Privacy advocate Alexander Hanff believes scripts which detect whether or not a user has adblocking software installed violate EU privacy law. An amendment to the ePrivacy Directive that went into force a few years ago is the reason many sites now inform users if the site uses cookies, as well as asking users for consent to have their data stored by cookies. However Hanff believes that the law doesn't just apply to cookies, but that scripts which detect adblockers would also require notification and consent under the law.

Hanff made an inquiry to the European Commission on this matter, and the letter he got in response supports his claim. He posted photos of "relevant pages" on Twitter, implying there is more to the letter than what he's shared so far. However, what he has posted does seem to support his case.

The letter states that the wording in the law does not only cover cookies. The relevant points are that the law is applicable when a site accesses information stored on a user's computer, with narrow exceptions for accessing information that is required to facilitate communication. According to the letter, the law is applicable to a wide variety of technologies besides cookies, and the Commission believes it would also apply to client-side scripts that detect adblockers. The letter states, "Thus, a literal interpretation of Article 5.3 supports its application to all types of information stored or accessed in the user's terminal device." The use of the term "literal interpretation" may imply that it is an interpretation that was unintended by the writers of the law, but one which is supported by the exact wording used in the law.

An additional point of interest in the letter concerns the application of Recital 66 of the law. Recital 66 states that users can express preferences about whether they consent to storage and access of information on their devices through browser settings or other software. The letter states the browser extensions or plugins would also be an acceptable way to communicate such preferences. Although that section of the letter does not refer to adblocking plugins specifically, but merely states that browser plugins could be used to communicate whether a user consents or not. Presumably, a plugin which detects adblocker detectors and disables them would be a clear indication that a user does not consent to the collection of that data.

After receiving his letter from the Commission, Hanff stated that he intends to launch legal complaints against sites that detect adblockers in the EU.

https://twitter.com/alexanderhanff/status/722654277303410688

Does detecting adblockers without consent violate a user's privacy? Leave your comments below.