ICO Warns Ad Tech not to Flout GDPR

Last week (20 June), following an investigation into the use of consumer data across the ad tech industry, the ICO published a report that serves as a warning to the industry. The bottom line: stop flouting the rules. 

Information Commissioner, Elizabeth Denham, made it clear in the report that further action must be taken in order to avoid harsh penalties: “We are clear about the areas where we have initial concerns, and we expect to see change,” she wrote.

The main areas of concern are: The use of legitimate interest as a justification for real-time bidding; Flaws in the IAB Europe and Google GDPR frameworks; and attempting to pass on responsibility through contractual agreements. 

What does this mean?

If ad tech companies want to continue to use personal data to power real-time bidding, they will have to up their game when it comes to obtaining consumer consent meaning that consent management platforms will need to provide additional layers of functionality. 

The IAB Transparency and Consent Framework is already being overhauled but more work than anticipated will need to be done in order for consumers to be able to truly understand how their data is being used and by whom.

Up to now, a large number of ad tech companies have relied on contractual agreements that essentially aim to pass responsibility for the use of consumer data back to brands rather than shoulder the responsibility themselves. The ICO report states that these kinds of contractual agreements are void. This means that ad tech companies are going to have to update their own policies and procedures in order to ensure they are acting accordingly to their data controller/processor status. 

Helpfully illuma’s approach to audience expansion doesn’t require personal data. Find out more about our cookieless advertising solutions.

Sign up to illuma’s newsletter to receive the latest insights, best practices, and trends straight to your inbox!