A year after the General Data Protection Regulation (GDPR) came into effect in the UK, the Information Commissioner’s Office (ICO) is showing it has teeth.

The ad tech industry now has until July 30 to respond to claims that (among other challenges) it has an ‘immature’ understanding of data protection requirements and that ‘individuals have no guarantees about the security of their personal data within the ecosystem’.

In a week in which British Airways and Marriott International has each been whacked with potential heavy fines from the ICO for breaching data protection regulations, it seems prudent for ad tech to sit up, re-think - and respond.

The ICO released the Update report into adtech and real time bidding (RTB) on June 20 2019. The report examines RTB and how personal data has been used since GDPR. The ICO has particular concerns around transparency, consent and the use of sensitive data within ad tech - and Commissioner Elizabeth Denham says it expects to see improvements in the coming months.

The penalties for non-compliance are hefty and the industry has only to look to events this week to see that the ICO means business, yet making the necessary adjustments is fraught with its own challenges.

In short, if ad tech companies want to continue to use personal data to power real-time bidding, they will have to up their game when it comes to obtaining specific consumer consent, plus shoulder full responsibility for data control rather than trying to pass the buck back to the brands.

With the report also playing out alongside browser updates making the internet an increasingly hostile environment for tracker cookies, the industry is starting to stare down the barrel of operating campaigns in a cookie-less, data-free world.

But in the midst of this fast-shifting landscape, some forward-thinking brands, agencies and traders are already alert to the fact that online advertising doesn’t actually need personal data to function. It can instead target contextually, tracking content rather than person and seeking out fresh audiences based on mindset for likely engagement rather than on previous online behaviour.

Contextual targeting is nothing new, but it’s fair to say that, until now, it has played second fiddle to data-driven targeting, retargeting and audience-chasing; and been hindered by worries about accuracy and scale when buying an audience has seemed a safer bet.

But recent ground-breaking developments in AI mean that context campaigns are now proving as effective - if not more effective - than traditional data-driven campaigns against a variety of KPIs, including cost per click, website traffic, reach and engagement. They are also delivering scale - with real-time audience expansion technology instantly converting each engagement into thousands of brand-unique prospecting opportunities in quality environments limited only by a campaign’s white-list.

This type of technology operates without capturing user data at all - no IP address, cookie ID, user ID, user agent string, location, time zone, segmentation nor even language; and if data was removed from the ecosystem completely, it would have no impact on its ability to operate or grow.

Agencies and brands face a rocky journey towards compliance if they continue to work with personal data, but if they choose to wean themselves off it and take the leap towards context, they’ll find a brand-safe, compliant and advanced AI-powered infrastructure is waiting to catch them.


Written by Jacqui Wallis, Managing Director, Illuma

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus