UK privacy watchdog warns adtech the end of tracking is nigh

DMCA / Correction Notice
- Advertisement -

It has been more than two years since the UK data protection watchdog warned the behavioral advertising industry was wildly out of control.

- Advertisement -

ICOs have done nothing to stop the systematic illegality of tracking and targeting an industry abusing Internet users’ personal data in order to try to get their attention – in fact to enforce laws against criminals and Not in the context of preventing what digital rights campaigners described as. Biggest data breach in history.

Indeed, the inaction against real-time-bidding misuse of personal data is being prosecuted by the complainants who petitioned the issue in September 2018.


But today the UK’s (outgoing) Information Commissioner, Elizabeth Denham, published a View – in which she warns the industry that her old illegal tricks will not work in the future.

She writes that the new methods of advertising must conform to a set of what she describes as “clear data protection standards” to protect people’s privacy online.

- Advertisement -

Among the data protection and privacy “expectations” Denham suggests she wants to see from the next wave of online advertising technologies:

• Engineered data security requirements by default in the initiative’s design;

• Providing users with the option to receive advertising without tracking, profiling or targeting based on personal data;

• Be transparent about how and why personal data is processed across the ecosystem and who is responsible for that processing;

• Explain the specific purposes of processing personal data and demonstrate how it is fair, valid and transparent;

• Address existing privacy risks and mitigate any new privacy risks they offer

Denham says the opinion aims to provide “further regulatory clarity” as new advertising technologies are developed, further specifying that she welcomes efforts that propose:

• Stay away from existing methods of online tracking and profiling practices;

• Improving transparency for individuals and organizations;

• Reduce existing conflicts in the online experience;

• Providing individuals with meaningful control and choice over the processing of equipment information and personal data;

• ensure that valid consent is obtained where necessary;

• Ensure that there is clear accountability in the supply chain;

The timing of the opinion is interesting – an impending decision has been given by Belgium’s Data Protection Agency on a key advertising industry consensus gathering tool. (And current UK data protection rules share a similar basis to the rest of the EU, as the country moved general data protection regulation to national law before Brexit.)

Earlier this month IAB Europe warned it expected to be found in breach of the EU’s General Data Protection Regulation, and its so-called ‘Transparency and Consent’ framework (TCF) claimed none of the things it claimed. Haven’t managed to get one. Tin.

But it is also the latest ‘correction’ message from ICOs to rule breaking edtech.

And Denham is only reinstating requirements that have already been derived from standards in UK law – and would not need to be repeated if his office had indeed enacted the law against the edtech breach(r). But it is the regulatory dance that she has taken a liking to.

This latest ICO salvo looks like an effort by the outgoing commissioner to claim credit for sweeping industry changes as she prepares to leave office – such as Google’s slow move towards phasing out support for third-party cookies ( aka, it’s the ‘Privacy Sandbox’) proposal, which is actually a response to evolving web standards such as competing browsers baking in privacy protections; growing consumer concern about online tracking and data breaches; and a huge increase in attention from lawmakers to digital matters) – than it’s really about shifting the needle on illegal tracking.

If Denham wanted to do this, she could have taken real enforcement action long ago.

Instead the ICO has chosen – at best – a partial commentary on the systematic compliance problem of embedded edtech. and, essentially, standing if the violation continues; And wait/hope for future compliance.

However, change can come regardless of regulatory inaction.

And, notably, Google’s ‘Privacy Sandbox’ proposal (which claims to have ‘privacy protected’ advertising targeting of groups of users, rather than micro-targeting of individual web users) received a significant call-out in the comments of the ICO. is – with a writing in Denham’s office Press release That is: “Currently, one of the most important proposals in the online advertising space is the Google Privacy Sandbox, which aims to replace the use of third party cookies with alternative technologies that still enable targeted digital advertising.”

“The ICO is working with the Competition and Markets Authority (CMA) to review how Google’s plans will protect people’s personal data, while also supporting the CMA’s mission to ensure competition in digital markets.” The ICO goes on, giving a nod to an ongoing regulatory oversight led by the UK’s competition watchdog, which has the power to prevent Google’s privacy sandbox from ever being implemented – and therefore tracking cookies in Chrome. To stop phasing out support to Google – if the CMA tech giant decides ‘don’t do it in a way that meets competition and privacy criteria.

So this reference is also a nod to ICOs reducing their regulatory impact in a core edtech-related area – that of market-correcting scale and imports.

The backstory here is that the UK government is working on a competition reform that would bring bespoke rules for platform giants deemed ‘strategic market conditions’ (and therefore the power to harm digital competition); With a dedicated Digital Markets unit that is already established and running within the CMA to lead the work (but which is still pending to be empowered by upcoming UK legislation).

So the question of what happens to ‘old school’ regulatory silos (and narrowly focused regulatory specifications) is critical for our data-driven digital age.

Increased cooperation between regulators such as ICOs and CMAs could give way to oversight that has led to even more convergence or mergers – to ensure that powerful digital technologies do not fall between regulatory cracks – and so can ball up critical issues. But not so brilliantly dropped like future ad tracking.

Intersectional Digital Oversight FTW?

As far as the ICO is concerned, there is another big caveat that not only is Denham on the way (his “opinion” naturally has a short shelf life) but that the UK government is likely to consult on ‘corrections’ to UK data. busy in protection rules.

Said that the reforms could see a sharp drop in home privacy and data security; And even outrageous ads legitimize tracking – if ministers, who are more interested in empty soundbites (about removing barriers to “innovation”), ask Internet users for consent. Eliminate the legal requirements for tracking them and profiling them in the first place. , according to some proposals.

So the next UK Information Commissioner, John Edwards, may have a very different set of ‘data rules’ to enforce.

And – if that’s the case – Denham has helped, in his roundabout way, meet sliding standards.

- Advertisement -

Stay on top - Get the daily news in your inbox

Recent Articles

Related Stories