Privacy Policies Caught between the Legal and the Ethical: European Media and Third Party Trackers before and after GDPR

Jannick Kirk Sørensen, Hilde van den Bulck, Sokol Kosta

Publikation: Konferencebidrag uden forlag/tidsskriftPaper uden forlag/tidsskriftForskningpeer review

2 Downloads (Pure)

Resumé

This contribution analyses the use of third-party trackers by European countries media before and after the introduction of the EU’s General Data Protection Regulation (hereafter: GDPR) as an inroad to discuss the legal versus ethical obligations of media with regards to audiences’ privacy and the impact on the key value of trust in media. In force since 25 May 2018, GDPR provides extended rights to users to protect personal information. The legislation deals with third-party servers (represented by URLs) that play a role in compiling a webpage presented to the user. We focus on third-party servers that track, collect and analyse user behaviour.

Theoretically, the paper starts from the idea that legal discussions of and instruments to regulate third-party servers’ impact on privacy do not cover more fundamental ethical questions. Data collection may be lawful but can affect users' lives in unwanted ways and, thus, affect their trust in the service provider, i.e. media. This has two complementary theoretical perspectives: computer ethics (e.g. Moore, 1997; Brey 2005) and (public service) media values (authors, 2017) in the ‘calculated public sphere’ (Harper, 2016).

Data result from an extensive and repeated collecting of third party traffic on media-related websites. From a dataset of +32 million recordings of HTTP responses from servers for files like pictures, code or text to +12700 web pages from 1250 websites visited 25 times before and after GDPR, we selected 355 media websites from 38 European countries (#114 from EBU members, #241 from private media). Data were analysed and third-party servers were identified and categorized.

The result section, first, discusses various characteristics of third-party trackers before focusing on differences between public service and private media, comparing for EU/EEA versus the rest of Europe. Next, we analyse evolutions over time finding that public service websites are unchanged with regards to third party URLs, while private media show a decrease. Furthermore, GDPR has led to smaller third-parties disappearing to the advantage of the big ones, enhancing concentration of power for access to and collecting of user data.

Results are discussed in light of the ethical implications of what may legally be a licensed use of audiences’ data by third-party trackers. We assumed that the more third-party servers involved in a webpage visit, 1) the higher the potential exposure of personal, identifiable information and, thus, 2) the more the ethical aspects of privacy and, ultimately 3) the soft value of trust – crucial to the working of media, especially PSM - are compromised. Finally, it discusses how media policies in the area of privacy and wider individual rights need to go beyond the legal boundaries as set out in legal frameworks such as GDPR.
OriginalsprogEngelsk
Publikationsdato31 jul. 2019
Antal sider31
StatusUdgivet - 31 jul. 2019
BegivenhedTPRC47: Research Conference on Communications, Information and Internet Policy - American University Washington College of Law, Washington DC, USA
Varighed: 20 sep. 201921 sep. 2019
http://www.tprcweb.com

Konference

KonferenceTPRC47: Research Conference on Communications, Information and Internet Policy
LokationAmerican University Washington College of Law
LandUSA
ByWashington DC
Periode20/09/201921/09/2019
Internetadresse

Fingerprint

privacy
website
public service
European Broadcasting Union
EU
EEA
media policy
Values
data protection
service provider
recording
obligation
legislation
moral philosophy
traffic
regulation

Citer dette

Sørensen, J. K., van den Bulck, H., & Kosta, S. (2019). Privacy Policies Caught between the Legal and the Ethical: European Media and Third Party Trackers before and after GDPR. Afhandling præsenteret på TPRC47: Research Conference on Communications, Information and Internet Policy, Washington DC, USA.
Sørensen, Jannick Kirk ; van den Bulck, Hilde ; Kosta, Sokol. / Privacy Policies Caught between the Legal and the Ethical : European Media and Third Party Trackers before and after GDPR. Afhandling præsenteret på TPRC47: Research Conference on Communications, Information and Internet Policy, Washington DC, USA.31 s.
@conference{ca603dabe9424098bcd0ae0e5f06aba6,
title = "Privacy Policies Caught between the Legal and the Ethical: European Media and Third Party Trackers before and after GDPR",
abstract = "This contribution analyses the use of third-party trackers by European countries media before and after the introduction of the EU’s General Data Protection Regulation (hereafter: GDPR) as an inroad to discuss the legal versus ethical obligations of media with regards to audiences’ privacy and the impact on the key value of trust in media. In force since 25 May 2018, GDPR provides extended rights to users to protect personal information. The legislation deals with third-party servers (represented by URLs) that play a role in compiling a webpage presented to the user. We focus on third-party servers that track, collect and analyse user behaviour.Theoretically, the paper starts from the idea that legal discussions of and instruments to regulate third-party servers’ impact on privacy do not cover more fundamental ethical questions. Data collection may be lawful but can affect users' lives in unwanted ways and, thus, affect their trust in the service provider, i.e. media. This has two complementary theoretical perspectives: computer ethics (e.g. Moore, 1997; Brey 2005) and (public service) media values (authors, 2017) in the ‘calculated public sphere’ (Harper, 2016).Data result from an extensive and repeated collecting of third party traffic on media-related websites. From a dataset of +32 million recordings of HTTP responses from servers for files like pictures, code or text to +12700 web pages from 1250 websites visited 25 times before and after GDPR, we selected 355 media websites from 38 European countries (#114 from EBU members, #241 from private media). Data were analysed and third-party servers were identified and categorized.The result section, first, discusses various characteristics of third-party trackers before focusing on differences between public service and private media, comparing for EU/EEA versus the rest of Europe. Next, we analyse evolutions over time finding that public service websites are unchanged with regards to third party URLs, while private media show a decrease. Furthermore, GDPR has led to smaller third-parties disappearing to the advantage of the big ones, enhancing concentration of power for access to and collecting of user data.Results are discussed in light of the ethical implications of what may legally be a licensed use of audiences’ data by third-party trackers. We assumed that the more third-party servers involved in a webpage visit, 1) the higher the potential exposure of personal, identifiable information and, thus, 2) the more the ethical aspects of privacy and, ultimately 3) the soft value of trust – crucial to the working of media, especially PSM - are compromised. Finally, it discusses how media policies in the area of privacy and wider individual rights need to go beyond the legal boundaries as set out in legal frameworks such as GDPR.",
keywords = "public service media, privacy, web privacy measurement, news media, GDPR, EU, private media",
author = "S{\o}rensen, {Jannick Kirk} and {van den Bulck}, Hilde and Sokol Kosta",
year = "2019",
month = "7",
day = "31",
language = "English",
note = "TPRC47: Research Conference on Communications, Information and Internet Policy ; Conference date: 20-09-2019 Through 21-09-2019",
url = "http://www.tprcweb.com",

}

Privacy Policies Caught between the Legal and the Ethical : European Media and Third Party Trackers before and after GDPR. / Sørensen, Jannick Kirk; van den Bulck, Hilde; Kosta, Sokol.

2019. Afhandling præsenteret på TPRC47: Research Conference on Communications, Information and Internet Policy, Washington DC, USA.

Publikation: Konferencebidrag uden forlag/tidsskriftPaper uden forlag/tidsskriftForskningpeer review

TY - CONF

T1 - Privacy Policies Caught between the Legal and the Ethical

T2 - European Media and Third Party Trackers before and after GDPR

AU - Sørensen, Jannick Kirk

AU - van den Bulck, Hilde

AU - Kosta, Sokol

PY - 2019/7/31

Y1 - 2019/7/31

N2 - This contribution analyses the use of third-party trackers by European countries media before and after the introduction of the EU’s General Data Protection Regulation (hereafter: GDPR) as an inroad to discuss the legal versus ethical obligations of media with regards to audiences’ privacy and the impact on the key value of trust in media. In force since 25 May 2018, GDPR provides extended rights to users to protect personal information. The legislation deals with third-party servers (represented by URLs) that play a role in compiling a webpage presented to the user. We focus on third-party servers that track, collect and analyse user behaviour.Theoretically, the paper starts from the idea that legal discussions of and instruments to regulate third-party servers’ impact on privacy do not cover more fundamental ethical questions. Data collection may be lawful but can affect users' lives in unwanted ways and, thus, affect their trust in the service provider, i.e. media. This has two complementary theoretical perspectives: computer ethics (e.g. Moore, 1997; Brey 2005) and (public service) media values (authors, 2017) in the ‘calculated public sphere’ (Harper, 2016).Data result from an extensive and repeated collecting of third party traffic on media-related websites. From a dataset of +32 million recordings of HTTP responses from servers for files like pictures, code or text to +12700 web pages from 1250 websites visited 25 times before and after GDPR, we selected 355 media websites from 38 European countries (#114 from EBU members, #241 from private media). Data were analysed and third-party servers were identified and categorized.The result section, first, discusses various characteristics of third-party trackers before focusing on differences between public service and private media, comparing for EU/EEA versus the rest of Europe. Next, we analyse evolutions over time finding that public service websites are unchanged with regards to third party URLs, while private media show a decrease. Furthermore, GDPR has led to smaller third-parties disappearing to the advantage of the big ones, enhancing concentration of power for access to and collecting of user data.Results are discussed in light of the ethical implications of what may legally be a licensed use of audiences’ data by third-party trackers. We assumed that the more third-party servers involved in a webpage visit, 1) the higher the potential exposure of personal, identifiable information and, thus, 2) the more the ethical aspects of privacy and, ultimately 3) the soft value of trust – crucial to the working of media, especially PSM - are compromised. Finally, it discusses how media policies in the area of privacy and wider individual rights need to go beyond the legal boundaries as set out in legal frameworks such as GDPR.

AB - This contribution analyses the use of third-party trackers by European countries media before and after the introduction of the EU’s General Data Protection Regulation (hereafter: GDPR) as an inroad to discuss the legal versus ethical obligations of media with regards to audiences’ privacy and the impact on the key value of trust in media. In force since 25 May 2018, GDPR provides extended rights to users to protect personal information. The legislation deals with third-party servers (represented by URLs) that play a role in compiling a webpage presented to the user. We focus on third-party servers that track, collect and analyse user behaviour.Theoretically, the paper starts from the idea that legal discussions of and instruments to regulate third-party servers’ impact on privacy do not cover more fundamental ethical questions. Data collection may be lawful but can affect users' lives in unwanted ways and, thus, affect their trust in the service provider, i.e. media. This has two complementary theoretical perspectives: computer ethics (e.g. Moore, 1997; Brey 2005) and (public service) media values (authors, 2017) in the ‘calculated public sphere’ (Harper, 2016).Data result from an extensive and repeated collecting of third party traffic on media-related websites. From a dataset of +32 million recordings of HTTP responses from servers for files like pictures, code or text to +12700 web pages from 1250 websites visited 25 times before and after GDPR, we selected 355 media websites from 38 European countries (#114 from EBU members, #241 from private media). Data were analysed and third-party servers were identified and categorized.The result section, first, discusses various characteristics of third-party trackers before focusing on differences between public service and private media, comparing for EU/EEA versus the rest of Europe. Next, we analyse evolutions over time finding that public service websites are unchanged with regards to third party URLs, while private media show a decrease. Furthermore, GDPR has led to smaller third-parties disappearing to the advantage of the big ones, enhancing concentration of power for access to and collecting of user data.Results are discussed in light of the ethical implications of what may legally be a licensed use of audiences’ data by third-party trackers. We assumed that the more third-party servers involved in a webpage visit, 1) the higher the potential exposure of personal, identifiable information and, thus, 2) the more the ethical aspects of privacy and, ultimately 3) the soft value of trust – crucial to the working of media, especially PSM - are compromised. Finally, it discusses how media policies in the area of privacy and wider individual rights need to go beyond the legal boundaries as set out in legal frameworks such as GDPR.

KW - public service media

KW - privacy

KW - web privacy measurement

KW - news media

KW - GDPR

KW - EU

KW - private media

UR - https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3427207

UR - http://www.tprcweb.com/saturday-paper-sessions-2

M3 - Paper without publisher/journal

ER -

Sørensen JK, van den Bulck H, Kosta S. Privacy Policies Caught between the Legal and the Ethical: European Media and Third Party Trackers before and after GDPR. 2019. Afhandling præsenteret på TPRC47: Research Conference on Communications, Information and Internet Policy, Washington DC, USA.