Ad Blocker-Blocking Websites Might Be Violating European Privacy Laws

The ad-blocking wars are getting ugly again.

In the latest phase of the conflict, several high-traffic websites have started denying entry to users whenever they detect their browsers running ad-blocking extensions like uBlock Origin and Adblock Plus. These new ad-blocker-blocking scripts typically present offending readers with a choice: Either disable your blockers by whitelisting the site, or pay a small subscription fee to help keep the lights on.

But that might not fly in Europe, where using these detection scripts could be a violation of local privacy laws, according to a letter from the European Commission.

Under European law, websites are required to get users' consent before they can send you cookies, the tiny blobs of data that live in your browser and allow sites to recognize and target you with ads. The letter suggests that since the law's scope isn't limited to cookies, scripts that scan your browser looking for ad-blocking extensions without consent might be verboten too.

"Article 5.3 does not limit itself to any particular type of information or technology, such as cookies," the European Commission wrote in response to a letter from privacy advocate Alexander Hanff. "In light of the above, Article 5(3) would also apply to the storage by websites of scripts in users' terminal equipment to detect if users have installed or are using ad blockers."

The ad-blocker-blocking trend is already highly contentious, given that ad networks have become a massive vector for malware. While meant as a form of defense for online publications that depend on ad revenue, overall traffic seems to be suffering on sites that use anti-ad-blocking measures, according to stats from the web analytics firm Alexa. The sites' scripts also tend to not distinguish between ad-blockers and tracker-blockers such as Ghostery and Privacy Badger; the latter category is primarily designed to prevent third party tracking code from gathering massive amounts of data about users' browsing habits (which sometimes means blocking ads, but not always).

The premise of Hanff's argument could be a hard sell. Browsers already automatically transmit data about your computer whenever you visit a website, including your browser and operating system version and even some limited hardware information. To make their case, privacy advocates will need to prove that anti-ad-blocking scripts retrieve specific, sensitive information from users' machines without their consent.

In the meantime, Hanff says he'll be starting a "Name and Shame" campaign next week to identify sites using anti-ad-blocking code, to make legal challenges easier.

Correction: This article has been updated to reflect the fact that Ghostery and Privacy Badger are not primarily designed to block ads, but may as a side effect of preventing tracking.