作者

Debbie Heywood

高级专业支持律师

Read More

Vinod Bange

合伙人

Read More

Martin Cotterill

合伙人

Read More

Angus Finnegan

Consulting partner

Read More

Graham Hann

合伙人

Read More

Christopher Jeffery

合伙人

Read More

Glyn Morgan

合伙人

Read More

Siân Skelton

合伙人

Read More
作者

Debbie Heywood

高级专业支持律师

Read More

Vinod Bange

合伙人

Read More

Martin Cotterill

合伙人

Read More

Angus Finnegan

Consulting partner

Read More

Graham Hann

合伙人

Read More

Christopher Jeffery

合伙人

Read More

Glyn Morgan

合伙人

Read More

Siân Skelton

合伙人

Read More

2020年2月17日

– 2 / 5 观点

ICO says future of 'Real Time Bidding' in Adtech "is in the balance"

ICO places emphasis on industry cooperation but warns of enforcement action.

What's the issue?

There is a genuine question around whether it is possible for the Adtech industry as it currently operates to comply with all aspects of the GDPR.

The complexities of the Adtech ecosystem, especially in relation to interest-based advertising, where known or inferred information about the user and their interests is used in order to show them ads they may be interested in, and the multiplicity of platforms and intermediaries that are often involved in the delivery of interest-based ads, present a real challenge to online publishers and the Adtech platforms seeking to align with GDPR principles.

The UK's ICO is just one of the regulators looking into the issue. It issued an interim report in June 2019, following a fact-finding forum and said it would then take six months to review its findings.

What's the development?

With the six month period over, the ICO has published a blog reporting on a further fact-finding forum held in November and setting out next steps.

The ICO had commented a few weeks earlier that there are encouraging signs and said that the nature of the debate has changed from "it's too complicated" to practical considerations which combine innovation and privacy, singling out statements of intent from Google and IAB Europe and UK.

The IAB UK has agreed a range of principles and is developing guidance on security, data minimisation and data retention, as well as UK-focused guidance on content taxonomy. It is also planning to educate the industry on special category data and cookie requirements. Google is going to remove content categories and improve its process for auditing counterparties. It has also said it will phase out support for third party cookies within the next two years.

The ICO does, however, retain "significant concerns about the lawfulness of processing special category data...and the lack of explicit consent for that processing" as well as "concerns about whether reliance on contractual clauses to justify onward data sharing is sufficient to comply with the law". Other flashpoints are around the use of legitimate interests as a lawful basis, insufficient data security and data minimisation, and a failure to complete sufficiently detailed DPIAs.

The ICO says some organisations "appear to have their heads firmly in the sand" and concludes that engagement alone will not address the issues; "it may be necessary to take formal regulatory action". The ICO also has warnings for the wider industry "some of what is happening now appears to us to be unlawful…The future of RTB is both in the balance and in the hands of all the organisations involved".

What does this mean for you?

It seems fairly clear the ICO is looking to industry to provide a compliance solution it can agree on, but the implications, are that there is no easy answer available. As an interim, the ICO provides somewhat vague advice to all organisations in the RTB chain, urging them to:

  • Review their processes systems and documentation.
  • Ensure your senior management understands that practices are changing in this industry and challenge them to review their approach.
  • Embed a privacy by design approach to your use of RTB.
  • Keep engaging with your trade associations. Change is happening. Make sure you are part of this dialogue and are engaging with your industry representation to make your views heard.

The ICO says "the most effective way for organisations to avoid the need for further regulatory scrutiny or action is to engage with the industry reform and transformation and to encourage their supply chain to do the same".

Adtech businesses will also have to grapple with the ramifications of the recently published draft Code of Practice on Direct Marketing which will, when adopted, have statutory force. All the usual compliance issues of lawful basis, transparency, and consent (to cookies), which are the focus of various RTB-related complaints before data protection regulators across Europe, are underlined in the Code (see our article).

Regulators recognise that the internet is fuelled by advertising but both competition and data protection regulators are repeatedly finding issue with the current business models. The main reason why GDPR compliance is particularly challenging for Adtech, is the complexity of the ecosystem: the number of different actors – publishers, vendors, data brokers, advertisers – the real time bidding system, and the data journey involving a large supply chain.

One of the questions the ICO is seeking to answer with the help of stakeholders, is whether there is a 'one size fits all' solution to the tension between the GDPR and Adtech. There have been a number of regulator decisions in this space but these tend to focus on the problems rather than the solutions. Hopefully, the ongoing investigations will result in further guidance and a more clear-cut approach.

You can read more about Adtech and GDPR compliance in our series of articles on the Global Data Hub.

本系列内容

技术、媒体与通信 (TMC)

Government proposes Ofcom as online harms regulator

作者 作者

技术、媒体与通信 (TMC)

ICO says future of 'Real Time Bidding' in Adtech "is in the balance"

作者 作者

技术、媒体与通信 (TMC)

ICO publishes Age Appropriate Design Code of Practice

作者 作者

技术、媒体与通信 (TMC)

ICO draft Code of Practice on Direct Marketing

Long-awaited direct marketing Code of Practice published for consultation.

作者 作者

游戏与赌博

Gambling Commission ban on gambling with credit cards

eGaming and gambling addiction under the spotlight.

作者 作者

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

商业和消费者合同

Radar: Technology & Communications Update - July 2019

2019年7月16日

作者

点击此处了解更多
商业和消费者合同

Radar: Technology & Communications Update - June 2019

2019年6月19日

作者

点击此处了解更多
数据保护与网络

Adtech

2019年6月3日

作者

点击此处了解更多