Does a Legal Approach to Rights Guarantee an Ethical Approach? Privacy, European Media and Third Party Trackers Before and After GDPR

  • Sørensen, J. K. (Foredragsholder)
  • Hilde van den Bulck (Foredragsholder)
  • Kosta, S. (Foredragsholder)
  • Aaron Hyzen (Foredragsholder)

Aktivitet: Foredrag og mundtlige bidragKonferenceoplæg


This contribution analyses the use of third-party trackers by European countries media before and after the introduction of the EU’s General Data Protection Regulation (hereafter: GDPR) as an inroad to discuss the legal versus ethical obligations of media with regards to audiences’ privacy, the impact on the key value of trust in media and, ultimately, the usefulness of an overly legislative interpretation of a rights-based approach. In force since 25 May 2018, GDPR provides extended rights to users to protect personal information. The legislation deals with third-party servers (represented by URLs) that play a role in compiling a webpage presented to the user. We focus on third-party servers that track, collect and analyse user behaviour.
Theoretically, this paper discusses the role of legislation in the aims to redress the disturbed balance between rights holders (in this case digital media users) and the duty bearers (in this case the digital media expected to uphold the rights) that a rights-based approach aims for. To this end, it starts from the idea that legal discussions of and instruments to regulate third-party servers’ impact on privacy do not necessarily cover more fundamental ethical questions. Data collection may be lawful but can affect users' lives in unwanted ways and, thus, affect both their personal rights like privacy and their trust in the service provider, i.e. media. This has two complementary theoretical perspectives: computer ethics (e.g. Moore, 1997; Brey 2005) and (public service) media values (authors, 2017) in the ‘calculated public sphere’ (Harper, 2016). Data result from an extensive and repeated collecting of third party traffic on media- related websites. From a dataset of +46 million recordings of HTTP responses from servers for files like pictures, code or text for +12000 web pages from 1291 websites visited 33 times spanning before and after the commencement of GDPR (9 times before May 25, 2018), we selected 361 media websites from 38 European countries (#115 from EBU members, #246 from private media). Data were analysed and third-party servers were identified and categorized into 15 categories, including Advertising, Analytics, Distribution technologies and Malicious servers. The result section, first, discusses various characteristics of third-party trackers before focusing on differences between public service and private media, comparing for EU/EEA versus the rest of Europe. Next, we analyse evolutions over time finding that public service websites are unchanged with regards to third party URLs, while private media show a decrease. Furthermore, GDPR has led to smaller third-parties disappearing to the advantage of the big ones, enhancing concentration of power for access to and collecting of user data. Results are discussed in light of the ethical implications of what may legally be a licensed use of audiences’ data by third-party trackers. We assumed that the more third-party servers involved in a webpage visit, 1) the higher the potential exposure of personal, identifiable information and, thus, 2) the more the ethical aspects of privacy and, ultimately 3) the soft value of trust – crucial to the working of media, especially PSM - are compromised. Finally, it discusses how media policies in the area of privacy and wider individual rights need to go beyond a rights-based approach and legal boundaries as set out in legal frameworks such as GDPR. As such, we argue against narrowing a rights-based discussion to legislative instruments.
Periode24 okt. 201925 okt. 2019
BegivenhedstitelCOM­MU­NIC­A­TION RIGHTS IN THE DIGITAL AGE: organized by the Helsinki Media Policy Research Group, the University of Helsinki, the ECREA Communication Law and Policy Section and the Euromedia Research Group, and supported by the IAMCR Communication Policy & Technology Section.
PlaceringHelsinki, FinlandVis på kort
Grad af anerkendelseInternational


  • web privacy
  • GDRP
  • Computer ethics
  • user rights
  • media