‘Don’t sit on the fence’: UK regulator reiterates GDPR warning to ad tech companies
The clock is ticking for ad tech businesses that are still playing fast and loose with their compliance with the General Data Protection Regulation.
In June, the U.K.’s data protection authority, the Information Commissioner’s Office, told the ad tech industry that the current way personal data is used within programmatic advertising transactions on the open exchange, via real-time bidding, is not compliant. The DPA gave a six-month grace period for them to address any gaping holes. That leaves four months to go.
Speaking at ExchangeWire’s ATS event in London on Sept. 9, the ICO’s head of technology and policy, Ali Shah, encouraged ad tech businesses still relying on a legitimate interest to come forward and engage with the regulator. Shah promised those that do so won’t face financial penalties — as long as they come forward within the next four months.
Shah stressed that the report that shook the ad tech sector by condemning the current misuse of data within RTB was the result of an extensive industry investigation by the ICO. One of the outcomes of it was that ad tech businesses could not rely on the legitimate-interest clause for the use of data within programmatic ad trading on the open exchange. The report acknowledged that the ICO is aware there are still many ad tech businesses that need to address this. Shah said that if there are ad tech businesses using RTB that genuinely believe they have a business case for using the legitimate-interest clause, they should make their case to the ICO.
“I’d be remiss if I didn’t say that if we don’t see meaningful change [within the next four-month window] we’ll have to leverage our full powers of enforcement,” said Shah on stage at ATS London.
Under GDPR, the ICO has the power to fine companies in breach of the law a maximum of €20 million ($22 million) or 4% of global revenue, whichever is higher. The ICO has already announced its intention to fine British Airways and Marriott International £183 million ($226 million) and £99 million ($122 million) respectively for GDPR data breaches. The ICO has already fined Facebook the maximum amount it could under the previous data protection law, £500,000 ($618,000).
Shah added it is not the ICO’s intention to hinder technological innovation where businesses are providing useful tools and services to consumers. He referenced extensive consumer research run by the ICO, in which 63% of 2,000 respondents said they would be fine with their data being used for personalized ads. But once they were then informed exactly how their data was used in order to do that — by multiple digital ad partners in the ad supply chain — that number then halved.
He stressed how the ICO has beefed up its technological expertise with hundreds of staff added in the last few years, taking the total to some 700 people. That makes it one of the biggest DPAs worldwide and is a sign of just how seriously it takes policing data privacy and whether or not companies abuse it for their own benefit, according to Shah.
“Now is not the space to stop and sit on the fence — that time is disappearing,” he said.
In November, just before the six-month deadline, the ICO will hold a forum for publishers, ad tech vendors, agencies and advertisers, which will address what judgments it has made on whether businesses have done enough, particularly with RTB, to be compliant.
There may be some work to do. Before he made those comments, he asked the room who had read the ICO report, and half the room raised their hands. Meanwhile, some delegates tweeted about the irony of the fact that just as Shah took the stage a noticeable number of people left the theater.
However, speaking to other ad tech executives at the event, there was a sense of relief that the ICO was open to having conversations where they could make their case, given they believe the ICO hasn’t fully grasped the full complexity of the digital ad landscape.
“The tide is coming in, in six months,” said Will King, commercial director of The Media Trust, later on during the conference.
New app launches through Apple hoping to win with ‘zero-party data’ when others haven’t
Caden's new app lets users connect data from their Uber, Amazon, Netflix and other accounts in exchange for money. Will it take off?
‘The next level for us’: The New York Times eyes longer play sessions for games in subscription drive
The games division is focusing on finding new ways to mine the inherent competitive nature of games like encouraging people to play multiple games in a single session or through new achievements and rewards for progression.
In graphic detail: Publishers’ full year 2022 earnings
Looking back at 2022, the hits to publishers' revenue were partially staunched, but by the end of the year nearly all areas of the business felt the impact of the economic downturn.
SponsoredBrands are optimizing video production to drive user acquisition
Sponsored by QuickFrame by MNTN With brands increasingly investing in video ads on social media, marketers are enhancing their video production capabilities to unlock growth on Facebook and Instagram. Especially urgent in an uncertain economic climate, brands must minimize production costs while creating a high enough volume of social media videos to identify the creative […]
‘It has to be built in’: How agencies strive to advance their diversity goals
There often is no blueprint for diversity in the corporate world, and many initiatives at media agencies have been works in progress over the last few years.
Publishers tout generative AI opportunities to save and make money amid rough media market
Generative AI technology will be an area of focus for some media companies this year as they work to cut costs and find new revenue opportunities amid a tough media market.