This note analyses additional granular data from Dutch publisher NPO, and presents lessons for the publishing industry about privacy and revenue based on six months of data from a publishing group that removed 3rd party tracking.
Tag: GDPR
New data shows publisher revenue impact of cutting 3rd party trackers
This note shares new data on publisher revenue impact from switching off 3rd party ad tracking.
New data shows publisher revenue impact of cutting 3rd party trackers
This note shares new data on publisher revenue impact from switching off 3rd party ad tracking. In January, the Dutch national broadcaster, NPO, switched off 3rd party tracking ad targeting. NPO has an online video audience of 7.1 million per month, and display reach of 5.8 million per month.[1] Revenue impact I have examined Ster’s revenue figures, … Continue reading New data shows publisher revenue impact of cutting 3rd party trackers
Johnny Ryan’s privacy keynote for P&G
Procter & Gamble invited Dr Johnny Ryan of Brave to give a (remote) keynote address about how advertisers should adapt to the privacy-first future.The presentation covers the problems with conventional advertising technology, risks to brands and media sustainability, and sets out several alternative models. See the video here. For reasons made clear in this keynote presentation, … Continue reading Johnny Ryan’s privacy keynote for P&G
Industry discussion on the GDPR at 2 years old, and future EU regulatory development
Senior representatives of advertisers, publishers, and intermediaries discuss two years of the the GDPR in a discussion hosted by Brave. Participants: Dr Johnny Ryan, Chief Policy Officer, Brave;Catherine Armitage, Director of Digital Policy, World Federation of Advertisers;Conor Murray, Director of Regulatory and Public Affairs, EGTA;Mathilde Fiquet, Director General, FEDMA. The discussion covers the impacts of the GDPR so far, and … Continue reading Industry discussion on the GDPR at 2 years old, and future EU regulatory development
New data on GDPR enforcement agencies reveal why the GDPR is failing
New data from Brave show that European governments have not equipped their national authorities to enforce the GDPR. Brave presents Europe’s governments are failing the GDPR, a report on data protection authorities’ (DPAs) capacity to enforce against tech infringements of the GDPR. Two years after the GDPR was first applied, the GDPR is now in danger … Continue reading New data on GDPR enforcement agencies reveal why the GDPR is failing
Brave uncovers widespread surveillance of UK citizens by private companies embedded on UK council websites
Brave has uncovered widespread surveillance of UK citizens by private companies embedded on UK council websites. "Surveillance on UK council websites", a new report from Brave, reveals the extent of private companies’ surveillance of UK citizens when they seek help for addiction, disability, and poverty from their local government authorities.
The ICO’s failure to act on RTB, the largest data breach ever recorded in the UK
The ICO has today announced that it will be taking no substantive action to fix "RTB", the largest data breach ever recorded in the UK. Regulatory ambivalence cannot continue. We are considering all options to put an end to the systemic breach, including direct challenges to the controllers and judicial oversight of the ICO.
Ryan’s testimony at International Grand Chamber: RTB data breach enables disinformation. Enforcers can be sued.
Ryan's testimony at International Grand Chamber: RTB data breach enables disinformation. Enforcers can be sued.
Competition issues in digital markets
This note presents a submission from Dr Johnny Ryan of Brave, and Dr Orla Lynskey of the London School of Economics, to the UK Competition & Markets Authority.
Why marketers must conduct GDPR Data Protection Impact Assessments of RTB
This note examines the GDPR requirement that marketers conduct data protection impact assessments (DPIAs) when buying digital media using “real-time bidding” advertising.
Brave uncovers Google’s GDPR workaround
Brave presents new RTB evidence, and has uncovered a mechanism by which Google appears to be circumventing its purported GDPR privacy protections.
Brave、GoogleによるGDPR回避を明らかに
[et_pb_section fb_built="1" fullwidth="on" _builder_version="3.22" use_background_color_gradient="on" background_color_gradient_start="#00010c" background_color_gradient_end="#353535" background_color_gradient_direction="14deg" custom_padding="0px|0px|40px|0px"][et_pb_fullwidth_post_title comments="off" featured_image="off" text_color="light" admin_label="Fullwidth Post Title" _builder_version="4.0.11" title_font="Poppins|500|||||||" title_text_align="center" title_font_size="46px" meta_font="Muli||||||||" meta_text_align="center" meta_text_color="rgba(255,255,255,0.8)" meta_font_size="18px" text_orientation="center" max_width="80%" max_width_tablet="" max_width_phone="" max_width_last_edited="on|phone" module_alignment="center" custom_padding="|||" title_font_size_tablet="" title_font_size_phone="32px" title_font_size_last_edited="on|desktop"][/et_pb_fullwidth_post_title][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|phone" admin_label="section" _builder_version="3.22" background_color="#fafafc" custom_padding="60px|4vw|0px|4vw" custom_padding_tablet="" custom_padding_phone="|0px||0px"][et_pb_row column_structure="1_4,3_4" custom_padding_last_edited="on|desktop" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" custom_padding="0px|||" custom_padding_tablet="" custom_padding_phone="|0px||0px" custom_width_px="700px"][et_pb_column type="1_4" _builder_version="3.25" background_position="top_left" custom_padding="|||" … Continue reading Brave、GoogleによるGDPR回避を明らかに
Response to IAB Europe statement on its failure to answer the Irish Data Protection Commission
Dr Johnny Ryan responds to a statement from IAB Europe regarding its failure to answer the Irish Data Protection Commission. Four months on, both I and the Data Protection Commission are still waiting for the first explanation of how “IAB Europe is confident that the way it obtains consent for the use of cookies on its website complies with the requirements of the law”.
IAB Europe fails to answer Irish Data Protection Commission
IAB Europe fails to answer questions from Irish Data Protection Commission arising from formal GDPR complaint by Brave's Dr Ryan against IAB Europe's "forced consent" and consent walls.
A summary of the ICO report on RTB – and what happens next
This note summarizes the ICO report on real-time bidding, which vindicates the GDPR complaints initiated by Brave, and points toward the solution.
Major publisher group DCN tells regulators “the sky won’t fall” if RTB switches to safe, non-personal data.
DCN's CEO, Jason Kint, says removing personal data from bid requests might disadvantage adtech companies, but the sky won’t fall for publishers.
Brave answers US Senators questions on privacy and antitrust
Brave answers Senators Whitehouse, Booker, Graham and Leahy’s questions for the record from the US Senate Judiciary Committee hearing on privacy and anti-trust.
Google faces first investigation by its European lead authority for “suspected infringement” of the GDPR, following formal complaint from Brave
Today, Ireland’s Data Protection Commission (DPC) has announced a major GDPR probe into “suspected infringement” by Google’s DoubleClick/Authorized Buyers advertising business. The probe was triggered by a formal complaint from Dr Johnny Ryan, Chief Policy Officer at Brave, the private web browser.
Dr Johnny Ryan’s testimony at the US Senate Judiciary Committee
Dr Johnny Ryan's testimony at the US Senate Judiciary Committee hearing on “Understanding the Digital Advertising Ecosystem and the Impact of Data Privacy and Competition Policy”.
Ad Tech GDPR complaint is extended to four more European regulators
GDPR complaints about Real-Time Bidding (RTB) in the online advertising industry were filed today with Data Protection Authorities in Spain, the Netherlands, Belgium, and Luxembourg. The complaints detail the vast scale of personal data leakage by Google and other major companies in the “Ad Tech” industry.
Formal GDPR complaint against IAB Europe’s “cookie wall” and GDPR consent guidance.
A formal complaint has been filed with the Irish Data Protection Commissioner against IAB Europe, the tracking industry’s primary lobbying organization.
Brave alerts the FTC about two major problems in digital media & services markets
Big tech companies "cross-use" user data from one part of their business to prop up others. This hurts innovation & choice. The FTC must investigate. Plus, the GDPR is emerging as a defacto international standard. Whether this helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws.
