ICO and adtech: it’s time publishers tackled new industry acronyms

Rhys Denny, in New Digital Age
February 12, 2021

After the chaos of Covid and the Brexit withdrawal agreement having finally been struck, it’s been tempting to want to ignore one of our industry’s biggest issues – or at least kick the can down the road.

Publishers beware: the UK’s Information Commissioner’s Office is back on the industry’s heels having resumed its investigation into real time bidding (RTB) and the adtech industry. Not that you’d know it from the scant coverage it has incurred following the announcement in late January.

Eighteen months ago it was a different story, with the industry effectively “put on notice” for data practices. Then along came the pandemic and the ICO paused activity in May in order to prioritise activities responding to COVID-19.

A matter of urgency

All organisations operating in the adtech space should be assessing how they use personal data “as a matter of urgency”, says ICO Deputy Commissioner Simon McDougall now.

I couldn’t agree more. The ad industry is again in the ICO’s crosshairs and cannot afford to not give this issue its full attention. Be in no doubt: from the staunch language used it is clear that the ICO is putting its weight behind this investigation.

It warns that the industry is already failing, saying sensitive personal data continues to be used to serve adverts without explicit consent, which is a requirement.

Those hoping that Britain’s split from the European Union will cause the constraints of the General Data Protection Regulation (GDPR) to reduce will be disappointed – the GDPR has been incorporated into UK data protection law as the UK GDPR. In practice there is little change to the core data protection principles, rights and obligations for those operating inside the UK. The EU GDPR may also still apply directly to you if you operate in the European Economic Area (EEA) and will still apply to any organisations in Europe which send data to the UK.

Action is inevitable

The ICO is already taking action. It issued enforcement action against Experian in October last year following its data broking investigation into offline direct marketing services and is now reviewing the role of data brokers in the adtech ecosystem.

Its warnings now come off the back of a raft of investigation and fines by various Data Protection Agencies (DPAs) across Europe for a number of breaches relating to GDPR. Some €17m of fines were served in January alone, with €270m over the last 18 months.

Not all of these relate to advertising, but it shows that this is being taken seriously at the highest of levels. The onus is particularly on publishers, perhaps unfairly so. A publisher will do all the right things in terms of data infrastructure, despite aggressive revenue constraints and the big players taking all of the money out of the industry, but with so many balls in the air some may drop.

Read the whole article in NewDigitalAge.

Latest Blog Posts

CPPA might require all browsers to offer opt-out preference signals

December 4, 2023

A memorandum from the California Privacy Protection Agency (CPPA) staff proposes...

ICO sends warning letters to top UK sites, citing lack of “Reject All”

November 27, 2023

The ICO previously made an announcement on its website warning that...

How Publisher Collective supercharged their consent management strategy

November 20, 2023

Publisher Collective recognised the importance of collecting consent in...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

© Sourcepoint 2023. All Rights Reserved

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]