Privacy Policy

July 2021

This Privacy Policy (“the Policy”) explains how and why New York University (“NYU”) processes personal data when people install Ad Observer (“the Application”).

The Policy does not cover any other personal data processing by NYU, which is covered by other applicable policies and procedures, including NYU’s Digital Privacy Statement

If you have a question regarding the Policy or the use of the Application, please contact [email protected].

Data controller 

NYU is the controller of the data covered by the Policy. You can contact NYU’s Data Protection Officer with any questions about this notice, our data collection practices, or your rights. You can reach NYU’s Data Protection Officer, Peter Christensen, at:

Peter Christensen
c/o Data Protection Officer’s Office
70 Washington Square South
Room 1201
New York, NY 10012
+1 212 992 7256

Guiding principles

NYU is committed to respecting individuals’ right to privacy, protecting personal data and compliance with applicable laws globally. In accordance with these guiding principles, the Application has been designed to process the minimum amount of personal data possible to achieve NYU’s objectives. 

Purposes and means of data processing

The purpose of the Application is to collect information about the political ads directed at and seen by private individuals on Facebook & YouTube. This is done with the objective of facilitating public understanding of how political advertising is deployed. NYU believes that it is in the public interest to understand this phenomenon and its impact on democracy. 

NYU also maintains a public, online repository of aggregate data (“the Database”) collected by the Application in order to render its research findings transparent and facilitate research by others. This information is anonymised so that it is not possible to identify individual users of the Application from within the Database. The Database can be accessed here.

Data processed by the Application 

When an individual user installs the Application, they are invited to provide basic demographic information about themselves: their age group, gender and ethnicity. This basic demographic profile (“the Profile”) helps NYU understand which people see which ads. It is not mandatory to provide this information and the Application can still collect data that contributes to the research project without creating a Profile. 

No other personally identifiable information is requested or processed by NYU. The browser language, which is recorded by the Application for the purposes of correctly parsing the ads, is also included in the Profile. The Application does not undertake any “profiling” or “automated decision-making” as defined by the GDPR. 

If the user has decided not to create or share a Profile, only the data related to the ads is transmitted to and included in the Database. All users can view the data related to the ads that has been processed by the Application at any time by clicking on the Ad Observer icon and navigating to ‘My Archive’. 

The Application will collect and transmit to NYU the ad creative data for each ad displayed to the user. If the user has the 'Collect Ad Targeting Data' setting turned on, the Application will also cause the user's browser to request the targeting data (i.e., the data shown to the user when the user clicks on the Why Am I Seeing This? button) associated with each ad shown to the user.

Legal basis for processing

NYU processes data for the above purposes on the basis of consent. By installing the Application, users consent to the processing of their data for the purposes described above. Individuals may withdraw their consent at any time by uninstalling the Application. 

“Sensitive data” 

Information security

NYU takes reasonable steps to protect personal data against loss, misuse, and unauthorized access, alteration, disclosure or destruction. This includes the use of technical, organisational and legal measures to ensure the confidentiality, integrity and availability of personal data. 

Information transmitted across the internet remains vulnerable to unauthorised access. The transmission of such data is therefore at the individual’s own risk. See further [link to ToU]

Data retention 

No personal data is retained by NYU. The only data that is retained has been fully and irreversibly anonymised.  

Data Subjects Rights

Individuals whose personal data is processed in accordance with the GDPR have the following rights:

  • The right to be informed as to whether NYU holds data about them
  • The right of access to that information
  • The right to have inaccurate data corrected
  • The right to have their data deleted
  • The right to opt-out of particular data processing operations
  • The right to receive their data in a form that makes it “portable”
  • The right to object to data processing
  • The right to receive an explanation about any automated decision making and/or profiling, and to challenge those decisions where appropriate

Individuals wishing to exercise their rights in respect of the Application can do so by contacting NYU’s Data Protection Officer’s Office using the contact details provided above. 

Data subjects covered by EU law may also be entitled to lodge complaints in regard to data processing or the handling of subject access requests with data protection supervisory authority in their country of residence. Relevant supervisory authority names and contact details are listed here

Changes and revisions

Should NYU make changes to this Policy, the date and nature of the change will be indicated below.

July 2021: Clarified description of ad targeting collection