ICO and adtech: it’s time publishers tackled new industry acronyms

After the chaos of Covid and the Brexit withdrawal agreement having finally been struck, it’s been tempting to want to ignore one of our industry’s biggest issues – or at least kick the can down the road.

Publishers beware: the UK’s Information Commissioner’s Office is back on the industry’s heels having resumed its investigation into real time bidding (RTB) and the adtech industry. Not that you’d know it from the scant coverage it has incurred following the announcement in late January.

Eighteen months ago it was a different story, with the industry effectively “put on notice” for data practices. Then along came the pandemic and the ICO paused activity in May in order to prioritise activities responding to COVID-19.

A matter of urgency

All organisations operating in the adtech space should be assessing how they use personal data “as a matter of urgency”, says ICO Deputy Commissioner Simon McDougall now.

I couldn’t agree more. The ad industry is again in the ICO’s crosshairs and cannot afford to not give this issue its full attention. Be in no doubt: from the staunch language used it is clear that the ICO is putting its weight behind this investigation.

It warns that the industry is already failing, saying sensitive personal data continues to be used to serve adverts without explicit consent, which is a requirement.

Those hoping that Britain’s split from the European Union will cause the constraints of the General Data Protection Regulation (GDPR) to reduce will be disappointed – the GDPR has been incorporated into UK data protection law as the UK GDPR. In practice there is little change to the core data protection principles, rights and obligations for those operating inside the UK. The EU GDPR may also still apply directly to you if you operate in the European Economic Area (EEA) and will still apply to any organisations in Europe which send data to the UK.

Action is inevitable

The ICO is already taking action. It issued enforcement action against Experian in October last year following its data broking investigation into offline direct marketing services and is now reviewing the role of data brokers in the adtech ecosystem.

Its warnings now come off the back of a raft of investigation and fines by various Data Protection Agencies (DPAs) across Europe for a number of breaches relating to GDPR. Some €17m of fines were served in January alone, with €270m over the last 18 months.

Not all of these relate to advertising, but it shows that this is being taken seriously at the highest of levels. The onus is particularly on publishers, perhaps unfairly so. A publisher will do all the right things in terms of data infrastructure, despite aggressive revenue constraints and the big players taking all of the money out of the industry, but with so many balls in the air some may drop.

Read the whole article in NewDigitalAge.