Is it Legal to Block the Ad Blockers?

Emily Featherstone, associate at technology and digital media law firm Kemp Little, discusses the legal challenges for mobile publishers tackling ad blocking.

Emily Featherstone

Some publishers are retaliating against the adoption of ad blocking by preventing consumers who are using ad blocking software from visiting their sites. For example, City AM includes information on its website about why it blocks content for readers using ad blockers, and other free online publications, such as Forbes and GQ also stop users from accessing their sites if they have an ad blocker in place.

Until recently, most ad-blockers were installed on desktop computers, but since ad blocking has been made possible on mobile browsers it has become more and more widespread, with growing implications for publishers. In September 2015, Apple announced that it was enabling integration with third-party ad blockers for its Safari browser, the default browser on the iPhone and iPad. Given the market penetration of these devices, this was a huge blow for the publishing industry. According to PageFair, the growth of ad blocking and its spread to mobile is expected to cost the global online advertising industry $41.4bn (£28.3bn) this year alone.

In response, publishers are working hard to educate consumers on the role played by advertising in enabling them to provide content for free. For example, when ad block use rates reached 20 per cent, publisher Incisive Media introduced a ban on access. Within 48 hours, the number of page impressions from users of ad blockers dropped by 40 per cent. However, whilst ad blocking remains popular, those publishers blocking users of this type of software from reading and viewing their content are facing tougher EU legal challenges.

Consent to access or store information
Although it’s not illegal to detect whether people visiting their websites have ad blockers installed, publishers may require consent in order to monitor the use of ad blocking technology. This is because the law requires them to ask for consent to access or store information. There is a question around whether a browser withholding information through ad blocking constitutes ‘storage’ of information in the sense of the law. Ultimately, it depends exactly how the ad blocker works. Does the browser needing access to information about the ad blocker constitute ‘access’ within the intent of the regulations?

Ad blocking providers argue that ad block detection is not “personal data” as defined by the EU because the information is anonymous and non-user specific. Alternatively, some have argued that responsive design means that websites collect information about the device a reader is using in order to deliver content in the correct format and that this falls within the “legitimate interest” condition.

Over the coming weeks, the IAB Europe is expected to share more detailed guidelines on how to manage ad blocking detection. It’s expected that they could ask all publishers to have a consent wall that asks every user whether they can run ad block detection or a consent banner that informs users about the use of ad block detection technologies and informs them that “continued use” of the site will be interpreted as consent.

Power to ad blockers, power to the consumer
In recent cases, the law has often been on the side of ad blockers. For example, Adblock Plus recently won a court case against German newspaper Süddeutsche Zeitung. The case looked at the ad blocking company’s ‘Acceptable Ads’ program, which whitelists publishers based on whether their ads meet specific criteria. The court ruled that readers of the online publication were not contractually obliged to view the ads served, and that the Acceptable Ad initiative was legal. It was further stated that the law is not there to uphold publishers’ business models and that publishers would need to innovate around the problem presented by ad blockers.

The Süddeutsche Zeitung case is the fifth win in the German courts for Adblock Plus’ owner Eyeo, highlighting how ad blockers to date are successfully defending themselves against the publishing industry. Another court case between Eyeo and German news magazine Spiegel is set to begin soon.

Consumers are clearly sending a message to publishers that they want a different experience of online content, perhaps one which doesn’t include advertisements which could be deemed intrusive and annoying. On the other hand, it may be that a user’s decision to install an ad blocker is their way of showing that they don’t want to be tracked by advertising companies. However, would it be fair on publishers if they could not detect this preference? How else are they expected to innovate and provide a solution to the problem, without having this insight into their users’ behaviour?

Preparing for the General Data Protection Regulation
The publishing industry is also having to react to new regulation, meaning that the same collection of data will not be possible in coming years. The European Union General Data Protection Regulation (GDPR), due to come into force in May 2018, will put the onus firmly on companies handling data and as such, publishers need to start thinking about these changes now to ensure they are well prepared.

The changes brought about by the GDPR include a stricter definition of “consent” and a requirement for more information to be provided to data subjects. This means that publishers will have to reassess whether they have or need consent, and provide enhanced rights and remedies for data subjects. There is also a requirement to implement data protection ‘by design and by default’ if they want to collect data from their readers, meaning that data protection will need to be integral to any initiatives or technologies taken by publishers. This expands on the principles of existing data rules (the EU Data Protection Directive, 1995) which state that data processing should be adequate, relevant and not excessive, encouraging “pseudonymisation” and “data-minimisation”. Some argue that it seems strange that publishers would have to ask people who are blocking their ads for permission to detect this activity, but this could be the reality.

There will also be much more at stake under the GDPR, meaning that publishers cannot afford any missteps around data collection and handling. The maximum fines under the GDPR will be up to €20m (£15.3m) or 4 per cent of annual worldwide turnover, whichever is the greater. This is a sharp increase on the current maximum fine of £500,000 available under the Data Protection Act 1998 (which implements the existing EU Data Protection Directive in the UK).

As with most new technology, lawyers are often forced to look towards a patchwork of existing regulation and then apply these rules to completely fresh innovations. Technologies like ad blocking are pushing the boundaries of existing law and causing confusion for many publishers who do not know how to remain compliant. In tandem with this, the empowerment that ad blockers allow, coupled with the new EU privacy regulations, means that consumers are gaining increasing control of the media landscape.

As a priority, publishers need to ensure they know how the GDPR will affect their responsibilities around data handling and ad blocking. At the same time, they are trying to improve the experience for users to reduce ad blocking rates, while working out what this technology means for their industry at large. It’s certainly a challenging picture and publishers will need to pay close attention to this area and developing case law now and in the run-up to the 2018 deadline for GDPR compliance.

Emily Featherstone is an associate at technology and digital media law firm, Kemp Little