ICO sets out privacy standards for adtech companies

The UK’s data-privacy watchdog has set out new standards to prevent the “excessive collection of personal information” by online advertisers and companies.

In a Commissioner’s Opinion report published yesterday, the Information Commissioner’s Office highlighted how  companies designing new ways to advertise online “must comply with data protection law”.

The ICO has been working with the Competition and Markets Authority (CMA) to review Google’s plans with people’s personal data while ensuring competition in digital markets.

The ICO stated that companies would need to make sure that the collection and use of personal information was “fair, necessary and proportionate” and be clear with consumers about how and why this is collected and used.

This change is aiming to build trust and confidence as well as protect the public from “personal data misuse”.

Information commissioner Elizabeth Denham said: “Digital advertising is a complex ecosystem that grew quickly with the ecommerce boom and without people’s privacy in mind.

“What we found during our ongoing adtech work is that companies are collecting and sharing a person’s information with hundreds, if not thousands of companies, about what that person is doing and looking at online in order to show targeted ads or content. Most of the time, individuals are not aware that this is happening or have not given their explicit consent. This must change.

“That is why we want to influence current and future commercial proposals on methods for online advertising early on, so that the changes made are not just window dressing, but actually give people meaningful control over their personal data.”

The shift from reliance on third-party cookies will affect how companies can profile, track, auction and share personal data for online advertising purposes which has implications for adtech companies, agencies and brands in how they target and measure their online campaigns as well as technology companies like Google’s revenue.

Google commits to ‘Privacy Sandbox’ with CMA oversight

The Competition & Markets authority has been investigating Google’s plan to remove support for cookies in its Chrome browser, its new “privacy sandbox”, and the competition authority has announced today that the tech giant has “pledged” to make changes to this plan.

These commitments, if accepted, be legally binding on a global scale and will allow the UK’s competition regulator to have oversight into the privacy sandbox.

These updates to online privacy regulations come as a key European regulator was about to rule IAB Europe’s Transparency & Consent Framework illegal earlier this month.

After eventually disabling third-party cookies on its Chrome browser, Google had proposed that ad targeting and measurement would happen according to the standards set by its Privacy Sandbox, whereby cookies are replaced by API feeds. Advertisers would use each API to receive aggregated data about issues like conversion and attribution, for example. The Sandbox would rely on anonymised information taken from a person’s Chrome browser, such as their browsing habits.