French regulator shows deep flaws in IAB’s consent framework and RTB
French regulator's decision against Vectaury confirms that IAB “Transparency & Consent Framework” does not obtain valid consent, and illustrates how even tiny adtech companies can unlawfully gather millions of people’s personal data from the online advertising “real time bidding system” (RTB).
Why GDPR is Kryptonite to Google & Facebook on Anti-Trust
This is Brave's response to a call for stakeholder input from the European Commissioner for Competition, Margrethe Vestager.
Brendan Eich writes to the US Senate: we need a GDPR for the United States
A ruling of the European Court of Justice this month in the “Facebook fan page case” exposes marketers to severe legal risk from programmatic advertising.
Regulatory complaint concerning massive, web-wide data breach by Google and other “ad tech” companies under Europe’s GDPR
[et_pb_section fb_built="1" fullwidth="on" _builder_version="3.22" use_background_color_gradient="on" background_color_gradient_start="#00010c" background_color_gradient_end="#2f0051" background_color_gradient_direction="14deg" custom_padding="0px|0px|40px|0px"][et_pb_fullwidth_post_title comments="off" featured_image="off" text_color="light" _builder_version="4.0.11" title_font="Poppins|500|||||||" title_text_align="center" title_font_size="46px" meta_font="Muli||||||||" meta_text_align="center" meta_text_color="rgba(255,255,255,0.8)" meta_font_size="18px" text_orientation="center" max_width="80%" max_width_tablet="" max_width_phone="" max_width_last_edited="on|phone" module_alignment="center" custom_padding="|||" hover_enabled="0" title_font_size_tablet="" title_font_size_phone="32px" title_font_size_last_edited="on|desktop"] [/et_pb_fullwidth_post_title][/et_pb_section][et_pb_section fb_built="1" custom_padding_last_edited="on|phone" admin_label="section" _builder_version="3.22" custom_padding="0px|4vw|0px|4vw" custom_padding_tablet="" custom_padding_phone="|0px||0px"][et_pb_row custom_padding_last_edited="on|desktop" _builder_version="3.25" background_size="initial" background_position="top_left" background_repeat="repeat" custom_padding="4em|||" custom_padding_tablet="" custom_padding_phone="|0px||0px" custom_width_px="700px" column_structure="1_4,3_4"][et_pb_column type="1_4" _builder_version="3.25" background_position="top_left" custom_padding="|||" custom_padding__hover="|||"][et_pb_text admin_label="RTB links" … Continue reading Regulatory complaint concerning massive, web-wide data breach by Google and other “ad tech” companies under Europe’s GDPR
Europe’s top court signals new risk for marketers from ad tech
A ruling of the European Court of Justice this month in the “Facebook fan page case” exposes marketers to severe legal risk from programmatic advertising.
Facebook and adtech face a turbulent time in Europe’s courts: the Brussels case.
This note examines a Belgian court ruling against Facebook's tracking and approach to consent. Facebook and adtech companies should expect tough sanctions when they find themselves before European courts - unless they change their current approach to data protection and the GDPR. Facebook is playing a dangerous game of “chicken” with the regulators. First, it has begun to confront users in … Continue reading Facebook and adtech face a turbulent time in Europe’s courts: the Brussels case.
