Today I filed a formal complaint against #YouTube with the Irish Data Protection Commissioner for their illegal deployment of #adblock detection technologies.
Under Article 5(3) of 2002/58/EC YouTube are legally obligated to obtain consent before storing or accessing information already stored on an end user's terminal equipment unless it is strictly necessary for the provisions of the requested service.
In 2016 the EU Commission confirmed in writing that adblock detection requires consent.
As I understand it, detecting an adblocker is a form of fingerprinting. Fingerprinting like this is a privacy violation unless there is first a consent process.
The outcome of this will be that consent for the detecting will be added to the TOS or as a modal and failing to consent will give up access to the service. It won’t change Youtube’s behavior, I don’t think. But it could result in users being able to opt out of the anti-adblock… just that it also might be opting out of all of YouTube when they do it.
I’m all for this protection but for the sake of argument isn’t use of the service consent to begin with? Or is that the American argument around these types of regulation?
I’m a pihole, vpn, adblock and invidious user ftr… 😂
That’s how the corporate-written laws in the USA handle it most likely. The EU actually has some amount of consumer protection. Burying it in a 100 page terms of service document doesn’t count as consent either.
As I understand it, detecting an adblocker is a form of fingerprinting. Fingerprinting like this is a privacy violation unless there is first a consent process.
The outcome of this will be that consent for the detecting will be added to the TOS or as a modal and failing to consent will give up access to the service. It won’t change Youtube’s behavior, I don’t think. But it could result in users being able to opt out of the anti-adblock… just that it also might be opting out of all of YouTube when they do it.
I’m all for this protection but for the sake of argument isn’t use of the service consent to begin with? Or is that the American argument around these types of regulation?
I’m a pihole, vpn, adblock and invidious user ftr… 😂
That’s how the corporate-written laws in the USA handle it most likely. The EU actually has some amount of consumer protection. Burying it in a 100 page terms of service document doesn’t count as consent either.
It depends on the context, but generally you require explicit permission for data-related stuff which means something like a checkbox or a signature.