back to article Mobile app devs have, oh, about 9 hours left to decide whether to stay on Google's ad platform

Android app developers have hours left to decide whether to change their business models or leave Google's ad ecosystem because of its stubborn stance on the EU's new Global Data Protection Regulation (GDPR) regulations, due to come into effect tomorrow. Devs tell us uncertainty over whether they comply with GDPR is forcing …

  1. Zippy's Sausage Factory

    It's not just mobile app people, it's anyone who uses AdSense.

    It's especially annoying as these days, Google is pretty much the only game in town. Yes, there are competitors, but not really very many outside the USA.

    1. LDS Silver badge

      "Google is pretty much the only game in town. "

      You're talking about a monopoly/dominant position? Many people here swear Google is not...

      1. TheVogon Silver badge

        Re: "Google is pretty much the only game in town. "

        "Many people here swear Google is not..."

        The competition authorities define a legal Monopoly as a firm holding over 25% power within a market so Google clearly are a monopoly in online advertising.

    2. Anonymous Coward
      Anonymous Coward

      'It's especially annoying as these days, Google is pretty much the only game in town'

      @Zippy's Sausage Factory

      And People like you let them in here....

      <<<Seriously what did you expect?>>>

      Ripley: You know, Burke, I don't know which species is worse. You don't see them fucking each other over a goddamn percentage.

  2. Aristotles slow and dimwitted horse Silver badge

    Oh well...

    Maybe an unintended consequence is that it will kill off a lot of the absolute dross that exists within the Play store to simply to harvest cash by pushing these sorts of adverts.

  3. sysconfig

    Facebook

    Facebook handles end user data itself, so users of the ad network have nothing to worry about at all from GDPR.

    I wish I could accept that as a fact. I'm sure you meant this to be funny.

    1. JDX Gold badge

      Re: Facebook

      I think they mean legally it's FB's issue, that's all.

    2. Destroy All Monsters Silver badge

      Re: Facebook

      I think the "users" are the advertisers, not the ones generating data.

    3. Dan 55 Silver badge

      Re: Facebook

      Seems like there's no difference between Facebook and Google, except Google's made developers show a dialog box so it looks like the developers have a responsibility for something, which they don't because Google have defined themselves as the data controller. They can't have it both ways.

      1. TheVogon Silver badge

        Re: Facebook

        "Google have defined themselves as the data controller. They can't have it both ways."

        Yep. Expect to see an increase in adverts on Adsense for GDPR related "ambulance chasing" lawyers. And popcorn.

  4. djstardust Silver badge

    Good

    Most of these "free" ad supported apps are crap anyway and the ads are over intrusive.

    I would much rather pay for a fully working version with no ads.

    Saying that, many of the really good independent apps I bought when android started have been snapped up by the big boys and that creates it's own problems ......

  5. anonymous boring coward Silver badge

    Have got loads of email about GDPR asking me to sign up for continued junk email.

    Fat chance. Everyone thinks they are the centre of the world, and we just long to hear from them every day. They are "sad to see me go", but I'm not going anywhere, and they are still there.

    1. Nick Kew Silver badge
      Pint

      I'm just hoping those really will go away.

      There's one particularly egregious spammer with the truly dismal name of "nethouseprices" sent me a "please opt in". They appear to be UK-focussed, and could be worth making a test case of reporting to the information commissioner if they don't stop.

      Drinks all round if today's really was the last spam from them!

      1. J. Cook Silver badge

        Depending on how egregious the spammer is, I'll just add their IP / netblock to my blacklist, which refuses ALL mail from that IP space. Haven't seen an instance yet where I've had to roll one of those changes back because I accidentally got a false positive.

        Combine that with things like SBLs, Reputation scores, and other anti-spam methods, and I get upwards of 90% of my volume being refused.

        1. James 47

          >I'll just add their IP / netblock to my blacklist

          Not without consent, you won't

      2. CrazyOldCatMan Silver badge

        There's one particularly egregious spammer

        My old work email (that I still have access to) receives a *lot* of spam (mostly b2b IT stuff).

        It too has had a lot of these "we'd love to carry on talking to you" emails, all of which I've deleted without responding to.

