The adtech industry has had lots of criticism when it comes to poor privacy practices. With the shift to digital, the opportunities to collect data about behaviours and use it to better target advertising have skyrocketed. Complex supply chains such as real-time bidding (RTB) practices have left many adtech systems at risk of breaching the principles of the GDPR.
Prioritising privacy requires transparency. People should be able to understand how, why, where and by whom their personal data is being processed. There needs to be a fundamental shift in the way adtech businesses view, collect and process user data. Here’s why:
Avoid sizeable fines
The Information Commissioner’s Office (ICO) was busy dishing out fines for breaches of the UK GDPR last year and poor marketing practices were one of the top offenders. We Buy Any Car was fined £200,000, Saga was fined £225,000 and Sports Direct paid £70,000. All were found guilty of sending marketing emails or texts without permission. Breaches are prolific in the adtech sector too – research by Adlytics investigating how the adtech ecosystem responds to user signals that request only basic (non-tracking-based) ads found many vendors continue to track and profile users regardless. Special category data should be handled even more carefully – the dating app Grindr, for example, was fined over $7m by Norway’s data protection authority for passing user data to advertisers without consent, including highly sensitive information about their sexual orientation.
Build a competitive advantage
The companies that adtech businesses work with are increasingly realising the importance of privacy – and they want their partners to do so too. Taking the GDPR seriously is a badge of competence and sets businesses apart from others in this space. Data privacy is also a growing concern among members of the public, particularly after the Facebook and Cambridge Analytica scandal in 2018. A recent poll by KPMG found 86% of respondents see it as an issue, and 78% expressed fears about the amount of data being collected. More than half (51%) are worried about their information being sold and are becoming less willing to share private information. Companies need to be more transparent about who they’re doing business with to ease those fears, and to ensure they’re working with organisations that take privacy as seriously as they do.
Embrace, rather than fight, regulation
The Belgian Data Protection Authority’s (APD) ruling against IAB Europe this year has put a huge question mark over the practices of the behavioural ad industry. Approximately 800 adtech vendors use the system and may now have to change how they operate after IAB’s Transparency Consent Framework was found to breach 12 articles of the GDPR. The ruling strikes at the heart of the RTB system that has grown to be worth billions of dollars. The ICO has also said that its investigations into the practice will continue. “Sharing people’s data with potentially hundreds of companies without properly assessing and addressing the risk of these counterparties raises questions around the security and retention of this data,” Simon McDougall, ICO Deputy Commissioner, has said. By working with the regulations, adtechs will be in a much better position to fulfil their information and transparency obligations under the GDPR, rather than fighting a losing battle against both regulators and the wave of popular opinion.
Bolster security credentials
With each new hacking or data-sharing scandal, the faith consumers have in the system is shaken. Adtech companies need to ensure the data they process is secure from nefarious players. The World Economic Forum has reported the pandemic led to a 50% increase in cyber attacks, with 71% of security professionals reporting a rise in the number of threats. As well as investing in staff training so that teams are putting privacy first, it’s also a good idea to minimise the amount of data held. An appetite for Big Data has overtaken much of the adtech sector in recent years but that in itself poses a security risk as firms struggle to keep it all safe. And if one company in the supply chain has a data breach that puts customer data at risk, the rest of the participants in the chain need to worry about having to report themselves to the regulator.
Adtech has to find new ways to connect the consumer to the marketer, map and simplify data flows, improve its transparency and have a solid legal basis for its processing. That provides opportunities for disruptors to exploit opportunities in the market and the sector is looking for leaders on this issue. Apple and Google have already invested in rolling out features that put more power into the hands of users to give them the choice about ad tracking. Google’s Federated Learning of Cohorts (FLoC), which segments users at a local browser level, delivered 95% of the conversions per dollar spent on cookie-based advertising. The tech giant plans to phase out the use of third party cookies imminently.
“There is a problem with compliance culture among those companies that live off our personal data,” Vera Jourová, the EU’s commissioner for values and transparency, has said. “Sadly I fear this is not privacy by design. I think it’s high time for those companies to take protection of personal data seriously … It’s time not to hide behind small print but tackle the challenges head on.”