[ad_1]
The privacy warriors have filed new evidence in their fight against real-time web-based ad exchange systems, which activists say trample on European data protection laws.
The new documents filed today with the UK, Irish and Polish supervisors allege that Google and the Inter Advertising Advertising Bureau (IAB) are well aware that the commercial models of their advertising networks are flouting the backup RPG respect for the privacy of the EU. do not do anything about it. The IAB, Google – which is a member of the IAB – and other players in the advertising world insist that they do not do anything wrong.
The new submissions arrive soon after the UK's Information Commissioner's Office (ICO) has revealed its intention to survey programmatic advertising. These ads are selected and broadcast on the fly when you visit a webpage, using all the personal information collected about you to choose the one that best suits your interests.
Typically, advertisers make an offer of space on a webpage in real time, depending on the type of visitor: the page is extracted from a website, it introduces the ad network code, this which triggers an auction between advertisers that ends in a split second, and the winning ad is served and displayed (baduming the ad is not blocked.) This transaction, called a real-time bid or RTB, performs automatically and immediately when an ad is required, and it can be quite complicated: ad slots can be pbaded. through a tangle of editors and exchanges before they arrive in a browser.
People who are known to be rich and have a lot of available revenue, or IT buyers with large spend budgets, for example, will get higher advertising rates than those who are unlikely to buy anything with ad. That's why ad networks and stock exchanges, like Google, love knowing everything about you, all this confidential and personal data, so you can sell ads and target your ads to content that you previously interested.
The OIC survey will focus on the degree of people's knowledge about the use of their personal information for this type of online advertising, on the laws on which the advertising technology companies are located. support to process said personal data and the data security of the users, because they are shared. on these platforms.
At the same time, these latest filings follow complaints filed by the same rights activists online at the end of last month and in 2018.
Information Technology Industry: GDPR complaint is like forcing road builders to answer for traffic violations
READ MORE
Privacy advocates claim that the aforementioned auction systems are in contradiction with the European General Data Protection Regulation (GDPR), as Internet users have little or no control over the mbadive amounts of data related to privacy. advertising spread between sites and services. In addition, this information can be very personal, sometimes with location coordinates, pseudonymous identifiers, personal interests and the visited site.
The complaints, which blame the IAB's openRTB systems and Google's authorized buyers, have been filed in the UK by Jim Killock, Executive Director of Open Rights Group, and Michael Veale, a specialist in the protection of privacy. in Ireland by Johnny Ryan of the Brave biz browser; and in Poland by the Panoptykon Foundation.
The IAB has always insisted that complaints should not be directed at RTB technology manufacturers, such as itself – and that road builders should be held accountable to those who go beyond the speed limit. In other words, the technology can be abused, but apparently not by its developers. And industry representatives claimed that the plaintiffs had only proved that it was possible to break the law, but not that it had been done.
As such, the privacy warriors hope to give more weight to their arguments and have today submitted a new set of documents to the regulators of the three countries mentioned above. This cache contains sample data transmitted by RTB systems and the number of daily auction requests made by the ad exchanges, which reach 131 billion for AppNexus and 90 billion for Oath / AOL.
"Programmatic trade may be incompatible with GDPR"
The complainants also filed documents which they believe prove that the IAB has long been aware of the existence of a potential problem with RTB systems and their compliance with the GDPR.
The latest cache is a 2017 email – obtained as part of a request for access to information – sent by IAB Europe's general manager, Townsend Feehan, to executives senior management of the European Commission's Directorate-General for Networks, Content and Communication Technology.
E-mail reveals that Feehan's lobbying committee members oppose proposals for a new privacy regulation (ePrivacy Regulation), supposed to come into force with the GDPR but stalled in negotiations , saying it could "end the online advertising model."
Programmatic exchanges would seem, at least at first sight, to be incompatible with RGPD consent
The executive annexed an eighteen-page document to the e-mail detailing IAB Europe's reasoning, which discussed the impact of proposals to tighten the rules on the use of personal data by individuals at the same time. level than the GDPR, including the requirement for information consent. Crucially, consent under the GDPR requires that people be clearly informed of what is happening with their sensitive information, which means that visitors to the website must know the identity of the data controller (s) dealing with their data and the purposes of this treatment. Given the instant and complicated nature of the auction, it is apparently impossible to alert Internet users before the auction in real time, it was said.
This is, it seems, the problem between the RPGD and instant Web advertising on the fly.
"Since it is technically impossible for the user to have prior information about each data controller involved in a real-time auction (RTB) scenario, the scheduled trading, growth area the faster digital advertising spending, would seem, at least at first glance, to be inconsistent with consent under the GDPR, "said the IAB.
Brave 's Johnny Ryan said it recognized the problem at the heart of the activists' complaint – and hinted that the IAB did not think that the adtech business model could work with the GDPR.
Since then, the IAB has launched a "Consent and Transparency Framework" to help companies involved in RTB systems meet their legal obligations – but opponents say this does not change the facts at the heart of the issue .
Similarly, a May 2018 document produced by the IAB Tech Lab – a group producing standards, software and services for publishers, marketers, media and digital technology companies – recognized the concerns on compliance with the GDPR. According to the laboratory, the editors feared "that there is no technical way to limit the use of the data after their receipt by a supplier for decision / offer on / after the delivery." an announcement, but a way to clearly signal the restriction "for the authorized uses in an auditable manner. "
He also stated that "it might be too many vendors / permissions to provide thousands of vendors with extensive data usage rights without customizing them." And elsewhere in the 2017 paper, the IAB said that, to the extent that third parties in adtech have link to the end user [they] will be unable to collect consent. "
"The legal basis is apparently inconsistent"
It's an interrogation question like this, from the industry itself, that privacy activists hope to strengthen. Simon McDougall, Technology Policy Officer at ICO, also highlighted these concerns in an article published earlier this month on his blog, which outlined the organization's plan for adtech.
"The legal basis for the processing of personal data currently supported by different organizations operating in the adtech ecosystem is apparently inconsistent," he said. "There seems to be a lot of thought on the relevance of different bases for the processing of personal data – we would like to understand why differences exist."
He added that the OIC was interested in how and by what people are informed about how their personal data is used for online advertising and by the accuracy of these disclosures.
A third part of the ICO probe will examine the security of data widely and rapidly shared during auctions. "We want to know how organizations can trust and give badurances that any future data transfer will be secure," McDougall said.
The ICO emphasized that it was in the fact-finding phase and that it wanted to hear all the "divergent points of view" on adtech.
And, for their part, the plaintiffs in the case against IAB Europe and Google said they were not necessarily trying to stop online advertising. Instead, they want advanced technology companies to work without sharing the highly personal information they currently possess. For example, Ryan stated that the IAB RTB system allows 595 different data types to be included in a RFQ. To eliminate the use of only 4% would be a simple and long-awaited solution. ®
Source link