        Oh - and today (Friday) I've had one spam email (from a company in Brum) that is quite clearly in contravention of GDPR. Which I took great pleasure in pointing out to them in a reply (yes - I broke my own rules and replied to a UCE[1]). Hopefully, it might wake up a few neurons in the spammers brain[2] . Either that or lead to them getting fined again and again and again. Either is acceptable.

        [1] Ah - the good old Usenet days in the anti-spam newsgroups. And watching the high-quality troll baiting that went on..

        [2] If spammers have such a thing. I suppose they need an organ to hold their unmitigated and bloated greed while excluding anything like conscience or morality. Can you tell I don't like spammers? Mind you, advertisers are only a step above them in the ethics scale..

    2. VinceH Silver badge
      Facepalm

      "Have got loads of email about GDPR asking me to sign up for continued junk email."

      How about a company using GDPR as an excuse to send marketing crap?

      Since the start of May, a supplier to one of my clients has been sending emails to my address for that client (at their domain). So far, five emails.

      The first two were ostensibly requests for me to opt in to receive future emails because GDPR - but they were really marketing emails using that as an excuse. The last three reverses that: They were quite openly marketing emails, with a section asking me to opt in because GDPR.

      Prior to May, I wasn't receiving any such emails from that supplier.

      And thankfully, I should receive no more.

      1. CrazyOldCatMan Silver badge

        And thankfully, I should receive no more.

        Were Orbital Anvils involved? Sadly, at current Orkplace I don't have the ability to block domains or IP blocks..

  6. Mage Silver badge
    Devil

    Elephant in the room

    Google, Adobe, MS, Twitter, Apple, Facebook etc morally ought to stop collecting ANY data from user, other than IP address and page hits.

    1. iron Silver badge

      Re: Elephant in the room

      IP address is defined as personally identifiable information under GDPR so no they can't collect that.

      1. Mage Silver badge

        Re: Elephant in the room

        "IP address is defined as personally identifiable"

        If you collect NOTHING else?

        The Server needs it to serve the page. Though you'd not store it.

        You need it to identify DDOS sources or malicious posts?

        I don't know. Surely the IP is only really personal if collected with other information, or if a warrant obtained and IP + time presented to ISP?

        But yes an IP address can be part of personal information.

        Twitter, Facebook, Google etc are using IP address to make a good guess on where you live. It worries me that the "guess" is usually much better than which ISP you are using (mobile may be different due carrier NAT). Surely WHERE ISPs have allocated their IPs should be private or are they guessing from people with Location on etc?

        1. katrinab Silver badge

          Re: Elephant in the room

          If you request a web page and supply your IP address as the delivery address, then clearly, you can use the IP address to fulfil the request. What you do afterwards with it could be a problem.

          Collecting data for security / law enforcement is fine, see for example CCTV cameras in shops.

        2. katrinab Silver badge

          Re: Elephant in the room

          When they look up based on my IP address, they think I am in a small town that is not particularly close to me. To explain how not very close it is, there is a bus that runs from my town centre past my house to the nearest big town. That bus takes about 90 minutes. From that town, it would be about another 20 minutes.

          Amazon and a few others think I live in some obscure town on the other side of England.

        3. TheVogon Silver badge

          Re: Elephant in the room

          "IP address is defined as personally identifiable"

          "If you collect NOTHING else?"

          Yes.

          You can, however, collect and store personal data in your server logs for the limited and legitimate purpose of detecting and preventing fraud and unauthorized system access, and ensuring the security of your systems.

        4. CrazyOldCatMan Silver badge

          Re: Elephant in the room

          using IP address to make a good guess on where you live

          Not so good a guess for me - they think I live where my ISP has their peering centre. Which is about 100 miles away..

  7. Mage Silver badge

    loads of email about GDPR asking me to sign up

    Ironically illegal or pointless.

    1) If you already have suitable consent (a pre-ticked box or scraped data isn't consent, then the email is pointless, and might be illegal depending what it asks.

    2) If you don't have consent, then sending an email asking for it is illegal.

    Even before GDPR much Corporate behaviour was illegal in EU. Aided by US Law. In reality use of the USA CANSPAM act is illegal when used against EU people.

