Information collected by ad-sellers covered by General Data Protection Regulation (GDPR), government says.
Real-time bidding, deployed by Google, Facebook and other online ad-sellers, has been criticized by the United Kingdom’s Information Commissioner’s Office (ICO) for violating data protection laws.
The process, which automates the ad-selling process for all players involved, has been derided by many in the UK over the past few months. “The programmatic display advertising market is seen as particularly complex, and lacks transparency across the advertising supply chain,” the Cairncross Review wrote earlier this year.
SEE ALSO: In-Memory Speeds Up the Real-Time Bidding Process
The ICO sees the information collected by ad-sellers during the real-time bidding process to constitute personal data under the European Union’s General Data Protection Regulation (GDPR), which would make it subject to regulations on collection, recording, and use.
“The adtech industry appears immature in its understanding of data protection requirements. Whilst the automated delivery of ad impressions is here to stay, we have general, systemic concerns around the level of compliance of RTB,” said the ICO in its report.
While the report is not a legally binding statement, the ICO appears intent on taking further action to reduce the amount of data collected by real-time bidding services. Google, through DoubleClick, uses an algorithm to find the best suited ad for the individual user, based on search results and other variables.
Every Google user does consent to this when they open a Google account, but the ICO believes there needs to be additional consent for consumers. It is not clear how this consent will be provided, without a vast overhaul of how real-time bidding services operate.
There has been worry over the future of the UK internet post-Brexit, especially as the prospect of no-deal has risen with the appointment of Boris Johnson as Prime Minister. The new UK Home Secretary, Priti Patel, has taken aim at Facebook for its privacy policy, which denies policy enforcement access to criminal’s WhatsApp and Facebook Messenger accounts.
