Alternatively, you may have entered the complicated new world of adtech and other online advertising channels such as aggregators, in which case you may need to consider or mitigate your risks as you do so.
The Information Commissioner’s Office (ICO) has investigated and reported on data protection issues around real-time bidding (RTB), programmatic advertising and on the adtech industry generally.
Its commissioned research into online advertising found that, of 2,300 participants, 63% said they found it acceptable that ads funded free content. However, when researchers explained how RTB works, this fell to 36%.
The adtech industry is facing increasing scrutiny by European authorities. In 2019, the French data protection regulator fined Google €50 million (£45 million) for breaching EU online privacy rules. This related to Google’s lack of transparency and clarity about its handling of personal data and inadequate consent for personalised ads.
Ignoring compliance carries a genuine threat of huge management costs backed by large fines, criminal offences and serious adverse PR:
The ICO has also highlighted:
- The inconsistent application of measures to secure data in transit and at rest. The ICO is concerned that individuals have no guarantees about the security of their personal data within the adtech ecosystem.
- The likelihood of changes to data protection law concerning international transfers of personal data, and similar inconsistencies about applying data minimisation and retention controls.
We can help you to audit and assess your compliance generally, or specifically by conducting DPIAs . Such processes can often reveal training requirements , a need to assess and document appropriate lawful bases relied upon within the RTB ecosystem, and a need to draft new policies and procedures , or simply tighten up existing ones.
- Perhaps your data protection compliance queries concerning adtech or social media are more specific, relating to direct marketing , outsourcing to data processors , handling individual rights requests , ensuring the compliant use of surveillance and new technologies and more?
Alternatively, you might be looking to untangle some data-processing and data-sharing arrangements between customers and adtech providers or aggregators. It’s certainly not always clear who is the processor or the controller, or whether everyone is a joint controller. We can help.
- We can also help on the commercial side, putting adtech vendor arrangements in place to protect your organisation.
- If you think your current processes need to be updated or reviewed to ensure compliance with data protection legislation, we can help draft new policies and procedures that reflect how you do business.
- If something’s gone wrong and you’ve had a security breach , we can advise you on how best to handle it.
- Given the regulatory spotlight on this area (the ICO is undertaking targeted information-gathering activities, engaging with stakeholders and cooperating with other data protection authorities), you may need assistance liaising with them and other regulators on data protection issues.
Perhaps you’d like help to get their view on a tricky question where guidance is ambiguous, or where your DPIA has not completely reduced the data protection risks to your business. Alternatively, maybe the ICO has approached you more formally concerning information requests or complaints that it has received, and you’re unsure about next steps. We can help.
“Stephanie and her team bring genuine expertise to this extremely important and highly complex area of business operations that helps us perform successfully. They explain issues in a straightforward way, and provide clear solutions.”
“Pritchetts Law LLP has always been incredibly reactive, professional and very helpful. Interactions have consistently been extremely well handled, professional, measured and on point. The service provided has always helped us solve issues we were having and they thoroughly answer any question we bring to them. When dealing with Pritchetts Law LLP, we get a very personalised service with great professionalism.”
Quoted in The Legal 500 UK 2021