Adtech and the data protection debate – where next?

Gigacycle > Information & Guidance  > Adtech and the data protection debate – where next?

Adtech and the data protection debate – where next?

20 December 2019

A blog by Simon McDougall, ICO’s Executive Director for Tech Policy and Innovation

In June we issued our Adtech Update Report with a clear message to industry that they had six months to read, internalise and act upon our report. Our view from the outset was that this is an industry problem requiring an industry solution. We have just reached the end of that six month period and are reviewing our findings.

During this time we’ve increased our understanding of the adtech industry. We’ve engaged widely with a variety of stakeholders, including Google, the IAB (Europe, UK and TechLab) and numerous UK trade bodies. We’ve also engaged with adtech organisations and learned more about their approaches to collecting and processing personal data. We’re grateful to all those who have given their time to support us in all this extensive engagement.

In November, we hosted the follow-up to our Fact Finding Forum. The majority of organisations in attendance recognised that real changes are needed to real-time bidding (RTB). We invited and welcomed civilised disagreement; the debate and the tone was respectful and productive throughout.

We heard some really important statements of intent from Google and IAB UK and we are working to understand the exact nature of the proposals and see how they will work in practice. The discussion has evolved from “it’s too complicated” to practical consideration of potential solutions that combine innovation and privacy.

We have significant concerns about the lawfulness of the processing of special category data which we’ve seen in the industry, and the lack of explicit consent for that processing.

We also have concerns about whether reliance on contractual clauses to justify onward data sharing is sufficient to comply with the law. We have not seen case studies that appear to adequately justify this.

We urge all organisations involved in RTB to review their processes, systems and documentation. Here are some practical things you can do:

  1. Ensure your senior management understands that practices are changing in this industry, and challenge them to review their approach.
  2. Embed a privacy by design approach to your use of RTB.
  3. Keep engaging with your trade associations. Change is happening – make sure you are part of this dialogue and are engaging with your industry representation to make your views heard.

We are now considering our next steps and deciding how best to address our ongoing concerns. Our teams are spending time absorbing all the information gathered and the rich conversations we’ve had throughout the year. There are many encouraging signs, though a significant amount of work remains.

To summarise, some of what is happening now appears to us to be unlawful, based upon the evidence we have seen to date. The future of RTB is both in the balance and in the hands of all the organisations involved. Over the coming weeks, we’ll be evaluating all of the options available to us and will be providing a further update in early 2020 on our position and on any action we’re taking.

Simon McDougall is Executive Director for Technology Policy and Innovation at the ICO where he is developing an approach to addressing new technological and online harms. He is particularly focused on artificial intelligence and data ethics.

He is also responsible for the development of a framework for auditing the use of personal data in machine learning algorithms.

Go to Source

No Comments

Sorry, the comment form is closed at this time.