M. Degeling, T. Holz, N. Pohlmann, D. Tatang, T. Urban:,
“Measuring the Impact of the GDPR on Data Sharing in Ad Networks”,
ACM AsiaCCS 2020,
The European General Data Protection Regulation (GDPR), which went into effect in May 2018, brought new rules for the processing of personal data that affect many business models, including online advertising. The regulation’s definition of personal data applies to every company that collects data from European Internet users. This includes tracking services that, until then, argued that they were collecting anonymous information and data protection requirements would not apply to their businesses.
Previous studies have analyzed the impact of the GDPR on the prevalence of online tracking, with mixed results. In this paper, we go beyond the analysis of the number of third parties and focus on the underlying information sharing networks between online advertising companies in terms of client-side cookie syncing. Using graph analysis, our measurement shows that the number of ID syncing connections decreased by around 40 % around the time the GDPR went into effect, but a long-term analysis shows a slight rebound since then. While we can show a decrease in information sharing between third parties, which is likely related to the legislation, the data also shows that the amount of tracking, as well as the general structure of cooperation, was not affected. Consolidation in the ecosystem led to a more centralized infrastructure that might actually have negative effects on user privacy, as fewer companies perform tracking on more sites.
Advertising remains one of the main sources of income for many websites, apps, and online services. Many business models rely on ads and analytics services to personalize their products and to be able to offer them “for free”. To individually target website visitors with ads, tracking services gather personal data, mostly without users’ explicit consent. Personalized ads are based on data collected by ad companies about Internet users through various mechanisms, mainly HTTP cookies.
More information on the subject “Towards Understanding the Impact of the GDPR on Online Advertisement”:
“Beyond the Front Page: Measuring Third Party Dynamics in the Field”
“Measuring the Impact of the GDPR on Data Sharing in Ad Networks”
“Your Hashed IP Address: Ubuntu”
“A Study on Subject Data Access in Online Advertising after the GDPR”
“Analyzing Leakage of Personal Information by Malware”
“The Unwanted Sharing Economy: An Analysis of Cookie Syncing and User Transparency under GDPR”
“Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs”