UK Data Watchdog Sets Out New Adtech Rules

The UK’s Information Commissioner’s Office (ICO) has set out new privacy standards for advertising technologies.

In a Commissioner’s Opinion, the ICO stresses that companies designing new methods of online advertising must comply with data protection law and stop the excessive collection and use of people’s data.

The ICO specifically cites Google, whose Privacy Sandbox aims to replace the use of third party cookies – but with alternatives that still enable targeted digital advertising. And while it’s broadly supportive, it still has concerns, and is calling for more detailed information.

“Any proposal that has the effect of maintaining or replicating existing tracking practices (such as those described in the 2019 Report) is not an acceptable response to the significant data protection risks that the Commissioner has already described,” the Opinion reads.

The ICO says it’s working with the Competition and Markets Authority (CMA) to review how Google’s plans will safeguard people’s personal data.

The watchdog is calling for a data-protection-by-design approach. New advertising technologies must offer users the choice of receiving adverts without tracking, profiling or targeting based on personal data.

They must be transparent about how and why personal data is processed across the ecosystem, and about who is responsible for that processing, and describe the specific purposes for processing personal data and demonstrate how this is fair, lawful and transparent.

Finally, they must address existing privacy risks and mitigate any new privacy risks that their proposal introduces.

“What we found during our ongoing adtech work is that companies are collecting and sharing a person’s information with hundreds, if not thousands of companies, about what that person is doing and looking at online in order to show targeted ads or content. Most of the time, individuals are not aware that this is happening or have not given their explicit consent. This must change,” says information commissioner Elizabeth Denham.

“That is why we want to influence current and future commercial proposals on methods for online advertising early on, so that the changes made are not just window dressing, but actually give people meaningful control over their personal data.”

Jim Killock, executive director of the Open Rights Group, says that positives in the policy include “a strong pushback against industry nonsense”, and a clear defence of GDPR.

But he points to the lack of deadlines.

“We have seen no actual enforcement action. The ICO cannot delay and prevaricate indefinitely,” he says. “Each time it swerves away from action, it is sending the signal that data protection laws are optional, negotiable, and ultimately of secondary importance even to the regulator. We need better than that.”

Source link

Leave a Reply