Government Watchdog Fires Warning to Media Companies to review their Ad Tech

The UK Information Commissioner’s Office (ICO) has warned that multiple media companies are in breach of the law as regards the use and abuse of Personal Data.

We reported in October of last year how Covid had impacted the ICO and limited their enforcement of GDPR - to such a degree that non-compliance and Data exploitations were running rampant in the absence of any sort of punitive measures.

Several issues were identified in Real-Time Bidding systems and Programmatic Advertising, where customer data was being sold on to anyone and everyone. In the shadow of this, Ireland had seen its largest / worst data breach of all time.

The IAB and the AdTech Industry in general - despite some rhetoric to the contrary - have done little or nothing to reign in these excesses and abuses - and as a result, the ICO has a long backlog of prosecutions to make.

I suppose they are trying to shorten their workload somewhat by encouraging those companies to get their affairs in order before the investigations properly start up again.

The ICO Edict

The ICO has issued an edict how these companies must comply with the 8 Principles of the Data Protection Act - or else face fines of up to 4% of their turnover :

Personal Information MUST BE :

1. fairly and lawfully processed
2. processed for limited purposes
3. adequate, relevant and not excessive
4. accurate and up to date
5. not kept for longer than is necessary
6. processed in line with subjects’ rights
7. secure
8. and not transferred to other countries without adequate protection

Some would say this is a case of too little and too late - and seems to give those companies a final / further chance to correct their abuses before they face prosecution.

The Data Exploitation Pandemic

The truth is that Advertising and Data Exploitation has been at pandemic levels for a while - and numerous AdTech and Data companies have a flagrant disregard for the rules. Lots of Data companies are still peddling un-permissioned Data Lists. And the ICO has not really been diligently on the case - in fact very few fines have been levied to date.

It is more than somewhat unfair that a lot of them will get away with it, as it disadvantages compliant companies greatly, who are acting in accordance with the laws. It is the lack of prosecution which is completely undermining any impact of the legislation, and which is leaving the entire UK population with a similar level of risk of privacy invasion as it had been before the legislation was enacted.

Affino’s approach to GDPR

We at Affino take GDPR very seriously indeed, and have baked full GDPR-Compliance and Granular Permissioning into our Unified Business Platform - right back to when the Data Protection Act first came into effect.

Affino already has you covered for all these eventualities - with a native 1st party advertising solution which entirely complies with all the tenets of GDPR and Data Protection Law, whilst also not being blocked by any platform, browser or ad blocker.

Time is long due that companies who have put off complying with GDPR started acting more responsibly - one can only hope that the ICO’s overtures on this occasion will have some lasting impact.