ICO and adtech: it’s time publishers tackled new industry acronyms

Rhys Denny, in New Digital Age
February 12, 2021

After the chaos of Covid and the Brexit withdrawal agreement having finally been struck, it’s been tempting to want to ignore one of our industry’s biggest issues – or at least kick the can down the road.

Publishers beware: the UK’s Information Commissioner’s Office is back on the industry’s heels having resumed its investigation into real time bidding (RTB) and the adtech industry. Not that you’d know it from the scant coverage it has incurred following the announcement in late January.

Eighteen months ago it was a different story, with the industry effectively “put on notice” for data practices. Then along came the pandemic and the ICO paused activity in May in order to prioritise activities responding to COVID-19.

A matter of urgency

All organisations operating in the adtech space should be assessing how they use personal data “as a matter of urgency”, says ICO Deputy Commissioner Simon McDougall now.

I couldn’t agree more. The ad industry is again in the ICO’s crosshairs and cannot afford to not give this issue its full attention. Be in no doubt: from the staunch language used it is clear that the ICO is putting its weight behind this investigation.

It warns that the industry is already failing, saying sensitive personal data continues to be used to serve adverts without explicit consent, which is a requirement.

Those hoping that Britain’s split from the European Union will cause the constraints of the General Data Protection Regulation (GDPR) to reduce will be disappointed – the GDPR has been incorporated into UK data protection law as the UK GDPR. In practice there is little change to the core data protection principles, rights and obligations for those operating inside the UK. The EU GDPR may also still apply directly to you if you operate in the European Economic Area (EEA) and will still apply to any organisations in Europe which send data to the UK.

Action is inevitable

The ICO is already taking action. It issued enforcement action against Experian in October last year following its data broking investigation into offline direct marketing services and is now reviewing the role of data brokers in the adtech ecosystem.

Its warnings now come off the back of a raft of investigation and fines by various Data Protection Agencies (DPAs) across Europe for a number of breaches relating to GDPR. Some €17m of fines were served in January alone, with €270m over the last 18 months.

Not all of these relate to advertising, but it shows that this is being taken seriously at the highest of levels. The onus is particularly on publishers, perhaps unfairly so. A publisher will do all the right things in terms of data infrastructure, despite aggressive revenue constraints and the big players taking all of the money out of the industry, but with so many balls in the air some may drop.

Read the whole article in NewDigitalAge.

Latest Blog Posts

Revised Version of APRA Advances Out of U.S. House Subcommittee

May 28, 2024

New Version of the American Privacy Rights Act of...

Exciting New Diagnose Features: New Filters and More Vendor Details

May 21, 2024

New features to help you with your vendor governance,...

Minnesota Sends Comprehensive Privacy Law to Governor

May 20, 2024

Minnesota Sends Privacy Law to Governor. One day before the...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]