Browsing the internet has never been free, but are online ads ready to get any less scary?

A decision on consent buttons comes as advertisers scramble to cater to a world that wants more privacy.

Surfing the Internet has never really been free. Every time you visit a website, a silent auction for your eyeballs is held to show you an advertisement that actually charges you with your personal information. Location, birthday, browsing data and more are broadcast to hundreds of providers in a millisecond. The practice has flourished even in Europe, which has the strictest privacy laws in the world. The reason: Internet users here click on a special “consent” button on most sites; they’re everywhere and slightly annoying in a system devised two years ago by a Brussels-based advertising association to help advertisers comply with European privacy laws. Today, the Belgian data protection authority, along with 27 European Union agencies, officially declared this tactic illegal. The data collected by these buttons should also be deleted.(1)

That’s great news for privacy campaigners, assuming the decision is upheld by the court following the ad group’s likely challenge. It could spell the end of companies sharing your personal data in these scary auctions, or at least sharing less of it. But it also poses a whole new dilemma for advertisers already struggling to deal with privacy changes from Apple Inc., and others in Alphabet Inc.’s Google pipeline.

Privacy advocates have argued for years that consent buttons give a semblance of legality to what is, in effect, a gateway to surveillance advertising. So-called real-time auctions for our personal data account for the bulk of Europe’s 64 billion euro ($73 billion) advertising market, according to the European branch of the Interactive Advertising Bureau, the trade body that created the consent tool.

Here’s an example of how the tool works: Visit the main Formula 1 racing website and you’ll see a pop-up called ‘Your choices regarding cookies on this site’, with specific information on how F1 handles your personal data. for ad targeting. You can choose to accept or manage your settings, and the latter brings up a long list of obscure companies with names like Yieldlove GmbH and Wizaly, which offer to show you ads based on a broadcast of your personal data.

Want to stop all this? You can click a series of buttons to block them, but it’s time consuming and very confusing. That was part of the problem, according to the Belgians, who took up the matter because IAB Europe is based there. An ad tech company’s “legitimate” interest in profiling a person for an ad outweighed that person’s basic rights and freedom to have their data shared in online auctions.

Regulators have long complained that consent buttons violate EU General Data Protection Regulation law, but now there’s an official ruling. This paves the way for lawsuits against ad companies that continue to use it, as well as more targeted enforcement by regulators. The activists came straight out the door. The Irish Council for Civil Liberties and the Electronic Privacy Information Center in Washington DC, two not-for-profit privacy groups, demanded in an open letter Thursday to several of the world’s biggest advertisers, including Unilever Plc and Procter & Gamble Co., that they delete all personal data collected using the consent tool.

Unilever declined to comment. P&G did not respond to a request for comment.

“The problem is that the system transmits personal data to a large number of companies,” says Johnny Ryan, director of the Irish Council for Civil Liberties which co-filed the initial complaint against the system.

IAB Europe, the advertising association that developed the tool, called the decision “bad law” and said it was considering all of its legal options. He has six months to come up with an alternative system, but Ryan says the Belgians expressed skepticism in their 127-page decision. (2) IAB Europe did not respond to a question about the likely acceptance of its new system.

Much remains unclear. For example, do advertisers such as P&G, Unilever or Google really have to delete the data they have collected via consent buttons? Garrett Johnson, a marketing professor at Boston University’s Questrom School of Business who studied the decision, says that’s probably not the case.

Even so, the issue adds to a growing pile of issues that make online advertising a more legally daunting activity, threatening to disrupt a pattern that has powered large swaths of the internet for years.

It also highlights how a global push for better privacy is finally causing a sea change in the way the online advertising market works. Last week, Meta Platforms Inc. said Apple’s privacy changes would slash Facebook’s revenue by $10 billion this year. Google also plans to block user tracking technology known as third-party cookies from its popular Chrome browser in 2023. And the state of California is preparing legislation to take effect in 2023 that gives consumers new power to limit sharing. personal information to advertisers.

This will be a painful transition for advertisers. It could also benefit big companies like Google that have the resources to comply with complex new rules. But consumers deserve a break from being stalked on the internet. A step towards respecting their privacy also pushes us towards a healthier Internet.

“The future seems to be much more privacy-centric,” says Christian Selchau-Hansen, chief executive of online marketing firm Formation Inc., which works with companies on customer loyalty programs. “We are at the start of this. The future seems to be one where people and consumers will have much more control over their data. Practices around third-party data, sometimes collected without consent, these things will either go away or change drastically. »

Parmy Olson is a Bloomberg Opinion columnist covering technology. She previously worked for the Wall Street Journal and Forbes and is the author of “We Are Anonymous”.