Vendors were found to be using sensitive consumer data without their explicit consent.
The Information Commissioner’s Office (IOC) at the recent “ad tech fact-finding forum” in London, said that the ad industry’s existing real-time bidding practices infringe GDPR. Other issues discussed at the event included the treatment of sensitive data and the substandard contractual agreements between vendors on protecting bid-request data.
ICO’s executive director of innovation, Simon McDougall, said that vendors directly processed sensitive data like ethnicity or sex life without the consumers’ consent. ICO also noted that companies were using a poor standard when collecting user data based on “legitimate interest”.
The data protection authority also said privacy policies lacked clarity or provided conflicting information. ICO warned the ad tech industry about hefty fines for violating of GDPR rules.
[4 minute read]