UK ICO: surveillance advertising is dead

A true consent framework would do the trick.

Here’s the theory behind Europe’s GDPR: if an online service wants to collect, store and/or process your personal information for the purposes of advertising, it has to obtain your real, informed consent for each of those activities. In theory, this should have exterminated surveillance-based “behavioral” ads. In practice, nothing of the sort has happened…yet.

Let’s look at the theory first. The ad-tech industry has long maintained that it obtains consent for all its data-processing. This is an obvious pretense. This “consent” consists of you wading through a garbage-novella of legalese and clicking “I agree.” To add insult to injury, those “contracts” inevitably say something like, “These terms are subject to change without notice” and/or “You agree that you are not allowed to sue us if we violate these terms, and will have to take your case to an ‘arbitrator’ that we pay to decide if we’re wrong.”

Based on this consent-theater, ad-tech scammers claim that they can harvest your data, retain it indefinitely, and sell or give it away to anyone they want, and that this is all totally cool with you because if wasn’t, you wouldn’t have “consented.”

Enter the GDPR. Under Europe’s landmark privacy regulation, companies gathering…