ICO publishes new data protection standards for the adtech industry

The new rules apply to new online advertising strategies which must place protections for users at the forefront

"Privacy" written atop a circuit board

The Information Commissioner's Office (ICO) unveiled new mandatory data protection standards for the advertising technology (adtech) industry on Thursday.

New rules apply to companies designing new methods of online advertising and stipulate data protection laws must be followed and excessive data collection must cease, in line with the UK's Data Protection Act 2018.

The ICO published a Commissioner's Opinion which states data protection of users must be placed at the forefront of any advertising strategy designed by adtech firms.

“Ultimately, new online advertising proposals should improve trust and confidence in the digital economy, instead of weakening it,” the Opinion reads. “Solutions should be privacy-respectful while ensuring they give due consideration to other relevant laws.”

Users will have to be given clear opportunities to receive ads without tracking, profiling, or targeting based on excessive collection of personal data, the ICO said.

Accountability throughout the entire data collection and processing lifecycle is also now mandatory, with companies having to prove who is responsible for what task at each stage of the advertising strategy.

Each strategy must clearly identify the purposeful processing of personal data and consider ways to reduce harm and mitigate risks to individual users before any processing takes place.

Adtech companies must be fair and transparent about the benefits of data collection, articulating this to the users explicitly, and afford users ‘meaningful control’ over processing where possible.

The standard data collection and processing rules as set out by the Data Protection Act 2018 will also apply, such as the principle of data minimisation.

Related Resource

The Okta digital trust index

Exploring the human edge of trust

Woman types on a laptop, image is faded purple with title text beside it on white backgroundFree download

"What we found during our ongoing adtech work is that companies are collecting and sharing a person’s information with hundreds, if not thousands of companies, about what that person is doing and looking at online in order to show targeted ads or content," said Elizabeth Denham, information commissioner at the ICO. "Most of the time, individuals are not aware that this is happening or have not given their explicit consent. This must change.

"I am looking for solutions that eliminate intrusive online tracking and profiling practices, and give people meaningful choice over the use of their personal data," she added. "My office will not accept proposals based on underlying adtech concepts that replicate or seek to maintain the status quo."

It said Google's Privacy Sandbox is currently one of the leading proposals in the industry and that the ICO is currently working with the Competition and Markets Authority (CMA) to review how the model can be applied in the UK.

Google's Privacy Sandbox aims to replace the use of third-party cookies with other technologies to enable digital advertising. The project is currently subject to antitrust allegations in the US and EU as it forces advertisers to work with Google on ads.

The ICO drew attention to failings in the adtech industry in 2019 saying it found massive illegality in the space with numerous violations of data protection laws, particularly with real-time bidding.

Despite this, the data regulator was threatened with legal action from the Open Rights Group alleging it had failed to enforce data laws against adtech firms falling foul to data laws.

The threat of legal proceedings prompted the ICO to restart its probe into the industry after it was initially paused, saying it didn’t want to put undue pressure on the industry as the COVID-19 pandemic started to take hold in the UK.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Celebrity data leaked after ransomware attack on London's Graff jewellers
ransomware

Celebrity data leaked after ransomware attack on London's Graff jewellers

1 Nov 2021
ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
Senator reintroduces federal data protection bill
data protection

Senator reintroduces federal data protection bill

17 Jun 2021

Most Popular

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Flaw in Android phones could let attackers eavesdrop on calls
Google Android

Flaw in Android phones could let attackers eavesdrop on calls

26 Nov 2021