
GDPR will pop the adtech bubble - mpweiher
http://blogs.harvard.edu/doc/2018/05/12/gdpr/
======
rossdavidh
Oddly, I think the article underestimates the size of the change coming. I
think one side affect of the surge of IT into advertising, is that it has
become easier to measure exactly how well advertising works. By and large, it
doesn't, very well.

I am reminded of this, from Paul Graham, about his time at Yahoo:
[http://www.paulgraham.com/yahoo.html](http://www.paulgraham.com/yahoo.html)

"...The reason Yahoo didn't care about a technique that extracted the full
value of traffic was that advertisers were already overpaying for it. If Yahoo
merely extracted the actual value, they'd have made less."

I'm pretty sure that, the more we learn about how well advertising works, the
less money people will be willing to pay for it. What's happening to
billboards and newspapers right now is probably coming to several other
industries soon.

~~~
madeofpalk
> By and large, it doesn't, very well.

I know Twitter isn't known for being the best at advertising, but it was made
exceptionally clear to me that online advertising is a massive bunch of lies
when I did my GDPR Twitter data export and it included me in a bunch of
incorrect, non-sensical and contradictory ad targeting groups.

Twitter claims I:

    
    
        * Own a cat, dog and other animal (I don't)
        * Have between $100k- $999k liquid investible assets (I don't)
        * Have a net worth between $1 and $1m (cool - I own *something*)
        * Am highly affluent (/shrug)
        * Am a high spender (okay...)
        * Am a frugal spender  (...but how can I be both a high spender AND frugal)
        * Own a house (I don't)
        * Have multiple families (I don't)
    
    

I was very disappointed that the Google and Facebook data exports don't
contain this data. Maybe it's for their best.

~~~
wdr1
> GDPR Twitter data export and it included me in a bunch of incorrect, non-
> sensical and contradictory ad targeting groups.

This is expected. It's not desirable, but it is expected.

The problem is your comparing it to an absolute. I.e. to perfect.

If advertisers had that choice, they would love it. They generally don't.
Remarketing is kinda close, but limits the scale.

Rather, the only other scalable options are __far __worse. Think about it.
What are the marketers other choices?

The one that should come to mind, and the one they spend most of their money:
TV.

With TV you pick up a _huge_ amount of waste. Say you buy a spot on Big Bang
because you want people thinking of buying a new iPhone. Not a big stretch,
right? At the same time thinking of all the other people they __have __to buy,
who watch the ad, and aren 't buying an iPhone. It's waste.

And that waste is _huge_ relative to what you're talking about above.

So you're asking the wrong question here. It's not how good is the targeting
in terms of precision/recall. The question is what's better?

The waste here is generally known & its priced accordingly.

> I was very disappointed that the Google and Facebook data exports don't
> contain this data.

It's in my Facebook export. Under "Information About You" did you uncheck
"Ads"?

That's where the information is contained & it's checked by default.

You can also view it here for both FB & Google, as well as opt of both:

[https://adssettings.google.com/authenticated?hl=en](https://adssettings.google.com/authenticated?hl=en)

[https://www.facebook.com/about/basics/advertising](https://www.facebook.com/about/basics/advertising)

~~~
tjoff
> What are the marketers other choices?

Advertise on a tech site, 80+% will be interested in tech.

Advertise on a dog community site is probably pretty spot on if you want to
target dog owners...

Far better than what, 5% ? This isn't rocket science, we sold everyones
integrity for pennies.

> who watch the ad, and aren't buying an iPhone. It's waste.

No, advertisements like that are more about selling the brand than selling
iphones. Something TV is probably pretty good for.

~~~
wdr1
> Advertise on a dog community site is probably pretty spot on if you want to
> target dog owners...

Big brands struggle with UGC. Witness the events of YouTube & brand safety.

But even without that, what you're saying just isn't scalable. What community
site can reach even 50% of dog owners -- let alone what a primtetime sitcom or
YouTube can reach?

> No, advertisements like that are more about selling the brand than selling
> iphones. Something TV is probably pretty good for.

What? Sure, they have campaigns running for awareness, recall, perception.

