Data Governance

ICO hits out at real-time bidding

The Information Commissioner’s Office has criticised real-time bidding carried out by the likes of Google and Facebook because the practice goes against the General Data Protection Regulation.

The automation of advert-selling, real-time bidding has come under fire in recent months by many experts in the UK for the ways in which it muddies the waters of data processing.

Earlier this year Cairncross Review wrote:

“The programmatic display advertising market is seen as particularly complex, and lacks transparency across the advertising supply chain.”

The UK regulator feels that the manner by which data is harvested by advert sellers through the process of real-time bidding amounts to a violation of the GDPR which sets tough new standards regarding how data controllers may collect, store and use personal information.

In a report, the ICO said:

“The ad-tech industry appears immature in its understanding of data protection requirements. Whilst the automated delivery of ad impressions is here to stay, we have general, systemic concerns around the level of compliance of RTB.”

If the words in the report are not yet enshrined in law, the ICO is nonetheless clear on its intent to actively bring down the levels of data that the real-time bidding process typically throws around.

A function called “DoubleClick” by Google relies on an algorithm which attributes an advert deemed best suited to a particular user based on that users search results and other online data.

While each Google user “consents” to this process taking place each time they interact with Google, the UK commissioner believes further consent gates are needed for consumers, so that more clarity is given on how real-time bidding services work.