Measuring online behavioural advertising: one more step to protect users
IMDEA Networks/DICYT When we search for information on the Internet, buy online or use social networks we often see ads relating to our likes or profile. The fact is not everyone knows how online advertising works and what data companies are using to create personalized ads to show us. Dr. Nikolaos Laoutaris, Research Professor at IMDEA Networks, has published new research results on the detection of behavioural targeting in online advertising.
The relevancy of this study, according to Laoutaris, is that researchers can “test whether an advertisement is targeted or not, and if so, towards which demographic groups; it’s fundamental for being able to check (proactively or reactively) the application of new data protection laws that, among others, put restrictions on targeted advertising”.
The General Data Protection Regulation (GDPR), which came into force on the 25th of May, 2018, was adopted precisely by the European Union to return control of personal data to the individual and to unify the regulatory framework for multinationals. “GDPR defines several sensitive categories such as health, religion, political beliefs, sexual orientation all of which require special type of consent that has usually not been granted when targeted advertising happens”, states, Dr. Nikolaos Laoutaris. For this reason, it’s very important to identify targeted ads in order to protect specific demographic groups, like minors.
Earlier work of the IMDEA Networks Research Professor has found correlations between specific targets and some topics. For instance, it’s the case of people who suffer from cancer, Alzheimer or sexually transmitted diseases.
How can users and Data Protection Authorities (DPA’s) test ad targeting? There are two ways: detection via content-based analysis and count-based detection & crowdsourcing. Following these methodologies, it’s possible to know if ads have been targeted to those groups protected by GDPR and FTC’s Child Online Privacy Protection Act (COPPA). “By doing so they offer a valuable tool for Data Protection Authorities and can even help the advertising sector itself validate its own self-regulation programs like AdChoices […] It is really difficult to see how these laws will be applied if there are no easy methods for detecting violators”, highlights, Dr. Laoutaris.
The first method basically looks at the browsing history of a user and tries to understand the types of website he visits. Then looks for correlations between these websites and the advertisements offered. Laoutaris explains that to do that “the method needs to understand and characterise the type of content of web-sites and ads and, hence, the name content-based analysis”. The second method and the latest one is, in the words of the researcher, even more powerful. Why? Because it’s using frequency-based analysis so as to detect targeting. To use it, it’s just needed a free to use tool called eyeWndr, which only cares to see if a particular advertisement “follows” a user across websites more than other ads. “This alone proves to be enough for distinguishing targeted from non-targeted ads”, says, Laoutaris. The App is very simple to use, because it marks with a colour circle the ad and clicking above it the user can see a score: if it’s high does means that ad it’s targeted. The results of this study will be presented in ACM CoNEXT Conference to be held in Orlando, Florida, this December. An early version of this paper can be found here.
Going beyond online advertising, Dr. Laoutaris has presented, in a seminar celebrated at IMDEA Networks within the Science Week of Madrid, an earlier work on detecting online price discrimination as well as his community building efforts in setting up and growing the Data Transparency Lab. He found out that depending on the country you are connected you have to pay a different price for the same product. On the other hand, the researcher has talked about why it’s important making online services pay users for their data.