Avoiding the scope of the ePrivacy Directive in advertising

Sergio Maldonado of Privacycloud discusses AI-driven anonymisation, server-side solutions, and the recently adopted EDPB ePrivacy Directive Guidelines in the context of tracking.

The European Data Protection Board’s (EDPB) October 2024 Guidelines on the Technical Scope of Art. 5(3) address the emergence of new tracking methods to replace cookies. In light of the Guidelines, a blanket consent requirement will now be triggered by any act of temporary storage or access on a data subject’s device. This goes well beyond the use of cookies, encompassing multiple practices that many considered either privacy-preserving or mostly innocuous and inherent to the inner workings of the Internet (including pixels, local processing, URL parameters, or browser-based APIs).

A good illustration of the former is Protected Audiences, an API (or Application Programming Interface) developed over the past few years under the umbrella of Chrome’s Privacy Sandbox. A recent Boston University study has concluded that such protocol, which does not track devices individually, can be just as effective as a means of retargeting as third-party cookies, provided that a significant number of publishers adopt it. It is however unlikely that such adoption will materialise in the short term, or that there is any benefit in making the effort, given that consent will still be required.

Continue Reading

International Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe