‘Only enforcement will bring change’: Ad tech responds to regulator’s GDPR warning
The Information Commissioner’s Office has given ad tech a second chance to become compliant with the General Data Protection Regulation.
But without actual enforcement, there may be no point.
Last week, the ICO issued the ad tech sector with a stark warning not to continue with practices that violate GDPR. The gist of its warning was that many of the current practices within programmatic advertising — specifically real-time-bidding — are essentially now illegal.
The document clarifies specific areas in which the ICO will not tolerate the misuse of personal data for the purposes of targeted advertising. In particular: Legitimate interest cannot be relied on for businesses operating RTB, special-interest category data which includes ethnic origins, health and political orientation, require explicit consent, while contractual agreements alone can’t be relied on for compliance.
On the surface, the document is extremely worrying for ad tech. But ad tech businesses remain unfazed, partly because there is no threat of serious penalties and partly because any attempt to address the issues raised will take a long time to fix given the complexity of the digital ad supply chain. Until it can call out specific players for GDPR violation, any major changes will be unlikely, at least in the short term.
The ICO said it will work closely with the IAB and Google on their GDPR frameworks to help them become fully compliant and check back in six months to ensure there is evidence of change. But officially, it has only committed to potentially issuing further guidance, rather than strict punishment.
“They [the ICO] have punctured the tin but not ripped the lid off [of ad tech],” said Dan Wilson, CEO of London Media Exchange. “This [how data is used within RTB-based ad calls] has been flagged as a systemic risk to privacy. They can’t issue statements like that and walk away.”
Media agencies like Essence have welcomed the ICO’s warning as a necessary step to shining a light on continued GDPR malpractice. “Practices which effectively game the acquisition of user consent have a shelf life, and we’re keen to see the back of,” said Ryan Storrar, svp and head of media activation for EMEA at Essence. However, Storrar added that warnings alone won’t change the status quo. “A lot of people are talking about it, but only enforcement will bring change. A lot of the report’s findings are unsurprising, but they need to make examples [of businesses falling foul.]”
To date, the ICO has made it clear it will favor the carrot to the stick when it comes to the majority of GDPR assessments. But many media agencies and some ad tech vendors have said that it’s time for the ICO to show its teeth. “It has to happen — without those fines there is very little impetus to change,” said Brian Kane, co-founder of publisher tech vendor Sourcepoint.
The ICO will need to do more than issue a written wrist slap, as it did with the Washington Post. “That was the most wishy-washy of statements,” said Kane. “It was meaningless. At some future point, the ICO will come out with some sort of fine against someone. They have given plenty of warning and time to adjust.”
Many advertising executives believe that if ad tech businesses that are in breach don’t respond hastily to the latest warning, there will be serious repercussions. “Not taking the ICO’s guidelines seriously at this point would be equal to playing with fire,” said Alessandro de Zanche, an independent publishing consultant. “I have heard that the ICO will be issuing warnings first, then leave an informal buffer of a few months before issuing fines,” he added. “Being in contempt of this and showing an arrogant and defiant approach will just create further damage to an industry whose credibility is through the floor.”
Others agree that the digital ad industry must respond if it’s to avoid further penalties or risk more of a mainstream news spotlight on the issue, which would place it higher on consumer radars, like with issues around brand safety.
“It’s in danger of getting on a larger radar [if left unchecked],” said David Morris, director of solutions consulting, EMEA, at ad tech vendor Tealium. “Cambridge Analytica put a lot of what happens at Facebook on a larger radar, and when GDPR went live, it made mainstream BBC news.”
But there’s still skepticism around whether the current use of data within RTB as a method for trading ads programmatically has a future. “Parts of the industry are willingly prepared to crash against a wall at full speed rather than accepting the obvious: RTB and privacy regulations, GDPR in particular, are incompatible,” said de Zanche.
‘A hybrid of entertainment and commerce’: How NTWRK made over $100,000 from selling goods via Snapchat
NTWRK believes opinionated content about exclusive and scarce products associated with celebrity creators can turn viewers into buyers.
‘Not something we think about’: Facebook News still a non-factor in publishers’ plans
Early attempts to measure the impact of Facebook News suggest that it typically accounts for a low, single-digit percentage of a story's traffic.
How Forbes’ 30 Under 30 franchise has become a top selling point for the brand
The 30 Under 30 franchise has given Forbes another avenue to sell its advertising clients on cross-platform campaigns for top dollar.
SponsoredWhy ad buyers (and sellers) need to pay more attention to viewer attention
By Yan Liu, CEO, TVision Like the proverbial tree falling in the forest, we all recognize that oftentimes the TV is on, but no one is in the room to hear or see it. And yet some ad buyers continue to rely on a metric that fails to account for this. To mix metaphors, buyers […]
‘Outside the four walls of a restaurant’: Why The Infatuation cooked up a marketplace model during the pandemic
The NYC-focused marketplace, which offers everything from private dinners to cooking classes, will be braided into the rest of the Infatuation's business next year.
‘I believe enough in this to try to do it myself’: CollegeHumor owner Sam Reich on the brand’s future potential
In January, IAC decided it was no longer willing to finance CollegeHumor and sold it to Sam Reich, who had joined the company in 2006 to build out original video.