Privacy in AdTech: Speed Limits vs Speed Limiters

The impact privacy laws and privacy settings have on AdTech


Our Newsletter

Get AdTech & MarTech resources sent straight to your inbox

We respect your privacy. Learn more here.

What impact do privacy laws like the GDPR and privacy settings like Safari’s Intelligent Tracking Prevention (ITP) have on AdTech?

Both have a big impact on how ads are served, displayed, and measured, but the impact of each is slightly different.

Here’s an infographic that highlights the impact of privacy laws and privacy settings. Continue reading our post to learn more.

The Impact of Privacy Laws on AdTech

The impact of privacy laws on AdTech is medium to high.

The GDPR requires companies to collect voluntary and affirmative user consent before collecting personal data (e.g. cookie and device IDs). 

This means that if a user rejects AdTech companies savings cookies to their device, then advertisers won’t be able to run behaviorally targeted ads, run frequency capping, measure performance or attribute conversions.

The degree of impact depends largely on a company’s compliance with the GDPR. For example, if a company adopts implied consent, their impact may be low or medium. 

If a company strictly adheres to the GDPR, the impact for them is likely to be high.

The Impact of Privacy Settings on AdTech

Privacy impact on programmatic
The impact of privacy laws on AdTech is high.

Unlike privacy laws that can be ignored, therefore reducing the impact for companies, privacy settings are direct and immediate.
It’s harder, and in some cases impossible, to run behaviorally targeted ad campaigns, as Safari’s ITP, Firefox’s ETP, and ad-blocking plugins stop JavaScript tags by known trackers from loading a web page. If these JS tags don’t load, ads won’t be displayed. 

Unlike the GDPR where companies can ask users to provide consent to show ads, there’s no such option with privacy settings.

Privacy Laws Are Like Speed Limits

If you are driving a car at 55 mph in a 30 mph zone (86 km/h in a 50 km/h zone), you are breaking the law, but you’ll only feel the consequences of speeding if you get caught (or crash). 

If there are no police cars or speed cameras around, there’s nothing physically stopping you from breaking the law.

If or when you get caught, that’s when you’ll feel the impact, and it will hurt your back pocket.

Privacy laws like the EU’s GDPR are like speed limits.

In the same way a speeding driver won’t feel the full force of the punishment unless they get caught, publishers, AdTech companies and advertisers can choose to ignore the GDPR and won’t feel its full impact.

Since the GDPR came into force on May 25, 2018, many have chosen to do just that. 

Although we saw some drastic moves in the time leading up to the GDPR’s enforcement, such as companies pulling out of the EU and halting programmatic media buying, the true aftermath still hasn’t been felt. 

Some companies have been investigated and fined, but there are still many that are operating business as usual, adopting implied consent, denying access to websites if users don’t provide consent, and opting for pre-ticked consent boxes. 

If your company is enjoying life in the fast lane, it’s only a matter of time before you receive a speeding fine in the form of an investigation notice from a European DPA.

Privacy Settings Are Like Speed Limiters

Let’s imagine that you are a truck driver and it’s 5pm in New York. You’ve just received an order for a shipment of goods that has to arrive before 5pm the next day in Salt Lake City, Utah, which is about 2,200 miles away.

Your business depends on delivering this shipment. If you don’t deliver it, you don’t get paid. 

Even with a two-hour time difference in your favor, you’d need to travel non-stop at an average speed of 100 mph to make it in time. 

Now, you could travel at 100 mph and risk getting caught for speeding like in the case above, but let’s imagine that your truck has a speed limiter installed, which means it can’t physically exceed a speed of 90 mph. 

With this speed limiter installed, it would be impossible for you to drive your truck from New York to Salt Lake City in under 22 hours. 

In the online advertising world, privacy settings like Safari’s ITP, Firefox’s ETP, and ad-blocking plugins like Ghostery and AdBlockPlus are the equivalent of speed limiters. 

In the same way speed limiters prevent vehicles from traveling over a certain speed, privacy settings prevent AdTech platforms from serving ads and saving cookies to a user’s device (or reduce their lifespan in some cases). 

The impact of these privacy settings is direct and immediate. 

Companies have no say in the matter. They can’t choose to ignore these privacy settings like they can with privacy laws – if a user is using Ghostery, JavaScripts tags from AdTech companies won’t load and ads won’t be displayed.