But you're really saying Apple doesn't _dramatically_ increase its spend when
a new phone is released? That's poppycock.

~~~
tjoff
Only google et al cares about scalability, everyone else cares about results.
Only google needs to sell ads without any knowledge about the product or
audience, this scales extremely well but leads to poor results.

> But you're really saying Apple doesn't dramatically increase its spend when
> a new phone is released? That's poppycock.

When is the best time to sell the brand? When your flagship is a year old and
still costs as much as on launch day and when the competition has surpassed
you? Hardly.

------
manigandham
It won't do much. It'll definitely get rid of some low-value companies but
that's about it.

People think that adtech has some incredible insights but 99% of data is
terrible. If you check your profile at any major site, you'll quickly find
that you're probably in several conflicting segments that have nothing to do
with you. Context is still king for any marketer who knows what they're doing,
but unfortunately the industry is overwhelmed with subpar talent and politics
through layers of agencies that buy buzzwords like "AI" and "data". Barely any
adtech companies have a direct link to a person, and any links that did exist
are even harder now with adblocking, 3rd party cookie deletion, ephemeral
mobile device ids, IP renewals, and other noisy and loose signals.

Interestingly, big companies like Facebook and Google that have user logins
and 1st party data connections will actually benefit from the higher industry
regulation and are not going to lose any of the data that users willingly give
to them. ISPs are another major source of data, along with credit agencies and
banks, and now giant ecommerce companies like Walmart and Amazon, all of which
have very accurate and exhaustive histories and will see little change from
GDPR. Overall it's well-intentioned, and good progress, but what it will do is
vastly overstated.

~~~
Vinnl
What you're describing sounds very much like a bubble that is going to pop...

~~~
manigandham
I said that GDPR will not affect much, other than a few companies that add up
to a microscopic market share. Where's the bubble?

~~~
Vinnl
The bubble is those companies, although I guess the original article would
argue that their market share is (currently) not microscopic.

~~~
eli
It's hard to overstate how dominant Facebook and Google are in online ads.

------
solomatov
One surprising side effect of this might be that the hordes of machine
learners and data scientists who used to work for adtech might go to
healthcare/bioinformatics where we might get new breakthroughs.

~~~
tzs
They can still use sufficiently anonymized data under GDPR. They also will
have data from people who have consented to have their data used. They will
also have data from visitors who are not in the Union.

I would not at all be surprised if this is enough for the machine learning and
data science people to be effective, especially at very high traffic sites
like Facebook and Twitter.

~~~
TheForumTroll
I don't believe for a second that they can make the data "sufficiently
anonymized". That is extremely hard and pretty much every time "sufficiently
anonymized" data gets leaked it turns out it weasn't sufficiently anonymized
after all.

------
qwerty456127
> tracking people without their knowledge, approval or a court order is just
> flat-out wrong.

Requiring them to check an "I agree to be tracked" checkbox and signing an
agreement (which has just happened to me yesterday in an EU country in
accordance to GDPR) before they can use a product/service is hardly much
better. This reminds me of the Android app permission system which requires
you to allow an app to do everything it wants (including ridiculous
requirements like when a game requires access to your contacts list) or just
give up the idea of installing it (as for me I just grant the permissions at
the installation time and then block everything redundant with XPrivacy). So I
doubt it is going to do much good, a way like the cookie law doesn't really do
anything but just introduces useless cookie warning banners.

~~~
icebraining
_Requiring them to check an "I agree to be tracked" checkbox and signing an
agreement (which has just happened to me yesterday in an EU country in
accordance to GDPR) before they can use a product/service is hardly much
better._

That's specifically not allowed under the GDPR. Either the information is
needed to provide the service (and needed means actually needed, not "my
business model depends on it"), in which case they don't need to ask, or the
use of the service can't depend on that consent.

(By the way, even if the information is needed, they still need consent to use
it in other ways, and the same applies)

See the ICO guidelines on the issue: "If you make consent a precondition of a
service, it is unlikely to be the most appropriate lawful basis."

[https://ico.org.uk/for-organisations/guide-to-the-general-
da...](https://ico.org.uk/for-organisations/guide-to-the-general-data-
protection-regulation-gdpr/lawful-basis-for-processing/consent/)

~~~
qwerty456127
I have visited a drugstore to buy some vitamins yesterday. They have handled
me a touch-screen where I had to check a checkbox (saying that I agree to
allow my medicines shopping history to be stored and analyzed to track my
health (which I obviously don't want them to do actually)) and an electronic
signature tablet with a stylus where I had to put my signature. This was a
mandatory condition for continuing using a discount card that gives bonuses
when you buy meds. I could opt-out but this would mean I won't be given
discounts any more.

~~~
icebraining
That's a good question, I don't know if it's valid to offer discounts and such
in exchange for consent. It goes against the EU principles ("personal
information cannot be conceived as a mere economic asset"), but I'm not sure
if the law actually prevents it.

~~~
PeterisP
One of the criteria for freely given consent is that the customer must be able
to revoke it at any time without detriment.

If revoking consent causes a detriment, then it's not freely given, and so
that "consent" isn't sufficient to grant the data controller a legal
permission to use that data.

Quoting recital 42 from [https://gdpr-info.eu/recitals/no-42/](https://gdpr-
info.eu/recitals/no-42/) "[...] Consent should not be regarded as freely given
if the data subject has no genuine or free choice or is unable to refuse or
withdraw consent without detriment.", so it's quite explicit.

~~~
zaarn
I think a minor discount would probably fly (under 15% or so) or atleast
defendable to the regulatory bodies.

Bigger discounts would be a problem since that would be more of a detriment.

------
islanderfun
Completely oblivious and ignorant here:

If a company has no official office in Europe, how does this affect them? All
advertisement and business focus is say only in the US, is it business as
usual? What if an EU citizen decides to sign up?

Are US companies forced to deny customers not par of say an IP block (half
assed method I know, but just speaking in general)?

~~~
isostatic
As long as you don't target EU customers, you're fine.

~~~
sunsetMurk
Do you have any references/citations for this?

Would help me out! I'm trying to put together a one-pager for my team.

~~~
isostatic
When the regulation does not apply

Your company is service provider based outside the EU. It provides services to
customers outside the EU. Its clients can use its services when they travel to
other countries, including within the EU. Provided your company doesn't
specifically target its services at individuals in the EU, it is not subject
to the rules of the GDPR.

[https://ec.europa.eu/info/law/law-topic/data-
protection/refo...](https://ec.europa.eu/info/law/law-topic/data-
protection/reform/rules-business-and-organisations/application-regulation/who-
does-data-protection-law-apply_en)

IANAL etc

------
fanf2
> _perhaps a $trillion or more has been spent on adtech, and not one brand
> known to the world has been made by it_

Google.

~~~
adventured
You can add Alibaba, Baidu and Toutiao to that list. Nearly all of their
revenue comes from adtech. Just three platforms used by a billion people.
Yahoo was also made possible by adtech, it was / is a brand known to over a
billion people.

Facebook, Twitter, Snapchat - they only exist courtesy of their adtech.

Can you imagine how difficult it would be for Twitter to sustain itself with a
paid model? There's such an extreme imbalance between the people that post
regularly and are power users, vs people that just occasionally consume. The
median user that reads a few tweets per day - at best - is never going to pay
$60 or $100 per year for that product. Even if you have five million power
users on there paying $100 per year, Twitter instantly goes bankrupt, they
could never charge enough.

~~~
tomtheelder
Out of the three you listed, only one has actually made money. Snapchat and
Twitter have lost incredible amounts.

Also, I think what the article is suggesting is that brands don't typically
get built on the back of advertising _initially_. All three of those started
without it and added it in later once they were highly entrenched to try to
monetize.

I still don't think it was a very good point in the article, though.

~~~
jamiequint
Twitter has been net income positive each of the last two quarters.

------
Animats
From one of the references in the article:

 _The Google consent interface greets site visitors with a request to use data
to tailor advertising, with equally prominent “no” and “yes” buttons. If a
reader declines to be tracked, he or she sees a notice saying the ads will be
less relevant and asking to “agree” or go back to the previous page._

~~~
guitarbill
Adtech is a joke. Even targeted ads are so irrelevant to the point where I
don't think most people can tell if they're random or not. Except when the
creepiness kicks in, because they show you ads for this one thing you googled
a week ago.

Google can't get it right. Their ads suck, and their Youtube suggestions
aren't much better. Amazon can't get suggestions right in their own store.

The whole ad industry is a joke. Most people I know do not watch TV anymore,
not because of the content, but because of ads. I enjoy reading magazines, but
I don't bother anymore because they got full of ads. Now I read books instead.
Most Youtubers either have some kind of sponsoring directly in the video, or a
Patreon because Youtube ads are clearly awful and ineffective.

I think Patreon and Netflix et al. proves quite nicely that enough people are
willing to pay for quality content without ads. For the companies who want to
market stuff, I don't have a solution (otherwise I'd be rich), but I do know
I'll go to great lengths to avoid seeing your shitty ads.

~~~
mayniac
I honestly think this is very, very user dependent. Mainly because if Google's
ad tech wasn't working, they wouldn't be making so much money....

You, I, and everyone else on this site don't represent the average user.
Personally whenever I Google something out of curiosity as a one-off thing
(e.g. "lyrics to Rasputin by Boney M" or "0-60 of a Golf GTI") I switch to in-
cognito, just because I've noticed that Google isn't currently tracking stuff
like that by IP. This way I don't get recommended Boney M videos in YouTube or
adverts for cars I don't actually have an interest in elsewhere. And that's on
top of uBlock, Disconnect, Privacy Badger, and a Pi-Hole on my home network.
But I work in cyber security and I am in no way a "normal" internet user. Same
with TV, I'm a cord-cutter with Plex running on a VPS: meanwhile everybody I
know who doesn't work in tech just watches TV normally.

Pretty much everyone on this site saying "advertising doesn't work" is right
that it probably isn't as effective for them because they've been taking
counter-measures for years, but millions (possibly billions) of normal
internet users do click on ads, or have their purchases influenced by ads.

I do agree with Patreon and Netflix, they're fantastic business models. Add
Spotify to the mix too: although the renumeration they give to artists is
laughable, it's a fantastic platform which has gotten me to actually pay for
music for the first time in about a decade.

~~~
skrause
> _I switch to in-cognito, just because I 've noticed that Google isn't
> currently tracking stuff like that by IP. This way I don't get recommended
> Boney M videos in YouTube or adverts for cars I don't actually have an
> interest in elsewhere._

If you go through all that trouble, why don't you simply turn off personalized
ads? [https://adssettings.google.com/](https://adssettings.google.com/)

~~~
mayniac
I already have. But I like to double up on my privacy controls where possible,
just in case. Opening up incognito takes a fraction of a second more, it's
become part of my workflow.

~~~
Satam
Yeah, that's definitely the reason why it has become part of the workflow ;)

------
Animats
From the article, it looks like the big winners in this will be companies
which both run ads and have customer accounts. Google and Facebook, basically.
Companies which have no relationship with the customer have no way to ask for
permission to use customer data. This is a killer for third-party adtech
companies which need that permission.

So the middlemen get cut out, and advertisers deal with Google and Facebook
directly.

------
tzakrajs
Tracking cookies gave the ability for small advertisers to understand their
customers and their other consumption in ways that only the largest marketers
could.

The author thinks big brands are everything and can't see how letting smaller
players sell to customers could help the economy. He uses an arbitrary
standard of privacy to argue on the behalf of the largest household brands. I
think he's missing the forest for the trees.

~~~
icebraining
Can you flesh that out a bit more? What are those ways?

~~~
tzakrajs
Customer focus groups. Literally paying customers to spend time with staff to
learn their habits and thoughts about the advertising. The big brands have the
funds and expertise to directly gather enough data to come up with strong
predictors of behavior.

~~~
icebraining
Focus groups are always made with the consent of the participants, though. You
can still use tracking cookies if you also get consent.

~~~
tzakrajs
You use the word "though", but I don't see how your argument doesn't integrate
with mine. Can you tell me what I am missing?

------
natural219
One other fundamental shift that information technology makes to advertising
is that digital tools, reviews, and marketplaces somewhat undermine some
primary functions of advertising. I no longer care about brand or advertising
information when buying commodity products on Amazon; I simply sort by # of
reviews * avg score, read a sample of reviews at each star level, and I
already have a general picture of the product's quality and consumer
satisfaction.

The parts of advertising meant to demonstrate "Hey, we're a quality company
that can afford this prestigious advertising slot, therefore the reliability
of our products is assured" has been eaten by frictionless digital review
platforms. Of course, advertising and branding serve other purposes as well,
and will always be some part of the purchasing decision. But social software
and AI will likely continue getting better at matching consumers with products
over time.

~~~
genericone
I think that is coming back, however, as the whole fake Amazon review scandal
continues to play out and demonstrate that anonymous reviews in an open
digital marketplace are no replacement for a trusted brand. Not better and not
worse, whether it is reviews or brands, at the end of the day its simply
another way to gauge 'potential' product quality. Sometimes good brands screw
you over with shitty products, sometimes bad manufacturers hire fake reviewers
to shill for them.

------
chrononaut
I wonder how many "parts" of the Internet are simply going to be inaccessible
over the course of the year to individuals residing within the EU as websites
take a rudimentary "block all EU traffic" approach as a first swing at
preventing their services from being offered to EU residents.

~~~
Zooper
Just be sure to marvel at the speed with which they're all simply replaced.

~~~
dabockster
Another gold rush? Count me in!

------
keldaris
I don't quite share the level of optimism the author seems to have, but I hope
he's right. If so, good riddance, just a shame it took this long.

------
joering2
Something tells me it will be similar to the fear mongering of cookies
policies circa 2014.

Meanwhile as ICO reporting, only on average 50 companies/sites have been
investigated and punished, per year.

[https://ico.org.uk/action-weve-taken/cookies/](https://ico.org.uk/action-
weve-taken/cookies/)

Most likely with GDPR being so damn popular, they will be overloaded on day
one. Heck, I personally have 5 different emailers I never provided my email
to, that I just wait for the end of May to report! Do I believe each will be
prosecuted and extracted out of $25MM in penalties ? Nope.

------
adamnemecek
...and nothing of value was lost.

------
jknoepfler
Although I like the GDPR and would support similar legislation in my country,
I honestly don't see the gloom and doom story. The EU market is a small part
of the global story, and while this change clearly makes that market harder to
enter, the article doesn't make the case that the EU represents a sufficient
share of the adtech market to pop a bubble.

In general it's easy to believe negative press about hated entities (for
example, see liberal credulity about Trump's vulnerability in the US). I don't
see the argument passing the bar for evidende, whether or not I want to
believe it.

edit: the argument that adtech stinks is not evidence in support of the
article's thesis. crappiness is not a predictor of a bubble, and the author
makes no attempt to connect the idea that ad tech stinks (which is stated ad
nauseum) with the claim that the GDPR will bring about a global sea change for
adtech)

~~~
PeterisP
EU market is something like 25% of all the global market revenue, both for
total industry and for the main international players individually. 25% of
total revenue _is_ large enough to adapt instead of avoiding the market, and
it would be expected that every multinational player will be compliant, and
thus also require their suppliers to be compliant - i.e. Google won't be
buying data from a random adtech company if it might be "contaminated" with EU
data obtained without proper procedures, the potential financial risk is just
too great.

------
JulianMorrison
I felt the point that adtech isn't advertising, but direct marketing, deserves
to be called out as important.

------
dpq
I'll play the devil's advocate and say that I'm actually disappointed by this
development. A very long time ago when AdSense was young I was thrilled by the
idea that instead of being bombarded by stupid ads designed to cater to morons
people (including myself) will be getting relevant ads - ideally, ads about
stuff that I am actually willing to buy right now. Kinda like legilimency. Too
bad that this will be impossible for a long time to come now.

~~~
mpweiher
Hmmm...just target it to the content of the site?

Just like targeting search ads to be relevant to the search?

~~~
radesta
There are many sites which are topic agnostic, others which have less text and
therefore are more difficult to classify by ad crawlers and target based on
topic.

It's also difficult to conceive enough advertisers on the demand side for many
niches. In this scenario targeted advertisement would fill in for the lack of
demand

------
peteretep
> I just said greatly simplifies what the GDPR actually utters, in
> bureaucratic legalese

You can read and understand the whole thing in about 30m, as a lay-person.

------
njx
Tracking IP address for SAAS companies is important for defending chargeback
claims.

For e.g when a customer demands a chargeback through their bank, Stripe notes
down the IP address of every transaction. It is important to note this IP
address and check if the user created an account using the same IP address.
How are SAAS companies to provide sufficient usage proof when it comes to
defend chargebacks?

~~~
dangrossman
You would be allowed to track IP addresses to prevent fraud. This is from
Recital 47 of the GDPR:

"The processing of personal data strictly necessary for the purposes of
preventing fraud also constitutes a legitimate interest of the data controller
concerned."

"Legitimate interest" is one of the legal bases for processing personal data
under the new regulation.

------
Steeeve
For a long time I've been saying that we can do better with online advertising
and revenue generation - and that there's a wide open market for the startup
providing the solution.

There are a lot of practices that are distasteful that simply don't provide
value that overrides their distastefulness.

But quite simply the revenue is there to be had, and nobody is going to
venture off in a new direction when you can make easy money doing exactly what
everybody else is doing.

The market may shift with GDPR, or it may just shift in europe. Or maybe the
market doesn't shift at all, but some company policies change. I think in the
end what causes the current incarnation of internet advertising to go away is
going to just be a better idea.

------
b1daly
The real answers here should be in the data, but as an anecdote I experienced
something that genuinely impressed me the other day.

I’m in the market for a new mattress, and the other day on a whim I stopped at
a mattress store (in real life). After I left the store, within an hour, I
looked at a site I commonly look at (a political site), and saw a banner ad
for the mattress store company.

In any case, it’s hard for me to believe that targeted advertising doesn’t
work, because without it, I see adds in product categories I will never buy
in.

~~~
Moru
On the other hand I'm not in the market for a new mattress but I see
advertisement for it everywhere. Might it just be that mattress ads are common
this time of the year? A quick check of one of scandinavias more known bed and
furniture chains (if ikea does not count...) shows they are having a sale of
mattresses right now so if I didn't have ads blocked I would probably have
seen some.

------
just_observing
Off-topic: A responsive website for Doc Searls would be welcome.

------
tomrod
I've been anticipating something like an ad-tech bubble pop for years -- most
digital ads don't seem to add much by way of tangible value and hijack the
decrease to information-acquisition costs that make the Internet a value-add
on society.

Oh, I'm not saying no one was ever influenced by digital ads, only that the
wholesale adoption appears to be driven less by an understanding of their lift
and more by "fear of missing out" by companies.

------
harrumph
Aside from generating revenue for what are surely wasted impressions, why does
the online ad industry constantly show users web ads for things they've
already purchased?

Does this not represent conspicuously wasted spend on the part of these
advertisers? It's been going on since the DoubleClick days and never ends. How
can this industry bill clients with a straight face when their display
decisions are made this crudely?

------
booleandilemma
This makes me glad I work for a company that makes money selling an actual
product, and not just selling people’s data to the highest bidder.

------
zerostar07
GDPR may cause a drop in tracking-based ads, but websites can then just
increase the number of ad slots for display and content-based ads. So what's
changing is that the user is forced to choose between "less ads with tracking"
and "more ads , no tracking". That 's not against the GDPR.

So, expect more ad-tech, not less.

------
matchagaucho
The second order effects of GDPR could actually be a boon to IT and tech:

    
    
      * Accounts Payable analytics (should I pay this ad bill?)
      * More Pay-per-Action (PPA). Less Pay-Per-View (PPV)
      * Standardized pixel tracking managed by Advertisers
      * Bot vs human agent detection (who/what actually viewed this ad?)

------
imrawr
I work for a large adtech company. It's funny how people think they're
tracked. Besides websites like Google and Facebook there is no personal
information stored. No emails, no names, no way to figure out who that person
actual is. Not sure why everyone is freaked out about personalized ads.

------
pawurb
I've just published a post about how I prepare my blog and side-project for
GDPR:

[https://news.ycombinator.com/item?id=17063156](https://news.ycombinator.com/item?id=17063156)

------
beezle
Surprised the pop up doesn't say "agree to tracking and you'll be shown fewer
and more relevant ads" and when they click decline "you will see 2x as many
ads, are you sure?". Hardball!

------
uvesten
Finally!

------
chinathrow
Can anyone from an adtech company shine some light on what work life is right
now with the deadline of May 25 approaching? Curious to learn more.

------
Confiks
The introduction of the article itself reads as an advertisement for shorting
"adtech". What stock would you propose that would be?

------
jakeogh
Surreal to see people cheering on an attack on memory itself.

[https://www.youtube.com/watch?v=gbYXBJOFgeI](https://www.youtube.com/watch?v=gbYXBJOFgeI)

