‘Don’t sit on the fence’: UK regulator reiterates GDPR warning to ad tech companies
The clock is ticking for ad tech businesses that are still playing fast and loose with their compliance with the General Data Protection Regulation.
In June, the U.K.’s data protection authority, the Information Commissioner’s Office, told the ad tech industry that the current way personal data is used within programmatic advertising transactions on the open exchange, via real-time bidding, is not compliant. The DPA gave a six-month grace period for them to address any gaping holes. That leaves four months to go.
Speaking at ExchangeWire’s ATS event in London on Sept. 9, the ICO’s head of technology and policy, Ali Shah, encouraged ad tech businesses still relying on a legitimate interest to come forward and engage with the regulator. Shah promised those that do so won’t face financial penalties — as long as they come forward within the next four months.
Shah stressed that the report that shook the ad tech sector by condemning the current misuse of data within RTB was the result of an extensive industry investigation by the ICO. One of the outcomes of it was that ad tech businesses could not rely on the legitimate-interest clause for the use of data within programmatic ad trading on the open exchange. The report acknowledged that the ICO is aware there are still many ad tech businesses that need to address this. Shah said that if there are ad tech businesses using RTB that genuinely believe they have a business case for using the legitimate-interest clause, they should make their case to the ICO.
“I’d be remiss if I didn’t say that if we don’t see meaningful change [within the next four-month window] we’ll have to leverage our full powers of enforcement,” said Shah on stage at ATS London.
Under GDPR, the ICO has the power to fine companies in breach of the law a maximum of €20 million ($22 million) or 4% of global revenue, whichever is higher. The ICO has already announced its intention to fine British Airways and Marriott International £183 million ($226 million) and £99 million ($122 million) respectively for GDPR data breaches. The ICO has already fined Facebook the maximum amount it could under the previous data protection law, £500,000 ($618,000).
Shah added it is not the ICO’s intention to hinder technological innovation where businesses are providing useful tools and services to consumers. He referenced extensive consumer research run by the ICO, in which 63% of 2,000 respondents said they would be fine with their data being used for personalized ads. But once they were then informed exactly how their data was used in order to do that — by multiple digital ad partners in the ad supply chain — that number then halved.
He stressed how the ICO has beefed up its technological expertise with hundreds of staff added in the last few years, taking the total to some 700 people. That makes it one of the biggest DPAs worldwide and is a sign of just how seriously it takes policing data privacy and whether or not companies abuse it for their own benefit, according to Shah.
“Now is not the space to stop and sit on the fence — that time is disappearing,” he said.
In November, just before the six-month deadline, the ICO will hold a forum for publishers, ad tech vendors, agencies and advertisers, which will address what judgments it has made on whether businesses have done enough, particularly with RTB, to be compliant.
There may be some work to do. Before he made those comments, he asked the room who had read the ICO report, and half the room raised their hands. Meanwhile, some delegates tweeted about the irony of the fact that just as Shah took the stage a noticeable number of people left the theater.
However, speaking to other ad tech executives at the event, there was a sense of relief that the ICO was open to having conversations where they could make their case, given they believe the ICO hasn’t fully grasped the full complexity of the digital ad landscape.
“The tide is coming in, in six months,” said Will King, commercial director of The Media Trust, later on during the conference.
Advertising, mired in racism, has a long road to recovery
Companies need to respond to the racism row with genuine intentions or not participate in the conversation at all, anything in between can be very disingenuous.
‘The boundaries have broken’: Employers deal with the reality of workers bringing their ‘whole selves’
ven as employers have touted “bring your whole self to work” theorems over the past couple of years, it’s forgotten that that privilege has only really been afforded to a few. For many, bringing your whole selves to work isn’t an option. And the realities of the current work-from-home brigade mean that many haven’t been given a choice: When work is literally in your home, how do you keep it at arm’s length?
How publishers are changing branded content operations to remotely produce high-res campaigns
By using emerging technology like camera drop kits to ensure higher resolution content, branded content studios are able to ensure clients achieve brand safety.
SponsoredVideo: Marketers discuss the future state of less interruptive in-stream ads
In a new video, experts from GumGum, The Martin Agency and Pinterest discuss the future of video advertising — and outline their vision for how video ads can be less disruptive.
MediaMath explores a possible sale
The ad tech company is working with investment bank Centerview Partners on the process -- which could also include a debt refinancing -- according to people familiar with the matter.
With the latest crisis, media needs to back up words with actions
For the media industry, this was a week of introspection -- and a time of decision. For all the progressive ideals espoused by publishers, marketers and agencies, most fall well short when it comes to turning words into action.