The plain language of the GDPR is so plainly at odds with the business model of surveillance advertising that contorting the real-time ad brokerages into something resembling compliance has required acrobatics that have left essentially everybody unhappy.
The leading ad networks in the European Union have chosen to respond to the GDPR by stitching together a sort of Frankenstein’s monster of consent,a mechanism whereby a user wishing to visit,say,a weather forecast page 4 is first prompted to agree to share data with a consortium of 119 entities,including the aptly named“A Million Ads”network. The user can scroll through this list of intermediaries one by one, or give or withhold consent en bloc, but either way she must wait a further two minutes for the consent collection process to terminate before she is allowed to find out whether or it is going to rain.
This majestically baroque consent mechanism also hinders Europeans from using the privacy preserving features built into their web browsers,or from turning off invasive tracking technologies like third-party cookies,since the mechanism depends on their being present.
For the average EU citizen,therefore, the immediate effect of the GDPR has been to add friction to their internet browsing experience along the lines of the infamous 2011 EU Privacy Directive (“EU cookie law”) that added consent dialogs to nearly every site on the internet.
The GDPR roll out has also demonstrated to what extent the European ad market depends on Google,who has assumed the role of de facto technical regulatory authority due to its overwhelming market share.Google waited until the