IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO publishes new data protection standards for the adtech industry

The new rules apply to new online advertising strategies which must place protections for users at the forefront

"Privacy" written atop a circuit board

The Information Commissioner's Office (ICO) unveiled new mandatory data protection standards for the advertising technology (adtech) industry on Thursday.

New rules apply to companies designing new methods of online advertising and stipulate data protection laws must be followed and excessive data collection must cease, in line with the UK's Data Protection Act 2018.

The ICO published a Commissioner's Opinion which states data protection of users must be placed at the forefront of any advertising strategy designed by adtech firms.

“Ultimately, new online advertising proposals should improve trust and confidence in the digital economy, instead of weakening it,” the Opinion reads. “Solutions should be privacy-respectful while ensuring they give due consideration to other relevant laws.”

Users will have to be given clear opportunities to receive ads without tracking, profiling, or targeting based on excessive collection of personal data, the ICO said.

Accountability throughout the entire data collection and processing lifecycle is also now mandatory, with companies having to prove who is responsible for what task at each stage of the advertising strategy.

Each strategy must clearly identify the purposeful processing of personal data and consider ways to reduce harm and mitigate risks to individual users before any processing takes place.

Adtech companies must be fair and transparent about the benefits of data collection, articulating this to the users explicitly, and afford users ‘meaningful control’ over processing where possible.

The standard data collection and processing rules as set out by the Data Protection Act 2018 will also apply, such as the principle of data minimisation.

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

"What we found during our ongoing adtech work is that companies are collecting and sharing a person’s information with hundreds, if not thousands of companies, about what that person is doing and looking at online in order to show targeted ads or content," said Elizabeth Denham, information commissioner at the ICO. "Most of the time, individuals are not aware that this is happening or have not given their explicit consent. This must change.

"I am looking for solutions that eliminate intrusive online tracking and profiling practices, and give people meaningful choice over the use of their personal data," she added. "My office will not accept proposals based on underlying adtech concepts that replicate or seek to maintain the status quo."

It said Google's Privacy Sandbox is currently one of the leading proposals in the industry and that the ICO is currently working with the Competition and Markets Authority (CMA) to review how the model can be applied in the UK.

Google's Privacy Sandbox aims to replace the use of third-party cookies with other technologies to enable digital advertising. The project is currently subject to antitrust allegations in the US and EU as it forces advertisers to work with Google on ads.

The ICO drew attention to failings in the adtech industry in 2019 saying it found massive illegality in the space with numerous violations of data protection laws, particularly with real-time bidding.

Despite this, the data regulator was threatened with legal action from the Open Rights Group alleging it had failed to enforce data laws against adtech firms falling foul to data laws.

The threat of legal proceedings prompted the ICO to restart its probe into the industry after it was initially paused, saying it didn’t want to put undue pressure on the industry as the COVID-19 pandemic started to take hold in the UK.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download


Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
Celebrity data leaked after ransomware attack on London's Graff jewellers

Celebrity data leaked after ransomware attack on London's Graff jewellers

1 Nov 2021
ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Swift exit: How the world cut off Russian banks

Swift exit: How the world cut off Russian banks

24 Jun 2022