Key Takeaways from the SCL Privacy and DP Group Event: Ad Tech – Bring Everyone to the Table

May 10, 2020


Anita Bapat (Kemp Little LLP)

Tom O’Flynn (Google)

James Evan (Verizon media)

Alex Abrahams (DMGT)

Karishma Brahmbhatt (Allen & Overy LLP)

Event Overview

With ad-tech a key focus for data protection authorities such as the ICO and CNIL, panellists James, Alex and Tom methodically described ad-tech infrastructure, and the various players involved within the ad-tech ecosystem and their controllership positions, before detailing data flows and key privacy challenges the industry is facing.

The panel also discussed the ICO’s recent report on ad-tech and real time bidding before exploring the ways in which the Interactive Advertising Bureau’s (IAB) Transparency and Consent Framework (TCF) can help those in the ad-tech industry to meet their privacy and security obligations.

Key Takeaways from this Session

Data Protection controllership position of key players

–         Context specific

–         No universally accepted view

–         Likely that the vast majority of players will be controllers (though note the possibility for the same entity to be processor for some types of processing, and controller for others)

ICO report: ‘update report into ad-tech and real time bidding’

–         Notes that in general the ad-tech industry has work to do to be fully GDPR-compliant, and need to focus on technological solutions to, amongst other things, increase transparency.

–         Raises difficult questions around lawful basis for processing data after placement of cookies, categorisation of real time bids amounting to sensitive personal information, and profiling.

–         Key aggravating factors for the ICO appear to be lack of transparency, scale of processing and data leakage throughout the supply chain


–         Aims to help the ad-tech industry to comply with GDPR and e-privacy obligations

–         TCF v2.0 helps to address some of the issues raised by the ICO’s report