2019 is ‘the year of GDPR fines’

Industry Contributor 15 Jul 2019 - 2 min read

2019 is ‘the year of GDPR fines’

By Paul McIntyre - Executive Editor

Market Voice 3 min read

How to use generative AI beyond efficiency: Just talk to it for half an hour every week – OK Tomorrow founder Nilesh Ashra

By Nine | Partner Content

OK Tomorrow founder Nilesh Ashra is convinced AI can unlock the creative floodgates, and has some cracking examples covering customer, product and HR. But media and marketing appear to be running headlong for efficiency.

Market Voice 3 min read

Advanced Audiences: Nielsen makes synthetic, first-party data play as CMOs prioritise customer lifetime value, optimise marketing technology investments, and navigate changes in privacy laws

By Nielsen | Partner Content

Audience measurement company, Nielsen, is becoming a first-party marketing company, working directly with brands to build privacy-compliant customer segments – panel data that is synthetically overlaid with brands’ customer data platform (CDP) data.

Tags: GDPR, data privacy, marketing, data, digital, cookies, RTP, ad tech

After the UK Information Commissioner’s Office hit British Airways and Marriott with fines collectively totalling A$500m, it appears the ICO is intent on stepping up GDPR compliance measures, and ad execs are worried (Digiday).

Key points

BA fined £183m (A$328m), Marriott fined £99m (A$177m) for serious data breaches
Any business that uses third parties to process customer data exposed to risk of similar breaches
Ad execs say the timing, following recent warnings from the ICO that behavioural advertising is breaking the law and that consent management platforms are non-compliant, is no coincidence
“2019 is the year of enforcement” – Gabe Morazan, director of product management at CrownPeak

BA and Marriott’s fines reflect big, serious data breaches. But the digital ad ecosystem could leak similar volumes of data – and that should worry everyone in the supply chain.

Mark Bembridge, CEO of contextual ads firm Smartology told Digiday: “Given the use of data in RTB, the fact the ICO has reacted with such a large fine for BA is worrying for RTB and programmatic players still using personal data with no consent.”

The fact that the ICO has issued warnings explicitly spelling out what is – and what is not – compliant around targeted ads, consent, and treatment of data means companies have no excuses when the ICO comes knocking. This month the ICO is launching “targeted information-gathering activities related to the data supply chain and profiling aspects, the controls in place, and the DPIAs (data protection impact assessments) undertaken.”

It has also flagged a further review or ‘industry sweep’ of the ad tech market around the end of this year.

The size of last week's fines should also have a lot of companies looking at the liability clauses in their data processing contracts, as Digiday suggests.

Meanwhile the ICO’s Irish counterpart is currently investigating data breaches at Facebook, Apple and Google, and the EU has a whole bunch of cases underway. Some outlets speculate that the really big fines are yet to come.