~~~
hannasanarion
That link has nothing to do with this.

Also, GDPR has news, archival, public interest, and free speech exceptions,
soooo maybe read the damn thing before posting FUD?

~~~
jakeogh
It really does. This is how incrementalism works so well. The exceptions[0]
you cite are for practical purposes pointless; since you would need to defend
your use of them, and the regulations can be incrementally tightened.

The EU def of free speech is absurd anyway, the recent pug owner who got a
fine for a dog trick is a harbinger.

GDPR is about compliance. It further normalizes the idea that the gov can
regulate memory, all the way down to who visited my property (if I was in the
shrinking EU).

[0] [https://ico.org.uk/for-organisations/guide-to-the-general-
da...](https://ico.org.uk/for-organisations/guide-to-the-general-data-
protection-regulation-gdpr/exemptions/)

------
tzakrajs
> Advertising isn’t personal, and doesn’t have to be.

Customers are being educated by companies, personal experience and news media
why they are seeing the ads they are being shown. Just because advertising
doesn't have to be personal, doesn't make that a sufficient argument for not
doing it.

> Advertising makes brands.

Certainly brands are useful for trust, but often brand dominance blinds
customers from smaller players and solutions. It's a trade-off.

> Advertising carries an economic signal.

Are there no other signals to determine economic strength of a company? Good
advertising should project value and tilt perception in their favor.

> Advertising sponsors media, and those paid by media.

Companies study their customers without cookies to learn where better to
advertise for them. This isn't new because of cookies. Tracking cookies gave
the ability for small advertisers to understand their customers and their
other consumption in ways that only the largest marketers could.

> Adtech is built to undermine the brand value of all the media it uses,
> because it cares about eyeballs more than media, and it causes negative
> associations with brands.

The author keeps making the assumption that strong brands are better than
aligning customers with products that fit them well.

> Adtech wants to be personal. That’s why it’s tracking-based. Though its
> enthusiasts call it “interest-based,” “relevant” and other harmless-sounding
> euphemisms, it relies on tracking people.

The author again is throwing the baby out with the bathwater with no
imagination for regulatory controls to limit the scope of access for customer
data.

> Adtech spies on people and violates their privacy.

Emotional language, privacy is something that isn't monolithic for all people.
There is nuance here.

> Adtech is full of fraud and a vector for malware.

So is the internet at large.

> Adtech incentivizes publications to prioritize “content generation” over
> journalism.

And on the other side of the coin, adtech incentivizes growth of smaller
outfits to be competitive because it allows advertisers to find their
platform. The author failed to mention all of the new media companies that
have sprouted up now that they can compete with larger outfits. Customers have
never had more choice. Who is to say the bias of a large firm is more
advantageous than a smaller firm?

> Intermediators take most of what’s spent on adtech. Bob Hoffman does a great
> job showing how as little as 3¢ of a dollar spent on adtech actually makes
> an “impression. The most generous number I’ve seen is 12¢.

It's not about brand impressions. It's about conversions.

> Adtech gives fake news a business model, because fake news is easier to
> produce than the real kind, and adtech will pay anybody a bounty for hauling
> in eyeballs.

This is being worked on right now by the adtech platforms, it has a ton of
visibility and public interest.

> Adtech incentivizes hate speech and tribalism by giving both—and the
> platforms that host them—a business model too.

Tribalism is not inherently a bad thing. Hate speech is a symptom of hate.
Adtech is not making people hate each other. Hate speech is widely decried and
has tons of visibility and public interest.

> Adtech relies on misdirection.

Again the author implictly is valuing brand presence over customers finding
what they want.

> Compared to advertising, adtech is ugly.

Not ugly == expensive. Is that added cost necessary in helping customers find
the right products and services? If not, it's superfluous.

> Adtech has caused the largest boycott in human history.

Which shows that the system can be worked around by users when it is too
onerous.

------
shawn
_And that’s on top of the main problem: tracking people without their
knowledge, approval or a court order is just flat-out wrong. The fact that it
can be done is no excuse. Nor is the monstrous sum of money made by it._

I use Piwik ([https://github.com/matomo-org/matomo](https://github.com/matomo-
org/matomo)) and track visitors without their knowledge or consent, because I
need analytics. Piwik is also configured to respect the "Do not track" header,
so opting out is as easy as indicating that you don't wish to be tracked.

Is that wrong?

And I use Piwik precisely because it's self-hosted. I know for a fact your
data doesn't get sold, because the data never hits any server except mine.

If this seems acceptable, it's also why legislation seems worrisome. There are
a lot of corner cases that law tends to overlook. But hopefully the
requirements won't be too onerous.

