Six months after warning that the real-time bidding( RTB) factor of programmatic online publicizing is wildly out of control — i.e. in a crack the laws and regulations appreciation — the U.K.’s data protection protector has commemorated half a year’s regulatory stagnation with a blog affix that entreats the adtech industry to come up with a solution to an” industry question .”
Casual readers of the ICO’s pre-Christmas message for European law-flouting adtech might be forgiven for imagine it appears a great deal like the regulator telling the industry to” remain calm and carry on regulating yourselves .”
More informed books, who understand that RTB is a process which( currently) implies systematic, privacy eviscerating high-velocity trading of people’s personal data for the purpose of targeting them with ads, might feel moved to be underlined that self-regulation is a core part of why adtech contained in the abject mess it’s in.
Ergo, a data protection regulator summon for more of the same systemic omission does glance preferably, uh, uninspiring.
In the mildly worded blog announce, Simon McDougall, the ICO’s executive director for technology and invention — who does not appear to work anywhere near an imposition agency — includes such grand suggestions for adtech law-breakers as:” maintain engaging with your trade associations .”
You’ll have to forgive us for not being overly persuaded such a stair will be translated into any paradigm inclines to privacy — or” mixtures that blend innovation and privacy ,” as McDougall employs it — afforded episodes like this.
Another of the big ideas he has for the industry to get with the law program is to suggest beings working in adtech “challenge” senior management to” examine their approach .”
Now we know employee activism is rather in vogue right now — at least at specific monopolistic tech monstrous who’ve scaled so large-scale, and hire such large-scale militaries of advocates, they’re essentially immune to moral and societal operational standards — but we’re not sure it’s the greatest look for the U.K.’s data watchdog to be encouraging adtech professionals to situate their own tasks on the line instead of, y’know, doing its place and enforcing the law.
It’s possible that McDougall, a relatively recent recruit to the regulator, may not yet know it from his roost in the” engineering and invention” legion, but the ICO does have a potent toolbox at its disposal these days. Including the capacity, under the pan-EU General Data Protection Regulation framework, to impose fines of up to 4% of world-wide turnover on entities it find gravely contravening the law.
It likewise can say a stop to law-violating data processing. And what better road to intention the mass-scale privacy violations attached to programmatic marketing than by ordering personal data be divested out of RTB solicits, you might wonder?
It wouldn’t mean an culminate to being able to target ads online. Contextual targeting doesn’t necessitate personal data — and has been used successfully by the likes of non-tracking search engine DuckDuckGo for years( and profitably so ). It would just mean an extremity to the really creepy, stalkerish trash. The stuff customers dislike — which also suffices up horribly injury societal upshots, given that the mass profiling of internet users enables push-button discrimination and exploitation of the vulnerable at massive scale.
Microtargeted ads are also, as we now know all too well, a pre-greased electronic conduit for attacks on democracy and society — enabling the dissemination of malevolent disinformation.
Since kinfolks with an heart on these topics are retweeting this, here are a few things I’ve written this year about the negative externalities of behavioral targeting. 1/3 https :// t.co/ n8i7QyCeR0 pic.twitter.com/ g3a4X1bbpi
— Josh Braun (@ josh_braun) December 20, 2019
The societal ventures couldn’t be higher. Yet the ICO shows material to keep calm and make the adtech manufacture carry on — no enforcement, precisely biannual remembers of “concerns” about “lawfulness.”
To wit:” We have substantial concerns about the lawfulness of the processing of special list data which we’ve seen in the industry, and the lack of explicit consent for that processing ,” as McDougall admits in the post.
” We likewise have concerns about whether reliance on contractual clauses to justify onward data sharing is sufficient to comply with the law. We have not attended instance studies that appear to adequately justify this .”
Set tone to: “Oopsy.”
The title of the ICO’s blog post — Adtech and the data protection debate- where next? — also incorporates contradictory framing as if to imply there is “debate” for purposes of determining whether the industry needs to comply with data protection regulation.( Given the ICO’s own findings of “concern” that framing is itself concerning .)
So what can the adtech manufacture expect the ICO to actually do if it continues to fail to embed a” privacy by design approach in its use of RTB”( another of the blog post’s big suggestions) — and therefore keeps on, er, ending the laws and regulations?
Well, the ICO plans to make like a rinse over the” coming weeks ,” per McDougall, who says it will spend time” absorbing all the information gathered and the rich conferences we’ve had throughout the year” and then alter into first gear — where it will be” measure all of the options available to us .”
No rush, eh.
A” further update” will then be put out in” early 2020″ which will set out the ICO’s position — third day lucky perhaps ?!
This update, we are informed, will also include” any action we’re taking .” So maybe still nothing, then.
” The future of RTB is both in the remaining balance and in the mitts of all the organisations involved ,” McDougall writes — as if regulatory enforcement expects industry buy-in.
U.K. taxpayers should be forgiven for wondering which is what their data protection regulator is for at this pitch. Hopefully they’ll catch out in a few months’ time.
— Natasha (@ riptari) December 20, 2019
Read more: feedproxy.google.com