With the expansion in technology over the last 25 years, there has been a struggle for data protection legislation to keep up to date and monitor/regulate more and more complex systems and/or industries that are “data rich” and that rely on personal data for revenue generation. One such industry is the AdTech industry – which broadly relates to the various methods, technology (including analytics and digital tools) used in the context of advertising (usually online).
Over the last 10 years, AdTech has taken over the online advertising world and now governs how advertising space is bought and sold online and is a unique way to bring together publishers and advertisers to ensure both sides get what they want (advertisers get successful campaigns that are targeted at the correct audiences and publishers get good prices for relevant ad space).
Then the GDPR came along…
The GDPR (General Data Protection Regulation) aimed to harmonise data protection legislation across the EU; deal with advances in technology to ensure privacy was central to such industries/sectors; and for those non-EU based companies - extended its extra-territorial impact – meaning it applies to many more non-EU businesses particularly where they are tracking/monitoring and/or offering goods/services to those in the EU.
One such industry that has received particular attention from been the UK Data Protection Supervisory Body, the ICO, has been that of the Ad Tech industry with the ICO releasing a quite scathing updated Report on AdTech in June 2019 (available here). It’s Report is critical of the industry as a whole from a privacy/data protection perspective and outlines many concerns which focus on user choice/control and the reasonable expectations of data subjects.