    Also only an idiot clicks "unsubscribe" to opt out, unless it's email YOU signed up to from a sensible company, because it tells the Spammer you exist.

    Bin every GDPR email unless it's something you did sign up to and still want.

    1. Nick Kew Silver badge

      Re: loads of email about GDPR asking me to sign up

      I think we take that for granted.

      I've had it from some people who are emailing me legitimately:

      - clubs/societies of which I am a member. Yes you can mail me.

      - bigcos with whom I do business legitimately. Yeah, that's fine: I've already cut off those who've abused my email address (helped by using a separate custom address for each commercial entity).

      - startups in which I've invested through crowdfunding. Hmm, on a case-by-case basis.

      Others haven't contacted me, including the big financial institutions (like bank, stockbroker, share registrars) who presumably have the lawyers to tell them their usage re: my accounts is already compliant. Like El Reg, who have our addresses as commentards.

      The hardest case is GDPR mails in a grey area. Like my local council, with whom I've presumably corresponded by email sometime in the past without explicitly signing up for mail. They haven't spammed me, so the GDPR mail was probably superfluous. If I say yes, I'm potentially consenting to spam. If I don't then they're removing me from a list that appears never to have been used, but might make sense to stay signed up to in case there's some emergency alert.

      1. israel_hands

        Re: loads of email about GDPR asking me to sign up

        If there's a possibility your local council will send an emergency alert via e-mail then I think you should stop worrying about GDPR and move to a different county. Preferably one not run by sociopathic bureaucrats. Or bureaupaths, as I call them.

        Aside from that you've made some good points. So good that I've just e-mailed my local fencing club (that I sadly haven't attended for a couple of years) to assure them that they have my consent to keep e-mailing me about all the sword fights I could be having. Also, seeing as they haven't yet asked, it'll hopefully give the guy that runs it a bit of nudge to look into what GDPR means for him/the club.

    2. Richtea

      Re: loads of email about GDPR asking me to sign up

      > Bin every GDPR email unless it's something you did sign up to and still want.

      Keep every GDPR email, and make sure they stick to what they said they would do.

    3. SImon Hobson Silver badge

      Re: loads of email about GDPR asking me to sign up

      If you already have suitable consent (a pre-ticked box or scraped data isn't consent, then the email is pointless, and might be illegal depending what it asks.

      Not quite.

      AIUI many data controllers do have consent - but might not have evidence to the standard required under GDPR, and might not have given clear enough information to the level required by GDPR. Because of this, AIUI the ICO is recommending that data controllers go back to the data subjects and get fresh consent - so they can show that they have obtained informed consent from each subject.

  8. Ken Hagan Gold badge

    If AdSense is unlawful...

    ...does that make Google (as the implementor) an accessory to the crime?

    I ask, not out of any legal interest, but simply because it seems rather implausible that all the liability can be transferred to the users of the AdSense service "just because Google say so". It seems more likely to me that a court will decide that Google are the ones mis-using personal data.

    I suppose we'll have a test case in a few days...

    1. mmn999

      Re: If AdSense is unlawful...

      Don't forget the way the GDPR is supposed to work re enforcement is that a user has to make a request for data, then complain, then the IC can take it up. Then if they find you in breach they will give you time to put stuff right and if you don't they can fine you.

      From all I have read there is not an option for individuals to bring legal cases directly against a business.

      Also if a user asks an app owner who does not store account details for what PII data is used for personalised ads there is no way they can do anything but pass it to Google. What a stupid mess.

      1. Ken Hagan Gold badge

        Re: If AdSense is unlawful...

        "Also if a user asks an app owner who does not store account details for what PII data is used for personalised ads there is no way they can do anything but pass it to Google."

        That fact might be just what it takes for the IC to decide that Google is the controller, not the app-slinger. Saying, "this new law doesn't apply to me because I said so" hasn't worked for ICANN and I doubt it will work for Google.

  9. israel_hands

    I can only think Google are assuming they can ignore it as long as possible, then throw lawyers at it until it goes away but I really don't think they've thought it through.

    I was having a conversation with the missus yesterday which came down to her saying GDPR was proving a nightmare for the marketing department. The rules are too vague so people can't work out how to change their current policies and they don't know where the boundaries are.

