Last December the European Commission outlined the Digital Services Act (DSA), a new piece of legislation designed at curbing the power of the tech giants and preventing anticompetitive practices.
The legislation is far reaching, covering areas including online advertising, social platforms, and e-commerce. It was framed by the EU’s competition commissioner Margrethe Vestager as the European Union’s effort to restore order to an online landscape increasingly dominated by a small number of large companies.
Since the Commission’s big announcement, the DSA has been going through the long and complex process of being passed into law. Part of this process involves the European Parliament and European Council proposing amendments to the law, passing the bill back and forth until a final draft is agreed upon.
One proposal entered in the European Parliament stands out – a proposal to entirely ban the use of personal data in targeted advertising.
Several similar amendments have been proposed by different groups of MEPs. But each of these has the same basic principle, that personal data should not be used to target online ads, regardless of consumer consent.
Such a move would mark a significant change of course for privacy policy in the EU, which has so far been mostly centred on giving consumers more control of how and where their data is used, and an ability to opt-out of data collection and processing.
Patrick Breyer, a German MEP who sits as part of the Greens/European Free Alliance political group, is one of the members pushing these amendments. He told VideoWeek that he and his allies feel that current consent-based legislation doesn’t go far enough to protect consumers’ interests.
“Firstly, the data about our online activities and behaviour that is being gathered is extremely sensitive,” he said. “It allows you to infer information on the likely personality traits of people including their sexual orientation, psychological problems, all that sort of stuff. And that information can be used to manipulate people into buying things, but also for political purposes.”
Breyer added that banning hyper-targeted advertising using personal data would create more of a level-playing field between online media and traditional media, helping to counter news publishers whose revenues are struggling.
And Breyer believes that consent mechanisms as they currently stand don’t really represent a free choice on the part of consumers. “Websites make it very complicated to deny consent, which is why more than seventy percent of users end up consenting to use of personal data,” he said. “Also websites don’t respect browser settings, you’re pestered again and again on every website. And some sites won’t allow me to use them if I don’t consent to data collection, so it’s not a free and fair choice.”
“A matter for society as a whole”
Critics of these proposals say they would be over-reactive, and that existing privacy legislation adequately protects users’ interests.
Townsend Feehan, the CEO of IAB Europe, an industry trade group, wrote an open response to the European Parliament’s first calls for a ban on targeted advertising. Feehan argued that such proposals could lead to digital advertising “falling into decay”, and eventually putting EU media “at risk of perishing”.
“Targeted advertising is portrayed as a practice that takes advantage of blindsided users and offers them little in return,” said Feehan. “This is a reactive opinion that fails to take account of the wider applications of targeted advertising, and even more importantly, of the existing EU privacy and data protection framework that is binding on any data-driven business, which in fact is all digital advertising these days.”
Feehan also cited GfK research which found that 69 percent of consumers in Europe would prefer to give up personal data in exchange for free content.
But Breyer believes that this issue goes beyond individual choice. “Surveillance-based advertising has implications for society as a whole, especially when it comes to political manipulation,” he said. “That’s why it’s not sufficient to let every individual decide, as they don’t necessarily understand all the implications, and it’s a matter for society as a whole to be concerned about.”
And Breyer believes that contextual targeting, which would still be allowed under the proposed amendments – so long as it doesn’t involve personal data – would be sufficient to sustain ad revenues. “We’ve already seen businesses which have successfully reverted back to contextual advertising, like the European edition of the New York Times,” he said. “They are doing very well with it. So I don’t buy the alarmist claims by the industry on this.”
Finding a middle ground
While Breyer and his cohort’s aims are radical, he’s also something of a realist in terms of what they’ll actually achieve.
European Parliament has shown support for the idea. Last year a slim majority passed a motion asking the European Commission to consider phasing out use of personal data in targeted advertising.
But the legislative process in the EU could easily see these proposals killed off before they reach the final draft of the DSA. “I’m not sure it’s very likely that this will survive all the negotiations that have to happen within the European Parliament and then also within the Council, and all the member states,” said Breyer.
But Breyer is hopeful that he will be able to push for a middle ground, where stronger opt-in rules are written into the DSA.
“I call the model ‘opt-in plus’, and that would be an opt-in model that respects browser settings,” said Breyer. “In that model, you wouldn’t be asked by every website about use of data, you could opt-out at a browser level. And websites wouldn’t be able to shut out users who don’t agree to surveillance, they would have to offer some viable alternative access to their content.”
Some of the things the privacy advocates are pushing for are arguably already enshrined in the EU’s General Data Protection Regulation (GDPR). The requirement that opting out should be as easy as opting in, for example, is outlined in GDPR. But many companies still aren’t complying, and GDPR complaints are piling up in Ireland’s Data Protection Commission, a process which Breyer said may take years to resolve.
“I think clear and additional rules are needed, even if some or all of what we’re asking for might be interpreted as part of existing laws,” said Breyer. “It will take a long time, and we don’t know how the courts will interpret these laws. Therefore it’s our job as the legislator to provide clarity.”