Risks in IAB Europe’s proposed consent mechanism
This note examines the recently published IAB “transparency and consent” proposal. Major flaws render the system unworkable. The real issue is what should be done with the vast majority of the audience who will not give consent. Publishers would have no control (and are expected to blindly trust 2,000+ adtech companies) The adtech companies[1] who drafted … Continue reading Risks in IAB Europe’s proposed consent mechanism
Adtech must change to protect publishers under the GDPR (IAPP podcast)
The follow up to the International Association of Privacy Professionals' most listened to podcast of 2017. Angelique Carson of the International Association of Privacy Professionals quizzes PageFair's Dr Johnny Ryan on the crisis facing publishers, as they grapple with adtech vendors and attendant risks ahead of the GDPR. The podcast covers: Why personal data can not be used without … Continue reading Adtech must change to protect publishers under the GDPR (IAPP podcast)
PageFair’s long letter to the Article 29 Working Party
This note discusses a letter that PageFair submitted to the Article 29 Working Party. The answers may shape the future of the adtech industry. Eventually the data protection authorities of Europe will gain a thorough understanding of the adtech industry, and enforce data protection upon it. This will change how the industry works. Until then, we are in … Continue reading PageFair’s long letter to the Article 29 Working Party
GDPR’s non-tracking cookie banners
This note outlines how an anomaly in European law will impact cookie storage and presents wireframes of permission requests for non-tracking cookies. Online media will soon find itself in an anomalous position. It will be necessary to apply the GDPR’s consent requirements to cookies that reveal no personal data, even though the GDPR was not … Continue reading GDPR’s non-tracking cookie banners
GDPR consent design: how granular must adtech opt-ins be?
This note examines the range of distinct adtech data processing purposes that will require opt-in under the GDPR.[1] In late 2017 the Article 29 Working Party cautioned that “data subjects should be free to choose which purpose they accept, rather than having to consent to a bundle of processing purposes”.[2] Consent requests for multiple purposes … Continue reading GDPR consent design: how granular must adtech opt-ins be?
Adtech consent is meaningless unless one stops data leakage
Websites and advertisers can not prevent personal data from leaking in programmatic advertising. If not fixed, this will render consent to use personal data meaningless. The GDPR applies the principle of transparency:[1] People must be able to easily learn who has their personal data, and what they are doing with it. Equally importantly, people must have surety … Continue reading Adtech consent is meaningless unless one stops data leakage
Research result: what percentage will consent to tracking for advertising?
This note presents the results of a survey of 300+ publishers, adtech, brands, and various others, on whether users will consent to tracking under the GDPR and the ePrivacy Regulation. In early August we published a note on consent, and asked whether people would click "yes". We would like to thank the 300+ colleagues who … Continue reading Research result: what percentage will consent to tracking for advertising?
How the GDPR will disrupt Google and Facebook
Google and Facebook will be disrupted by the new European data protection rules that are due to apply in May 2018. This note explains how. Google and Facebook will be unable to use the personal data they hold for advertising purposes without user permission. This is an acute challenge because, contrary to what some commentators have assumed, they cannot use a “service-wide” opt-in for … Continue reading How the GDPR will disrupt Google and Facebook
Here is what GDPR consent dialogues could look like. Will people click yes?
THIS NOTE HAS NOW BEEN SUPERSEDED BY A A MORE RECENT PAGEFAIR INSIDER NOTE ON GDPR CONSENT DIALOGUES. PLEASE REFER TO THE NEW NOTE. This note presents sketches of GDPR consent dialogues, and invites readers to participate in research on whether people will consent. [x_alert heading="Note" type="info"]It is important to note that the dialogue presented … Continue reading Here is what GDPR consent dialogues could look like. Will people click yes?
The 3 biggest challenges in GDPR for online media & advertising
This note explains the three deepest challenges that the online advertising industry must overcome to survive the new European data rules. It also outlines our approach. The General Data Protection Regulation (GDPR) and the ePrivacy Regulation (ePR) pose particular challenges for publishers, brands, and adtech companies. These go beyond the normal gap analysis and security overhaul that other businesses … Continue reading The 3 biggest challenges in GDPR for online media & advertising
Risks to brands under new EU regulations
Brands face serious new risks under the GDPR and the ePrivacy Regulation (ePR), and agencies will not be able to shield them. This note explains why, and describes what these risks are. When the GDPR and the ePrivacy Regulation (ePR) apply a year from now brands that use personal data in their marketing campaigns will become exposed … Continue reading Risks to brands under new EU regulations
Dr Johnny Ryan FRHistS 