‘Only enforcement will bring change’: Ad tech responds to regulator’s GDPR warning
The Information Commissioner’s Office has given ad tech a second chance to become compliant with the General Data Protection Regulation.
But without actual enforcement, there may be no point.
Last week, the ICO issued the ad tech sector with a stark warning not to continue with practices that violate GDPR. The gist of its warning was that many of the current practices within programmatic advertising — specifically real-time-bidding — are essentially now illegal.
The document clarifies specific areas in which the ICO will not tolerate the misuse of personal data for the purposes of targeted advertising. In particular: Legitimate interest cannot be relied on for businesses operating RTB, special-interest category data which includes ethnic origins, health and political orientation, require explicit consent, while contractual agreements alone can’t be relied on for compliance.
On the surface, the document is extremely worrying for ad tech. But ad tech businesses remain unfazed, partly because there is no threat of serious penalties and partly because any attempt to address the issues raised will take a long time to fix given the complexity of the digital ad supply chain. Until it can call out specific players for GDPR violation, any major changes will be unlikely, at least in the short term.
The ICO said it will work closely with the IAB and Google on their GDPR frameworks to help them become fully compliant and check back in six months to ensure there is evidence of change. But officially, it has only committed to potentially issuing further guidance, rather than strict punishment.
“They [the ICO] have punctured the tin but not ripped the lid off [of ad tech],” said Dan Wilson, CEO of London Media Exchange. “This [how data is used within RTB-based ad calls] has been flagged as a systemic risk to privacy. They can’t issue statements like that and walk away.”
Media agencies like Essence have welcomed the ICO’s warning as a necessary step to shining a light on continued GDPR malpractice. “Practices which effectively game the acquisition of user consent have a shelf life, and we’re keen to see the back of,” said Ryan Storrar, svp and head of media activation for EMEA at Essence. However, Storrar added that warnings alone won’t change the status quo. “A lot of people are talking about it, but only enforcement will bring change. A lot of the report’s findings are unsurprising, but they need to make examples [of businesses falling foul.]”
To date, the ICO has made it clear it will favor the carrot to the stick when it comes to the majority of GDPR assessments. But many media agencies and some ad tech vendors have said that it’s time for the ICO to show its teeth. “It has to happen — without those fines there is very little impetus to change,” said Brian Kane, co-founder of publisher tech vendor Sourcepoint.
The ICO will need to do more than issue a written wrist slap, as it did with the Washington Post. “That was the most wishy-washy of statements,” said Kane. “It was meaningless. At some future point, the ICO will come out with some sort of fine against someone. They have given plenty of warning and time to adjust.”
Many advertising executives believe that if ad tech businesses that are in breach don’t respond hastily to the latest warning, there will be serious repercussions. “Not taking the ICO’s guidelines seriously at this point would be equal to playing with fire,” said Alessandro de Zanche, an independent publishing consultant. “I have heard that the ICO will be issuing warnings first, then leave an informal buffer of a few months before issuing fines,” he added. “Being in contempt of this and showing an arrogant and defiant approach will just create further damage to an industry whose credibility is through the floor.”
Others agree that the digital ad industry must respond if it’s to avoid further penalties or risk more of a mainstream news spotlight on the issue, which would place it higher on consumer radars, like with issues around brand safety.
“It’s in danger of getting on a larger radar [if left unchecked],” said David Morris, director of solutions consulting, EMEA, at ad tech vendor Tealium. “Cambridge Analytica put a lot of what happens at Facebook on a larger radar, and when GDPR went live, it made mainstream BBC news.”
But there’s still skepticism around whether the current use of data within RTB as a method for trading ads programmatically has a future. “Parts of the industry are willingly prepared to crash against a wall at full speed rather than accepting the obvious: RTB and privacy regulations, GDPR in particular, are incompatible,” said de Zanche.
Member ExclusiveCase Study: How Dentsu is pushing advertisers to embrace brand integrity
After 2020, brands got serious about brand safety, taking steps to ensure media placements weren't appearing alongside harmful content. At Digiday's Media Buying Summit, Dentsu's Brand Safety team talks about what it'll take to create industry wide media buying standards.
‘I think it’s all talk’ about DE&I: Overheard at Digiday’s Media Buying Summit
Participants in a breakout session at Digiday's Media Buying Summit ripped away the proverbial band-aid that might have made anyone feel significant progress is being made on DE&I in the media agency world.
Why an evolved B/R Gaming is investing in its linear, televised gaming content
B/R Gaming’s investment in televised content is proof that linear broadcasting companies are realizing the potential value of the gaming and esports audience.
SponsoredWhy boldness matters for publishers in the post-cookie future
Michael Zacharski, CEO, ENGINE Media Exchange (EMX) Fortune, it is said, favors the bold, and for digital publishers, the prospect of a cookieless advertising future should be viewed first and foremost as not only an opportunity for boldness, but as a time when boldness will be necessary. As an industry, marketers need to be bold […]
‘I could barely walk’: Some COVID long-haulers radically reduce work hours to cope with symptoms
Professionals who are COVID long-haulers, have had to radically adjust their working schedules in order to cope with symptoms.
Member ExclusivePublishing Summit Recap: Publishers establish infrastructure to future-proof data sets
Publishers shared insights at the Digiday Publishing Summit at the end of September in Miami.