While discussions in Brussels around the Digital Omnibus and the Digital Fairness Act intensify, the digital advertising industry is seeking solutions to regulatory pressure. Recently, during a lunch with senior officials from the European Commission, a delegation including The Good Advertising Project and the Syndicat des Régies Internet (SRI) raised concerns and introduced a little-known and underexploited technological solution: Privacy Enhancing Technologies (PETs).
The Context: Threats of the Digital Omnibus
One major threat of the current text is the proposal to centralize consent directly within the web browser of the internet user. This measure raises fears among media outlets of a “systematic refusal” of advertising tracking, which would significantly impact their economic model, reports Loic Rivière, Delegate of The Good Advertising Project. Additionally, browsers are technically unable today to differentiate between essential cookies (such as maintaining an e-commerce cart or preventing fraud) and targeted advertising cookies.
Understanding the Context:
What are PETs Really?
Privacy Enhancing Technologies (PETs) are not pets but privacy-enhancing technologies that lead to anonymization or near-anonymization of user data. They aim to preserve privacy and minimize the amount of personal data processed while maintaining system functionalities.
PETs are already widely used in sectors requiring critical security levels, such as finance or medical research for epidemiological studies. For example, Mastercard relies on PETs to secure and anonymize customer data sharing in financial transactions. EDF uses them through its Linky meters for highly secure environmental data sharing (ESG).
Loic Rivière explains their operation: “Some of these technologies rely on advanced cryptography. Others involve introducing ‘noise’ into collected data, essentially polluting them to deceive those who would attempt to identify the data.” Other methods, called Trusted Execution Environments (TEEs), allow data processing to be done locally, directly on the user’s device.
Concrete Applications Emerging in AdTech
In digital advertising, several pioneers are already using PETs to reconcile economic viability and respect for privacy, even if they are far from being widely adopted:
- Spotify shares information for statistical purposes only in pseudonymized form, replacing identifying data with simple codes.
- The Brave browser incorporates guarantees based on “differential privacy” to analyze a population’s reactions to a product without isolating individual choices.
- Google uses TEEs to isolate data during processing so that no one has access to it, and Mozilla encrypts advertising data before sending it to a TEE to prevent cross-site profiling.
Legitimate Interest: The Key to Encouraging the Market
Despite this technological potential, the current regulatory framework (including the ePrivacy directive, which has not evolved in over 20 years) timidly encourages pseudonymization but offers no clear incentives for the use of these advanced PETs, argues the Delegate of The Good Advertising Project.
“If there is no regulatory encouragement for the adoption of these technologies, the market will not embrace them,” he says.
To encourage the transition, the delegation has formulated a legal proposal: “allow actors using PETs to rely on legitimate interest rather than explicit consent.” In other words, since a company using these technologies guarantees full privacy protection, they should no longer have to impose clicking on a consent banner on internet users.
Instead of debating subjective regulatory frameworks, PETs could represent the industry’s universal solution. “It’s the solution to many problems,” explains Loic Rivière. “Once there are PETs, all these complex subjects, like browser-based consent, fall into place by themselves.” It remains to be seen if the European legislator will be able to integrate this innovation into ongoing debates.
