‘Only enforcement will bring change’: Ad tech responds to regulator’s GDPR warning
The Information Commissioner’s Office has given ad tech a second chance to become compliant with the General Data Protection Regulation.
But without actual enforcement, there may be no point.
Last week, the ICO issued the ad tech sector with a stark warning not to continue with practices that violate GDPR. The gist of its warning was that many of the current practices within programmatic advertising — specifically real-time-bidding — are essentially now illegal.
The document clarifies specific areas in which the ICO will not tolerate the misuse of personal data for the purposes of targeted advertising. In particular: Legitimate interest cannot be relied on for businesses operating RTB, special-interest category data which includes ethnic origins, health and political orientation, require explicit consent, while contractual agreements alone can’t be relied on for compliance.
On the surface, the document is extremely worrying for ad tech. But ad tech businesses remain unfazed, partly because there is no threat of serious penalties and partly because any attempt to address the issues raised will take a long time to fix given the complexity of the digital ad supply chain. Until it can call out specific players for GDPR violation, any major changes will be unlikely, at least in the short term.
The ICO said it will work closely with the IAB and Google on their GDPR frameworks to help them become fully compliant and check back in six months to ensure there is evidence of change. But officially, it has only committed to potentially issuing further guidance, rather than strict punishment.
“They [the ICO] have punctured the tin but not ripped the lid off [of ad tech],” said Dan Wilson, CEO of London Media Exchange. “This [how data is used within RTB-based ad calls] has been flagged as a systemic risk to privacy. They can’t issue statements like that and walk away.”
Media agencies like Essence have welcomed the ICO’s warning as a necessary step to shining a light on continued GDPR malpractice. “Practices which effectively game the acquisition of user consent have a shelf life, and we’re keen to see the back of,” said Ryan Storrar, svp and head of media activation for EMEA at Essence. However, Storrar added that warnings alone won’t change the status quo. “A lot of people are talking about it, but only enforcement will bring change. A lot of the report’s findings are unsurprising, but they need to make examples [of businesses falling foul.]”
To date, the ICO has made it clear it will favor the carrot to the stick when it comes to the majority of GDPR assessments. But many media agencies and some ad tech vendors have said that it’s time for the ICO to show its teeth. “It has to happen — without those fines there is very little impetus to change,” said Brian Kane, co-founder of publisher tech vendor Sourcepoint.
The ICO will need to do more than issue a written wrist slap, as it did with the Washington Post. “That was the most wishy-washy of statements,” said Kane. “It was meaningless. At some future point, the ICO will come out with some sort of fine against someone. They have given plenty of warning and time to adjust.”
Many advertising executives believe that if ad tech businesses that are in breach don’t respond hastily to the latest warning, there will be serious repercussions. “Not taking the ICO’s guidelines seriously at this point would be equal to playing with fire,” said Alessandro de Zanche, an independent publishing consultant. “I have heard that the ICO will be issuing warnings first, then leave an informal buffer of a few months before issuing fines,” he added. “Being in contempt of this and showing an arrogant and defiant approach will just create further damage to an industry whose credibility is through the floor.”
Others agree that the digital ad industry must respond if it’s to avoid further penalties or risk more of a mainstream news spotlight on the issue, which would place it higher on consumer radars, like with issues around brand safety.
“It’s in danger of getting on a larger radar [if left unchecked],” said David Morris, director of solutions consulting, EMEA, at ad tech vendor Tealium. “Cambridge Analytica put a lot of what happens at Facebook on a larger radar, and when GDPR went live, it made mainstream BBC news.”
But there’s still skepticism around whether the current use of data within RTB as a method for trading ads programmatically has a future. “Parts of the industry are willingly prepared to crash against a wall at full speed rather than accepting the obvious: RTB and privacy regulations, GDPR in particular, are incompatible,” said de Zanche.
‘None of this is celebrity for celebrity’s sake’: How publishers are trying to scale virtual events with high-profile star power
Scale "matters when making a media buy" for virtual events, according to Barry Lowenthal, CEO of media agency the MediaKitchen, and celebrity appearances help to achieve that.
‘An unprecedented period of Darwinian experimentation’: As sports return, Twitter eyes ad boost
The lack of match-day revenue has forced clubs to better understand the commercial value of platforms like Twitter.
‘The more culture you own’: Condé Nast pursues more revenue growth with new brand-strength metric
Condé Nast is hoping its new advertising measurement framework can drive growth for its digital ad and commerce businesses.
SponsoredThe race to frictionless consumer journeys is expanding beyond marketplaces
Compressing consumers’ path-to-purchase is the holy grail of advertising and marketing. When Jeff Bezos authored 1-Click in 2011, advertisers began to realize that in some cases — especially for consumables — awareness, consideration and purchase can all happen in seconds. Since then the rise of e-commerce marketplaces has forced a major shift in the design […]
‘Permission to think long term’: The Atlantic digs for deeper, smarter client partnerships
Atlantic Brand Partners will account for all The Atlantic’s business-to-business revenue, which is currently two-thirds of The Atlantic's overall revenues.
‘Re-architecting the entire process’: How Vice is preparing for life after the third-party cookie
Vice is working to bolster its first-party data strategy, improve its registration process and double down on contextual ads.