New European law could have a bigger impact than GDPR

The European Data Protection Board (EDPB) recently issued a ruling on a Facebook GDPR case with major consequences. According to the Wall Street Journal‘s sources, Facebook‘s parent company, Meta, will no longer be allowed to target users for advertising based on their agreement to the Facebook Terms of Service. Instead, the company will have to obtain informed consent, with a fair choice of yes or no.

Although this is a big change from the point of view of court watchers on Twitter, the fact is that  we‘re talking about willing Instagram users here, and research consistently shows that about 31-36% of users (depending on how you ask) actually want personalized ads. That set of users is going to overlap, a lot, with the people who use Instagram. Any claims that this case is the next Apple ATT are exaggerated.

That doesn‘t mean that the European regulatory climate is shifting in Meta‘s favor, though. A lesser-known European law is going to mean really good news for independent web publishers. Today, publishers must compete for ad revenue with big social sites that can get away with a lot of scam ads, but that‘s about to change.

Removing a hidden subsidy for big platforms

Today, Meta gets a subsidy from regulators, in the form of regulations that enforce its ability to hide the worst scam ads. On legit sites, the work to enforce the ad policies is nearly constant. When you least expect it, someone asks, “what the heck is this ad doing here? Looks like a scam.” Next comes the database query work to find it in the logs and block it from the site. Finally, after it‘s gone, what happened? What can we fix, or get a partner to fix, to keep it from happening again? Finding and quickly removing bad ads can be frustrating, but it‘s a regular part of running a quality site, and a task that readers expect.

Meanwhile, large social sites like Meta‘s have a consistent unfixed problem with scam ads. Facebook scams alone were up 18x from 2017 to 2021! While web publishers do the extra work to keep our sites clean, the big platform companies seem to only kick scammers off when they get in the news. Social platforms make it easy for scammers to reach as many likely victims as possible, while avoiding regulators, legit advertisers, and most (but not all) media attention.

Now there‘s good news for long-suffering web publishers and their ad services. The European Union‘s Digital Services Act (DSA), which recently passed in the European Parliament, is about to make a big change that will make the ad market much fairer. Under DSA, any Very Large Online Platform (a VLOP is defined as a site with 45 million or more European users, about 10% of the population) is required to maintain an archive of ads they run. The requirement will take effect in mid to late 2023, and it will be a big change. Today, it is difficult to find the scammers impersonating you or offering a fake version of your brand on a big social network. One high-profile personal finance author was able to get a company to settle a complaint over impersonation, but other brands suffer. Wells Fargo has to ask its customers to report social media scams—because   social media ad targeting allows the scammers to seek out bank customers and avoid bank employees. Scammers even use the names and logos of big “tech” companies like Amazon, Tesla, and Facebook itself.

Extending the existing ad libraries

Facebook does maintain an “Ad Library” but it‘s limited in ways that give persistent advantages to scam advertisers. Ads can appear after a delay of up to 24 hours, and then disappear quickly after they run—unless classified as political. When you see a scam ad on Facebook and go look up the advertiser in their Ad Library, it‘s not unusual to see that advertiser running no ads “at this time.” Scam advertisers who are clever with a script, or quick on their mouse buttons, can hide their ads indefinitely, just by switching them out. And that seems to be the way that Meta likes it. When a research team at New York University tried to make an independent ad archive, at no cost to Facebook, the company began a multi-front campaign to try to shut them down.

But, to be fair to Facebook, their Ad Library has been the best effort from any of the VLOPs so far. DSA ad archives will be a major change for all the Big Tech firms. Although no regulator is staffed up to actually look at all the scam ads on all the VLOPs, they won‘t have to. Scam advertisers typically lift known brand logos and product photos, so trademark monitoring firms—which major brands already use—will be able to spot more violations, faster. And VLOP ad archives will provide some, but not all, of the transparency that political ad researchers are recommending. Today, Google’s “My Ad Center” helps you find ads that you saw in the past, and other ads from the same advertisers. In the future, you will be able to check out the ads that were targeted to avoid you.

Archives will mean that VLOPs catch more grief over scam ads from trademark owners, campaign finance regulators, the media, and others. So the VLOPs will have to start getting serious about checking new advertisers and new ad creative. Better checking will translate into better safety for users, but higher costs and longer delays for legit brands on VLOPs. Meanwhile, legit sites that have been doing the work all along will keep doing it. The good news is that honest advertisers are already well-served by web RTB transparency efforts. Under DSA, the VLOPs will have to catch up, which will make things fairer for everyone.