ICO Questions Ad Tech Firms' Understanding of Privacy
Ad tech companies are 'immature in their understanding of data protection requirements', according to a new report from UK regulator the ICO, and appear to be breaching Europe's privacy rules'.
The body's 'general, systemic concerns' over companies engaged in real-time bidding do not obtain consumers' consent before using their browsing data for ad targeting; or provide them with straightforward information about how data is collected and used. The report notes that while the GDPR and the Privacy and Electronic Communications Regulations require companies to obtain consumers' consent before using tracking data stored in cookies, current privacy information provided to individuals 'lacks clarity whilst also being overly complex'; while individuals' profiles 'are extremely detailed and are repeatedly shared among hundreds of organizations for any one bid request, all without the individuals' knowledge'.
Among other findings, the report looks at the 'Transparency & Consent' framework offered for consumer's protection by industry body IAB Europe, and complains that it 'may not give consumers as much information as they need to make a decision about tracking'. It continues: 'The vendor list that forms part of IAB Europe's TCF has over 450 organizations, each with separate privacy policies to the online service the user is actually visiting. It is therefore unclear whether this vendor list is of practical use to individuals when they are presented with the TCF 'mechanism''.
In reply IAB Europe's CEO Townsend Feehan, quoted on www.mediapost.com , says the report contains some 'misconceptions' about the framework's features and functionality, and that it 'looks forward to working with the ICO over the coming weeks and months to continue to educate the ICO on the industry's practices, identify and address its concerns, and drive the industry in a positive direction toward a standardised solution'.
Also today the ICO has fined telecoms giant EE £100,000 for sending more than 2.5 million direct marketing messages to its customers, without consent, in early 2018.
Web site: www.ico.org.uk .