Does the Jersey Evening Post [JEP] have a SANCTIONS problem because of a Russian data collection company?

It has been reported [see article below] that many newspaper sites including the Daily Mail and Metro maintain the presence of RU Target, a data specialist advertising company owned by SANCTIONED Russian state-controlled bank, Sberbank.

It also appears that THE JERSEY EVENING POST [JEP] is also allowing Sanctioned Russian Data Collection Company RU Target to Access its Sites.

RuTarget (owned by Segmento) was bought out by AFK Systema (100% ownership) in February 2023. AFK Systema is on the UK/Jersey consolidated Sanctions list - and it was listed 19th May this year.

• https://tadviser.com/index.php/Company:Segmento_(Rutarget)#.2A_MTS_bought_Segmento

See the jersey sanctions list on Russia here –

• https://www.gov.je/gazette/pages/financialsanctionsnoticerussia22may2023.aspx

It is therefore possible any sharing or advertising activity could fall foul of sanctions rules in Jersey if it involves revenue generation since no business is permitted with the company.

The situation follows criticism of Google after Pro Publica reported that they found evidence that they were enabling RuTarget to access user data through Google months after the company was sanctioned, including accumulating user activity on websites based in Ukraine.

• https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine

Google has since stated they had stopped forwarding any data by June.

Read more.

The websites concerned include Daily Mail Online, Mail on Sunday, Metro,

The i and ThisisMoney.

Research for this article has not found the issue on any sites outside the Daily Mail Group, although several popular websites do not provide a straightforward means of verifying which companies collected data is shared with.

Smaller sites may also be affected.

Millions of internet users may find themselves unwittingly allowing their data to be collected by a sanctioned Russian company.

Daily Mail Online and other popular UK news websites are understood to be providing data collection and tracking opportunities to RuTarget, whose controlling owner has been identified as Sberbank, a sanctioned Russian bank which is majority owned by the Russian government.

The websites concerned include Daily Mail Online, Mail on Sunday, Metro, The i and ThisisMoney. Research for this article has not found the issue on any sites outside the Daily Mail Group, although several popular websites do not provide a straightforward means of verifying which companies collected data is shared with. Smaller sites may also be affected.

Daily Mail 21/09/22 showing RuTarget data sharing. Also present on Metro, Mail on Sunday, This is Money, and i-news sites.

It is possible that the actions could breach UK sanctions laws if data is shared with RuTarget and is used for public relations purposes. Even if not unlawful, it raises ethical questions amid concerted efforts to limit gains for companies with links to the Russian state.

RuTarget, also known as Segmento, claims on its website that clients include a range of prominent companies, such as Porsche, Johnson & Johnson, and many others. It is unclear whether or not this is in any way accurate, or whether the companies are aware and/ or ceased any link following Russia’s invasion.

The arrangement raises concerns that data including location and browsing habits could be accumulated by the company. RuTarget is an ad-buying platform which bids against other ad-buyers for advertising space on web pages. It uses technology to target on the basis of “consumer preferences, interests and purchase data”. Even if the company’s adverts do not appear, the process typically means that if data sharing is actioned by the host site, the company can still collect and keep data about the user, unless they opt out on the cookies page. Data typically collected can include unique mobile ID, location, IP address, browsing history, and site activity.

Such data sharing would be of particular concern regarding potentially vulnerable groups, such as Ukrainian refugees and Russian dissidents.  In addition, the technology used allows companies to combine data from different sources and help build intricate psychological profiles for each and every user in an attempt to influence their behaviour. If access is gained to prominent UK and US websites, the company may be able to continue benefitting its business, and potentially the Russian state.

RuTarget’s listed owner, Sberbank is a highly significant financial group in Russia. It has been sanctioned by the UK since April 2022 in the hope of encouraging Russia to cease its aggression against Ukraine, while both Sberbank and RU Target are individually sanctioned by the US.

The amount of traffic to Daily Mail in the UK, as well as globally, means that if RuTarget’s presence on the site is, or becomes, active, it could gain data on millions of users on a daily basis. Additional issues are raised for Australian and US users, since differing laws mean that the site and many of its sister sites don’t offer the option for users to refuse cookies and tracking.

Alongside RuTarget, many Daily Mail Group sites also include Mail.ru as a potential partner. Mail.ru is sanctioned by the EU, and its CEO is sanctioned by the US.

It is possible any sharing or advertising activity could fall foul of sanctions rules in those countries if it involves revenue generation since no business is permitted with the company.

The situation follows criticism of Google in July this year after Pro Publica reported that they found evidence that they were enabling RuTarget to access user data through Google months after the company was sanctioned, including accumulating user activity on websites based in Ukraine. Google has since stated they had stopped forwarding any data by June.

The situation is likely to raise further questions about the government’s plans announced earlier this year to scrap pop-up cookie consent boxes. The Department for Digital, Culture, Media and Sport stated in June that changes would allow cookies to be set without consent, albeit with an opt-out option on sites.

Liz Truss’ deregulation drive suggests the policy is unlikely to be abandoned. If such legislation is passed, there are fears that companies would find it even easier to place tracking cookies which users would not have knowingly consented to. The way in which RuTarget has been able to maintain its presence after the imposition of sanctions supports calls for stronger privacy protection.

RuTarget’s continued acceptance as a potential partner could also raise further questions as to whether the UK sanctions regime could be made clearer and more consistent.

For example, JSC New Opportunities, a state-controlled company which took over a range of digital services, is specifically sanctioned by the UK, but RuTarget is not.

Porsche and Johnson & Johnson were approached for comment.

The Daily Mail Group declined to comment.

Source

• https://bylinetimes.com/2022/09/22/daily-mail-group-allowing-sanctioned-russian-data-collection-company-to-access-sites/