It was only a matter of time. U.K. data protection authority the ICO has investigated how the ad tech sector still uses personal data for the purposes of real-time bidding in programmatic advertising. Its verdict: not good enough.
The regulator has given ample time to businesses to show how they have adapted business processes in order to comply properly with the General Data Protection Regulation, introduced last May. But bar a small contingent of publishers and ad tech vendors, many continue to flout the law rather than risk any drop in ad revenues complying more strictly would cause.
On June. 20, the ICO released a report that specifically focuses on how the ad tech sector should comply with GDPR — an area that would be hard for it to ignore given the multiple privacy complaints made against the use of RTB in programmatic advertising by privacy activists.
The report will be circulated to the ad tech sector, and the ICO will check that its stipulations have been followed in six months’ time. It may decide then to write future guidance. The Irish DPA is also investigating many of the same issues raised in the report. Although the ICO hasn’t made any serious threats to businesses that don’t comply, it does intend for this additional clarity on certain areas of GDPR to be adhered to.
“We are clear about the areas where we have initial concerns, and we expect to see change,” wrote Information Commissioner Elizabeth Denham in the report.