Now ICO leans on brands to combat adtech data abuse

data_adtech1Brand owners should take a long hard look in the mirror over their part in funding the adtech industry by advertising through controversial realtime bidding (RTB) systems and should ask themselves whether they actually know what data is being collected in their name.

That is the latest stance from Simon McDougall, executive director for technology and innovation at the Information Commissioner’s Office, revealed in a speech at the Advertising Association’s Lead conference this week.

Having failed to tackle the adtech giants, it seems the ICO is now trying the far softer target of advertisers who use the systems, that by the regulator’s own admission are triggering the mass unlawful use of consumer data.

McDougall said: “My question to you, whether you’re publishers, or adtech firms, digital platforms [or] brands, is how you  consider your interaction with this particular market. Do you know what’s going on in your supply chain? Do you know what data is being collected in your name?”

He added: “In the end, it’s the brands that are funding all of this. If a regulator keeps on saying something is unethical, and it’s illegal, it’s problematic, at what point does it become an ethical issue for the brands to keep bankrolling those instances?”

McDougall’s remarks follow last week’s threat – from Brave chief policy officer Johnny Ryan who lodged the first GDPR complaints about RTB – to push for a judicial review of the ICO, amid accusations that it is failing to act on “the largest data breach ever recorded”.

This was in turn triggered by McDougall’s blogpost, which confirmed the regulator will not yet be taking any action against the adtech industry.

At the time, Ryan said: “As the evidence submitted by the complainants notes, the RTB systems designed by Google and the IAB broadcast what virtually all Internet users read, watch, and listen to online to thousands of companies, without protection of the data once broadcast. It is by far the largest data breach ever recorded. Now, sixteen months after the initial complaint, the ICO has failed to act.

“Regulatory ambivalence cannot continue. The longer this data breach festers, the deeper the rot sets in and the further our data gets exploited. This must end. We are considering all options to put an end to the systemic breach, including direct challenges to the controllers and judicial oversight of the ICO.”

In response, McDougall told delegates: “As we prepare for action, we have to be very careful to make sure that we continue to be proportionate, we continue to work on evidence and we do not predetermine what we’re going to do or find anyone guilty before things happen.

“And that’s really hard because that part of the market wants to have a very quick headline and a quick tweet about some things to make themselves feel good, but we need to be more proportionate.”

Related stories
ICO faces legal challenge over failure to tackle adtech
Digital ad body acts over ‘mass unlawful use of data’
ICO ‘cosies up’ to industry in bid to tackle adtech issue
ICO urged to act now on adtech or be seen as soft touch
ICO: online ad industry ‘leaving millions at risk of harm’
Germans unleash GDPR blitz on behavioural ad giants
Google Ad Exchange probe threatens online ad mayhem
Adspend nears £24bn with surge in data-driven activity
Irish data regulator launches inquiry into adtech giant
New Govt probe to scrutinise behavioural data market
ICO taps up industry for probe into programmatic ads