~~~
mulmen
I don't see how self-hosting has anything to do with it honestly. This is
about tracking people without their consent. It's about preserving rights of
individuals. Self hosting is no more or less acceptable than third party
hosting. It's not a technical issue.

~~~
dbbk
So is your position that website owners should have no visiblity at all on
their visitors, and no way of knowing how many people are using it?

~~~
enraged_camel
Website owners can have visibility on their visitors if those visitors
explicitly consent to it.

Not sure what is so difficult to understand about this.

~~~
jamiequint
So if I don't think that Walmart should be able to record me with security
cameras while I'm in the store I should have the right to demand that they ask
me to sign a waiver before entering the store? Shouldn't it be Walmart's right
to do what they want on their property, and my right to decide not to visit
Walmart if I don't agree with that. Isn't the converse an infringement of
Walmart's rights?

~~~
losteric
GDPR has exemptions for security. Your free to track information for the
purposes of blocking vulnerability bots, but only the minimum data required
for that purpose... and your visitor's data cannot be used for other
applications without their consent.

> Shouldn't it be Walmart's right to do what they want on their property, and
> my right to decide not to visit Walmart if I don't agree with that. Isn't
> the converse an infringement of Walmart's rights?

No. Property "rights" are secondary to human rights. Like, Walmart can't
knowingly sell poison as food just because it's their property...

In your example, Walmart is free to record you on security cameras for
security / theft purposes. However, they can't record what you're looking at
and reuse that information for targeted advertising without consent - profling
is simply not required to do business, so your right not to be profiled wins.

~~~
jamiequint
> “they can't record what you're looking at and reuse that information for
> targeted advertising without consent”

What law prevents them from doing this?

~~~
losteric
The actual Walmart? Nothing. The previous poster used Walmart's security
cameras as a strawman argument against GDPR, which I expanded on.

------
jacksmith21006
GDPR will help the big guys not hurt. The smaller guys it will be tough
implmenting and make it more expensive in terms of expense to revenues.

~~~
hadrien01
I took ten minutes to implement GDPR on a small ecommerce website: we deleted
Google Analytics (HTTP logs and carts tracking is more than enough) and
replaced Facebook widgets by a simple link. Newsletter was already opt-in
only, we don't sell private data, and user account deletion was already
possible.

~~~
TylerE
That seems extraordinarily flippant.

I can't imagine giving up Google Analytics for http logs on a content-driven
site.

~~~
robin_reala
Why would you give up on GA? You’re already not allowed to store personal data
in it according to their TOS so (assuming you’re abiding by them) you can just
leave it running.

~~~
hadrien01
By default GA stores IP addresses, so you need to get consent about storing
this personal data. There's a flag you can set to tell Google you want no IP
addresses in your data collection.

------
bitmapbrother
Doc Seals has been proclaiming that the ad tech bubble is going burst every
time he appears on the Gillmor Gang. It's gotten to the point where he now
sounds like a broken record. I guess he thinks that if he repeats it long
enough it'll eventually come true. I'll be looking forward to his follow up
appearances where he backtracks and explains why it hasn't.

------
yuhong
I mention the GDPR briefly in my Google/DoubleClick essay:
[http://yuhongbao.blogspot.ca/2018/04/google-doubleclick-
mozi...](http://yuhongbao.blogspot.ca/2018/04/google-doubleclick-mozilla-
essay-final.html)

------
ohiovr
This combined with this reality: [https://www.reuters.com/article/us-iran-
nuclear-bolton/bolto...](https://www.reuters.com/article/us-iran-nuclear-
bolton/bolton-us-sanctions-possible-on-european-firms-over-iran-idUSKCN1IE0M9)

Means map makers will be in business soon. Might not be a bad idea to get some
potasium iodide.

~~~
trendia
How is this related to GDPR or the adtech bubble?