    My point was that the rules are deliberately vague because the basis of GDPR is: Don't Be A Dick.

    It's that simple. The biggest reason for finding compliance a nightmare is because you weren't compliant with data protection but previously knew it wasn't going to cost you anything.

    And the biggest reason for whining that you don't know how to apply the rules is because your mindset is "How much can I get away with?" when the entire point of the rules is that you should be thinking "What's the minimum I need to do business?"

    It's the same principle of least privilege that you find in security and it exists for the same reason. The less access you have, the less damage you can do*.

    *Intentionally or otherwise.

    1. VinceH Silver badge

      "It's that simple. The biggest reason for finding compliance a nightmare is because you weren't compliant with data protection but previously knew it wasn't going to cost you anything."

      Well, to be fair, there's also just plain old not being fully aware or realising it applies to them. You may or may not wish to label that under the term "ignorance".

      Case in point, where I was working today. They've been running around like headless chickens to make sure they're compliant - a bit of a last minute thing because they didn't know. (Technically, they did: I pointed out to them when discussing this today that I told them a very long time ago - problem is, it was me that told them, so it almost certainly went in one ear and out the other.)

      Their argument is that there has been no attempt to officially notify anyone that this law is coming - no significant campaign. I couldn't really argue the point; it seems to have been well publicised to me, but that could very easily be down to the channels I read etc, so I don't know if they're right or not.

      That aside, they believe it to be nonsense because if there was a breach, they think the only thing that would be stolen is email addresses. (!)

      Um.

      In my book, "only" email addresses is bad enough - but in this case, depending on exactly what was compromised, those email addresses could come with names, phone numbers, addresses... hell, it could include specific information about the services the customers have received, which in turn could include addresses of third parties again! Why they think it would only be email addresses, I don't know, but I couldn't be bothered to argue: by this point in the conversation I just wanted to do some work. (And I'm a lazy bastard - so that's how exasperated I was!)

  10. mmn999

    Wow look at this !

    Look at these :

    https://www.tumblr.com/privacy/consent?redirect=/register&section=signup

    https://www.forbes.com/consent/?toURL=https://www.forbes.com/

    The Tumblr page lists a huge list of Ad Providers all pre-ticked !

    People using the web will be going mad tomorrow if a large number of web sites do this.

    1. Dan 55 Silver badge

      Re: Wow look at this !

      On Tumblr you have to click Manage, Manage, show and show, then individually disable each one.

      On Forbes, you can't comment unless you accept advertising cookies.

      They both need better lawyers.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wow look at this !

        "On Forbes, you can't comment unless you accept advertising cookies"

        GDPR is an EU thing and Forbes a US corp without EU presense (AFAIK).

        Forbes just needs to adhere to US laws and if EU citizens want to comment on their board it is not Forbes' problem.

      2. CrazyOldCatMan Silver badge

        Re: Wow look at this !

        On Forbes, you can't comment unless you accept advertising cookies.

        I've seen this on quite a few sites today - along the lines of "you must accept the whole policy in order to use this site". Often, the whole policy isn't easy to access since it too is blocked until you accept the policy..

        My response is to close that browser window/tab and vow to never visit that site again.

  11. simmo

    Re: Wow look at this !

    Engadget just gave me a comprehensive list of ad partners serving personalized ads[1]. Along with an 'opt out of all' button that on Firefox apparently did nothing. Does that count as opting out or not?

    [1] https://guce.oath.com/collectConsent?brandType=eu&.done=https%3A%2F%2Fwww.engadget.com%2Fuk%2F%3Fguccounter%3D1

  12. jeffroimms

    question over ownership - ANDROID

    If my memory is correct... Google are nothing more than "Guardians" of the "ANDROID" infrastructure, despite the way they behave with it, and that Guardianship is currently being challenged.. what will happen to all their consent as and when they lose control over the O/S

    Will we finally have a mobile infrastructure whereby we will be able to choose which apps we keep installed and be able to remove components that we already duplicate in an attempt to replace?

    Although I suspect to use one part you will be expected to use all of it - tho that will also contravene GDPR..

  13. big col

    What are these mobile adverts you speak of. I see no adds.

    Blokada is my friend..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019