27 September 2023

Tracking traction: Could Europe’s new data laws be favouring Google?

Start the conversation

Natasha Lomas* says research suggests Europe’s new data protection framework has been successful in reducing advertising trackers, but in doing so may have increased Google’s market share.


An analysis of the impact of Europe’s new data protection framework, the General Data Protection Regulation (GDPR), on the adtech industry suggests the regulation has reduced the numbers of ad trackers that websites are hooking into EU visitors.

But it also implies that Google may have slightly increased its market share in the region — indicating the adtech giant could be winning at the compliance game at the expense of smaller advertising entities, which the study also shows losing reach.

The research was carried out by the joint data privacy team of the anti-tracking browser Cliqz and the tracker blocker tool Ghostery (which merged via acquisition two years ago), using data from a service they jointly run, called WhoTracks.me — which they say is intended to provide greater transparency on the tracker market.

A tale of two differently regulated regions

For the GDPR analysis, the team compared the prevalence of trackers one month before and one month after the introduction of the regulation, looking at the top 2,000 domains visited by EU or US residents.

On the tracker numbers front, they found that the average number of trackers per page dropped by almost 4 per cent for EU web users from April to July.

The opposite was true in the US, where the average number of trackers per page rose by more than 8 per cent over the same period.

In Europe, they found the reduction in trackers was nearly universal across website types.

In the US, the reverse was again true — with banking sites the only category to reduce tracker numbers over the period.

“The effects of the GDPR on the tracker landscape in Europe can be observed across all website categories,” the team said.

“The reduction seems more prevalent among categories of sites with a lot of trackers.”

Shifting market share

The team also argues that their snapshot comparison of tracker prevalence of April 2018 against July 2018 reveals “a clear picture” of GDPR’s impact on adtech market share — with “especially” smaller advertising trackers having “significantly” lost reach (which they are using as a proxy for market share).

In their analysis, they found smaller tracker players lost between 18 per cent and 31 per cent reach/market share when comparing April (pre-GDPR) and July (post-GDPR).

They also found that Facebook suffered a decline of just under 7 per cent, whereas market leader Google was able to slightly increase its reach — by almost 1 per cent.

Summing up their findings, Cliqz and Ghostery write: “For users this means that while the number of trackers asking for access to their data is decreasing, a tiny few (including Google) are getting even more of their data.”

The latter finding lends some weight to the argument that regulation can reinforce dominant players at the expense of smaller entities by further concentrating power — because big companies have greater resources to tackle compliance.

Although the data here is just a one-month snapshot.

And the additional bump in market share for Google is not huge — whereas a nearly 7 per cent drop for Facebook is more substantial.

Cliqz shared their findings with TechCrunch and we put several questions to them about the analysis, including whether or not the subsequent months indicated this snapshot is a trend, but the company had not responded to our questions ahead of publication.

Cliqz and Ghostery speculate that the larger adtech players might be winning (relatively speaking) the compliance game at the expense of smaller players because website owners are preferring to “play it safe” and drop smaller entities versus big known platforms.

In the case of Google, they also flag up reports that suggest it has used its dominance of the adtech market to “encourage publishers to reduce the number of ad tech vendors and thus the number of trackers on their sites”.

And we’ve certainly heard complaints of draconian Google GDPR compliance terms before.

The team also points to the use of manipulative UX design (aka dark patterns) that is used to “nudge users towards particular choices and actions that may be against their own interests”, suggesting these deliberately confusing consent flows have been successfully tricking users into clicking and accepting “any kind of data collection” just to get rid of cryptic choices they’re being asked to understand.

Given Google’s dominance of digital ad spending in Europe, it stands to gain the most from websites’ use of manipulative consent flows.

However, GDPR requires consent to be informed and freely given, not baffling and manipulative.

So regulators should (hopefully) be getting a handle on any such transgressions and transgressors soon.

The continued existence of nightmarishly confused and convoluted consent flows is another complaint we’ve also heard before (and is one we have ourselves, frankly).

Overall, according to the European Data Protection Board, more than 42,000 complaints have been lodged so far with regulators.

And just last week Europe’s Data Protection Supervisor, Giovanni Buttarelli told us to expect the first GDPR enforcement actions before the end of the year.

But Cliqz and Ghostery argue that disingenuous attempts to manipulate consent might need additional regulatory tweaks to be beaten back — calling for regulations to enforce machine-readable standards to help iron away flaky flows.

“The next opportunity for that would be the ePrivacy regulation,” they suggest, referencing the second big privacy rules update Europe is (still) working on.

“It would be desirable, for example, if ePrivacy required that the privacy policies of websites, information on the type and scope of data collection by third parties, details of the Data Protection Officer and reports on data incidents must be machine-readable.”

“This would increase transparency and create a market for privacy and compliance where industry players keep each other in check.”

It would also, of course, provide another opportunity for pro-privacy tools to make themselves even more useful to consumers.

* Natasha Lomas is a senior reporter for TechCrunch. She tweets at @riptari.

This article first appeared at techcrunch.com.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.