The Future of AdTech Has More Speed Limits and Speed Limiters

For the speed demons of AdTech, life in 2020 and beyond will be a lot harder.

Apart from the privacy laws and settings already in place, there are more on the way.

Privacy Laws (Speed Limits)


The California Consumer Privacy Act (CCPA), which will come into force on January 2020, will give citizens and residents of California more rights, such as the right to know what data a company collects about them, the right to ask companies to delete their data, and the right to reject the sale of their data.

Brazil’s LGPD

Brazil’s Lei Geral de Proteção de Dados (LGPD) is a federal data-protection law that’s set to be enforced in February 2020. 

ePrivacy Regulation

Although stuck in draft mode, the ePrivacy Regulation will likely have a bigger impact on AdTech than the GDPR currently has had due to the specific rules regarding consent for cookies. 

In the current ePrivacy draft, publishers and website owners will need to obtain voluntary and clear consent to drop cookies on a user’s device for all purposes. This is not all that different to the current rules of the GDPR, except that the ePrivacy regulation may require web browsers to act as the gatekeepers of consent. 

This means that instead of stating consent decisions via a consent-management platform (CMP), it’s possible that users can set their preferences via their browsers’ settings. 

The latter is especially troubling for all players in the online advertising industry, as it could reduce the availability of cookies even further. 

Data Protection and Privacy Laws in the USA

Apart from California’s Consumer Privacy Act (CCPA), a few other US states have either introduced new privacy and data-protection bills, are strengthening existing laws, or contemplating new ones. 

However, instead of individual state laws, the US really needs a federal data-protection and privacy law to simplify the regulatory environment, which was one of the reasons the EU’s GDPR was introduced.

Privacy Settings (Speed Limiters)

Safari’s Intelligent Tracking Prevention (ITP)

Since being released in September 2017, ITP has changed to address feedback received by developers and workarounds implemented by tech companies. 

ITP released three new updates in 2018 and 2019. If history is anything to go by, expect to see a similar number of releases in 2020.

Firefox’s Enhanced Tracking Protection (ETP)

Firefox followed in the footsteps of Apple and stepped up their privacy game in 2019.

The company first launched Enhanced Tracking Protection back in June that blocked known trackers when browsing in private mode. 

Then in September of the same year, Firefox released an update of ETP that blocks known third-party trackers as the default option for all Firefox users. 

There’s no news about Firefox’s plans to strengthen its already-tight privacy settings, but don’t rule anything out.

Google Chrome

Because Google is arguably the largest AdTech company with ad revenues well exceeding those of the Facebook (in second place), following in the footsteps of Safari and Firefox will directly impact its own business. 

However, Google has made several announcements that it would be introducing some changes to Chrome that will strengthen privacy for users.

These changes include providing users with more transparency into which companies are involved in the ad-serving process, make it easier for users to block and delete third-party cookies, and prevent device fingerprinting.

But the biggest change that Chrome announced was the one that about shutting off support for third-party cookies by 2022, which will bring an end to key activities like behavioral targeting, retargeting, frequency capping, and cookie syncing in web browsers.

But it’s not all bad news.

Google Chrome is aiming to provide ad targeting and measurement in a privacy-friendly way via their Privacy Sandbox.

Ad-Blocking Plugins

The popularity and adoption of ad blockers may not be on the same level as in years past, but these plugins are still very popular and are often used in popular browsers, essentially doubling the impact for publishers and AdTech.

Final Thoughts

AdTech has enjoyed long, open highways where speed limits are relaxed and speed limiters were few and far between. 

Successful companies of the future will need to adjust and evolve to the new era of privacy in AdTech.

AdTech was able to build systems that can hold auctions between multiple servers in under 300 ms – creating tech that adheres to privacy laws and settings and still allows advertisers and publishers to maintain profitable businesses is well within its reach.

Reading recommendation

Read our online book

The AdTech Book by Clearcode

Learn about the platforms, processes, and players that make up the digital advertising industry.

Mike Sweeney

Head of Marketing

“The AdTech Book is the result
of our many years of experience in designing and developing advertising and marketing technologies for clients.”

Find out how we can help you with your project

Schedule a call with us today and find out how we can help you with your AdTech or MarTech development project.