‘Don’t sit on the fence’: UK regulator reiterates GDPR warning to ad tech companies
The clock is ticking for ad tech businesses that are still playing fast and loose with their compliance with the General Data Protection Regulation.
In June, the U.K.’s data protection authority, the Information Commissioner’s Office, told the ad tech industry that the current way personal data is used within programmatic advertising transactions on the open exchange, via real-time bidding, is not compliant. The DPA gave a six-month grace period for them to address any gaping holes. That leaves four months to go.
Speaking at ExchangeWire’s ATS event in London on Sept. 9, the ICO’s head of technology and policy, Ali Shah, encouraged ad tech businesses still relying on a legitimate interest to come forward and engage with the regulator. Shah promised those that do so won’t face financial penalties — as long as they come forward within the next four months.
Shah stressed that the report that shook the ad tech sector by condemning the current misuse of data within RTB was the result of an extensive industry investigation by the ICO. One of the outcomes of it was that ad tech businesses could not rely on the legitimate-interest clause for the use of data within programmatic ad trading on the open exchange. The report acknowledged that the ICO is aware there are still many ad tech businesses that need to address this. Shah said that if there are ad tech businesses using RTB that genuinely believe they have a business case for using the legitimate-interest clause, they should make their case to the ICO.
“I’d be remiss if I didn’t say that if we don’t see meaningful change [within the next four-month window] we’ll have to leverage our full powers of enforcement,” said Shah on stage at ATS London.
Under GDPR, the ICO has the power to fine companies in breach of the law a maximum of €20 million ($22 million) or 4% of global revenue, whichever is higher. The ICO has already announced its intention to fine British Airways and Marriott International £183 million ($226 million) and £99 million ($122 million) respectively for GDPR data breaches. The ICO has already fined Facebook the maximum amount it could under the previous data protection law, £500,000 ($618,000).
Shah added it is not the ICO’s intention to hinder technological innovation where businesses are providing useful tools and services to consumers. He referenced extensive consumer research run by the ICO, in which 63% of 2,000 respondents said they would be fine with their data being used for personalized ads. But once they were then informed exactly how their data was used in order to do that — by multiple digital ad partners in the ad supply chain — that number then halved.
He stressed how the ICO has beefed up its technological expertise with hundreds of staff added in the last few years, taking the total to some 700 people. That makes it one of the biggest DPAs worldwide and is a sign of just how seriously it takes policing data privacy and whether or not companies abuse it for their own benefit, according to Shah.
“Now is not the space to stop and sit on the fence — that time is disappearing,” he said.
In November, just before the six-month deadline, the ICO will hold a forum for publishers, ad tech vendors, agencies and advertisers, which will address what judgments it has made on whether businesses have done enough, particularly with RTB, to be compliant.
There may be some work to do. Before he made those comments, he asked the room who had read the ICO report, and half the room raised their hands. Meanwhile, some delegates tweeted about the irony of the fact that just as Shah took the stage a noticeable number of people left the theater.
However, speaking to other ad tech executives at the event, there was a sense of relief that the ICO was open to having conversations where they could make their case, given they believe the ICO hasn’t fully grasped the full complexity of the digital ad landscape.
“The tide is coming in, in six months,” said Will King, commercial director of The Media Trust, later on during the conference.
How Verizon’s self-imposed data privacy limits contributed to the demise of its media ambitions
Digital ad industry execs say regulatory pressures and internal restrictions on data sharing contributed to Verizon's decision to unload its media and ad tech properties.
‘My intuition was to hide my experience to protect my image’: Rise of miscarriage leave prompts debate around pregnancy discrimination
Women want to see the back of stigma around being open and honest in the workplace about the physical and psychological trauma caused by miscarriages.
Media Briefing: How media leaders are trying to combat burnout beyond the newsroom
Media leaders are trying to combat burnout as it spreads through their companies — from the newsroom to the business team. Journalism students are feeling it too.
SponsoredHow The Company Store is reimagining customer experiences for pandemic-era growth
Throughout the pandemic, some retail categories have been inherently successful. Home furnishings and décor are among them; with consumers spending so much more time at home, updates and renovations flourished. Criteo data from the first half of 2020 showed sales for items like outdoor furniture sets up 434% year over year, with other home items […]
‘This isn’t the year to take baby steps’: PHD U.S. CEO Catherine Sullivan discusses media spending heading into 2H 2021
Sullivan is focused on agency transformation, video's shifts and wants multicultural planning and buying to go mainstream.
‘Pet anxiety is real’: More employers willing to allow pandemic-pets when staff return to the office
Pet adoption became a go-to coping mechanism during the pandemic. Now more employers are allowing staff to bring their pets to work once offices return, in recognition of their benefit to mental health and to stave off separation anxiety.