacy campaigner, received a letter in April from the European Commission in response to his concerns about ad block detectors. The letter claimed that users have a right to refuse ads, so detectors would fall under the scope of the directive and, therefore, must obtain consent much like cookies.
If anti-ad blockers interfere with the regulations, then in theory Facebook—just like any other site—would need to ask users with an ad blocker if it can circumvent this software and show them ads.
“If it were deemed that the anti-ad-blocking software that’s essentially identifying users that use ad blocking to fall within the remit of the 2011 [rules], then Facebook would have to implement the same comprehensive information and obtain the same consent as you would for cookies,” said Patrick Rennie, an associate at law firm Wiggin LLP.
The Information Commissioner’s Office (ICO) in the United Kingdom agreed in a statement that anti-ad blocker technology needs consent if it accesses a device or stores information on it.
“If an organization is using a technology that gains access to or stores information of the user’s device, then, under the Privacy and Electronic Communications Regulations, they need valid consent for this,” it said.
A spokesperson for Facebook declined to comment on the matter at this time.
It’s a grey area, though, explained Rennie. Under the directive, some cookies that are deemed to be unobtrusive are allowed. Similar examination of ad-block detectors would be necessary, too.
Paul Lanois, a technology attorney, told the Daily Dot that not all ad-blocker detection techniques are similar to cookies and thus wouldn’t need consent.
For example, this includes running a script on the page that will detect an ad—similar to the method used by some websites that request disabling ad blockers—or a script that detects how the page is rendered in the browser, where blocked ads leave gaps in the page.
“[In] all of the above cases, there does not need to be a file installed on the user’s system, nor any scan of the user’s device,” said Lanois. Therefore, there would be no violation of the ePrivacy Directive.
“Of course, this conclusion will entirely depend on the nature of the ad-blocker technique used, so it is not possible to generalize and conclude that all ad blockers are in line with the ePrivacy Directive.”
That may change soon. The ePrivacy Directive is due for reform in the coming months following an Opinion published in July.
“One would expect that the revised ePrivacy regulation would look again at cookies and what they’re going to do, and one would hope that anti-ad-blocking software, and just ad blocking in general, would be on the agenda for new legislation,” said Rennie.
Europe has become a battlefield over ad blockers in recent years. Courts have heard several cases, most notably in Germany where daily newspaper Süddeutsche Zeitung and broadcasters RTL and ProSiebenSat1 have all lost cases against Eyeo, the makers of Adblock Plus.
Facebook is staying the course on its plans for now though. It has since entered a game of whack-a-mole with ad blockers. Within days of Facebook’s announcement, Adblock Plus adjusted its filters code to once again block ads. But a mere day later, Facebook undermined the workaround. The war between online businesses and ad blockers is far from over.