The Information Commissioner’s Office (ICO), the UK’s data watchdog, resumed its investigation Friday into the country’s online advertising business after COVID-19 halted it for months.
While there have been many complaints related to data misuse under the General Data Protection Regulation (GDPR) guidelines, the focus now turns to real-time bidding and privacy. The ICO points to consent as the biggest culprit -- and the inability to get that consent from site visitors before an ad serves up.
“Enabling transparency and protecting vulnerable citizens are priorities for the ICO,” Simon McDougall, the ICO’s deputy commissioner for regulatory innovation and technology, wrote in a post. “The complex system of RTB can use people’s sensitive personal data to serve adverts and requires people’s explicit consent, which is not happening right now.”
These digital real-time bidding auctions take place in milliseconds as web pages load offering little chance for user to consent to their information being read. The data can sometimes use sensitive special categories like data related to sexual and political orientation.
The ICO is also looking into the role of ad-tech data brokers, amidst regulators' concerns about how the industry processes personal data.
The ICO in October completed an investigation into data-brokering activities by credit agencies Equifax, Experian and TransUnion. It served an enforcement notice to Experian, requiring it to “make fundamental changes to how it handles people’s personal data within its direct marketing services,” according to the Financial Times.
McDougall also wrote that all organizations operating in ad technology should assess how they use personal data.
“We are also continuing to work with the Competition and Markets Authority (CMA) in considering Google’s Privacy Sandbox proposals to phase out support for third party cookies on Chrome,” he wrote.