~~~
ohiovr
Because it makes doing business with europe illegal. Sanctions are war. GPDR
isn't war, but depending on who looks over the laws in europe, giant part of
our economy will be illegal to europe also.

~~~
hannasanarion
Or you can just, delete stuff when people ask you to? That's pretty much the
only new burden of gdpr, and there are plenty of exceptions you can invoke.

------
lajhsdfkl
>Since tracking people took off in the late ’00s, adtech has grown to become a
four-dimensional shell game played by hundreds (or, if you include martech,
thousands) of companies, none of which can see the whole mess, or can control
the fraud, malware and other forms of bad acting that thrive in the midst of
it.

Fraud? Malware? What does this have to do with adtech?

>And that’s on top of the main problem: tracking people without their
knowledge, approval or a court order is just flat-out wrong. The fact that it
can be done is no excuse. Nor is the monstrous sum of money made by it.

What a compelling argument /s. Is it wrong if I sit on my porch and record in
a notebook the hair color of different people? Is it wrong if I observe that
one of my coworkers has a Harley Davidson sticker on his laptop?

There is no AdTech bubble given that Adtech is a completely viable business
model. These laws may shut down third party trackers but Ads are here to stay.
If the EU ads were to create regulation such that Ads become an inviable
business model they would simply tank their own economy given how many
services/ content creators rely on ads.

edit: also I have to laugh since I was downvoted less than 20 seconds after
posting. I'll post another statement that will make people mad

Ads are the reason the web is open and the reason poor people have free access
to information. An ad free web is a web that only rich people can use.

~~~
simion314
The laws would hopefully stop the tracking of users. IS there a good reason
why you can't analyze the page you put your ad in and decide what category on
ads will fit, so on tech pages put tech related ads. Tracking me and creating
a profile on me should be illegal. Showing ads is perfectly fine

~~~
lajhsdfkl
> IS there a good reason why you can't analyze the page you put your ad in and
> decide what category on ads will fit, so on tech pages put tech related ads.

There isn't and this is what many people do. But that isn't the argument is
it? Can you tell me why observing what people do on my website is unethical
and why it should be made illegal?

Also can you explain why information that is placed on my server belongs to
someone else if I didn't enter into a contract with them specifying that was
the case?

If someone has access to your laptop and downloads their photos onto it, who
do those photos belong to? Put another way, if someone shows you a photo, who
does the memory of that photo belong to?

~~~
alkonaut
> Also can you explain why information that is placed on my server belongs to
> someone

Isn’t this more or less the gist of GDPR and “right to be forgotten” laws?
That my personal data doesn’t automatically “belong” to anyone else just
because I entered it onto a server?

> If someone has access to your laptop and downloads their photos onto it, who
> do those photos belong to?

Rights to creative works, unlike personal data already has rather well
functioning legal frameworks. The author of a creative work doesn’t give up
any right to the photo without very specific circumstances.

~~~
lajhsdfkl
>Isn’t this more or less the gist of GDPR and “right to be forgotten” laws?
That my personal data doesn’t automatically “belong” to anyone else just
because I entered it onto a server?

Yes the EU invented a new right for its citizens which is the prerogative of
the EU because of their bastardized idea of what constitutes privacy. Privacy
is a basic human right, that much is obvious. There is no human right however
to be forgotten and there is no human right to not be observed when you are in
public.

>Rights to creative works, unlike personal data already has rather well
functioning legal frameworks. The author of a creative work doesn’t give up
any right to the photo without very specific circumstances.

The author of a creative work doesn't have the right to force me to delete
something from my laptop if I obtained it lawfully.

~~~
alkonaut
> The author of a creative work doesn't have the right to force me to delete
> something from my laptop if I obtained it lawfully.

A valid point - the rights only address the USE of the photos. You can use
them privately all you want and would not have to delete them (unless ordered
by a court for whatever odd legal reason such as if they were stolen not
uploaded).

The difference with personal info is that the lawmakers saw two choices:
prevent the use or the keeping of the data. They chose to outlaw the keeping
of the data - which is why this law is huge, invasive and clumsy. But it’s
also the only reason it makes a difference at all imho. I don’t trust anyone
to keep the personal data of millions of people safe.

~~~
PeterisP
GDPR is focused _a lot_ on regulating the use of the data. In particular, one
of the key aspects is the limitation of processing to a particular use - very
often business will have a reasonable GDPR-approved reason to get and have the
data, but (since this was often used to circumvent earlier privacy
legislation) now they'll be limited to using that data only for that reason.

For example, if I order pizza, the business (obviously) needs to have my
delivery address; however, that obvious reason only applies for the actual
delivery, and if they want to use that same address also for, say, direct
marketing, then that's a separate use that's not covered and would (generally)
need additional opt-in consent.

------
Bizarro
Despite the propaganda being thrown around on HN, GDPR only affects businesses
that have operations in the EU.

------
hartator
It’s kind of interesting that the company that ads that people think are the
most intrusive are from Criteo, a french company, while GDPR do its best to
target US companies.

~~~
lima
> GDPR do its best to target US companies

Citation needed.

