The Information Commissioner’s Office is calling on the adtech industry to help it determine how best to police the programmatic advertising market after admitting it needs to develop an understanding of all aspects of “this complex ecosystem”.
Some already insist that the practice is in breach of GDPR, claiming companies exploit personal information on users’ online behaviour without consent to target them with ads.
In September, tech start-up Brave, the Open Rights Group and University College London lodged official complaints with the ICO, the Irish Data Protection Commission, and the Polish regulator. Last month, they provided further evidence of “systemic” breaches.
However, it seems the ICO feels it needs to gather more evidence. In a blog post, ICO executive director for technology and innovation Simon McDougall said the regulator had identified three key areas of interest: transparency and personal data; lawful basis for processing personal data; and data security.
He added: “What we can say is it’s an extremely complicated area, with a large number of intermediaries and service providers sitting in between the advertisers buying advertising space, and the publishers selling it.
“The speed, scale and complexity of real-time bidding is both technologically impressive and a cause for concern, but we understand that at the same time, this technology facilitates the sale of advertising space that generates a certain level of income for publishers, and value for advertisers.”
In order to develop its understanding, the regulator plans to convene a “fact-finding forum” next month to bring together representatives from across the adtech industry to explore each key theme.
McDougall added: “We hope that by supporting a structured dialogue between different stakeholders, we can deepen our understanding, and perhaps advance some aspects of this debate.”
IAB in dock over sector’s ‘systemic’ breaches of GDPR
$273bn behavioural ad industry ‘is in breach of GDPR’
Let battle commence: first GDPR complaints are filed
Google GDPR shortcomings leaving ad clients exposed