19 March 2019
Since the dawn of the GDPR-era almost ten months ago, the Adtech industry has found itself the privacy equivalent of Pantone’s Color of the year. During their relatively short stint under the GDPR microscope, adtech players have already seen:
1. Web and cross-device tracking for marketing making its way onto the ICO’s priority-list for 2018-2019;
2. The CNIL issuing public notices to four adtech companies (vectaury,Fidzup, Teemo, and Singlespot), with the fifth this year (to Google) attracting headlines for involving the biggest fine to be issued under the GDPR to date; and
3. An increase in the number of complaints received by the CNIL, ICO and other data protection authorities (DPAs), alleging lack of GDPR compliance within the adtech ecosystem.
That’s enough regulatory scrutiny to make anyone turn from Ultra violet to Living Coral!
Much of the tension between current adtech practices and data protection law stems from the multitude of actors involved in the delivery of personalized ads, the enrichment of data from numerous sources, and the speed (quite literally microseconds) at which real-time bidding auctions for advertising inventory occur. These characteristics have resulted in practical challenges for GDPR compliance by adtech participants.
It is against this backdrop that, on 6 March 2019, the ICO gathered a crosssection of adtech stakeholders – ranging from publishers, advertisers and adtech companies to lawyers, privacy campaigners and DPAs – for its first-ever fact-finding forum. The forum focused on transparency, lawful basis, and security in the adtech ecosystem. What ensued was a day of diverging opinions, engaging debate, and a unanimous desire to find solutions.
You can read more about this in an article I wrote which was recently published in Privacy Laws PL&B UK Report, March 2019.