Skip to main content
Industry Contributor 15 Jul 2019 - 2 min read

2019 is ‘the year of GDPR fines’

By Paul McIntyre - Executive Editor

After the UK Information Commissioner’s Office hit British Airways and Marriott with fines collectively totalling A$500m, it appears the ICO is intent on stepping up GDPR compliance measures, and ad execs are worried (Digiday).

 

Key points

  • BA fined £183m (A$328m), Marriott fined £99m (A$177m) for serious data breaches
  • Any business that uses third parties to process customer data exposed to risk of similar breaches
  • Ad execs say the timing, following recent warnings from the ICO that behavioural advertising is breaking the law and that consent management platforms are non-compliant, is no coincidence
  • “2019 is the year of enforcement” – Gabe Morazan, director of product management at CrownPeak

BA and Marriott’s fines reflect big, serious data breaches. But the digital ad ecosystem could leak similar volumes of data – and that should worry everyone in the supply chain.

Mark Bembridge, CEO of contextual ads firm Smartology told Digiday: “Given the use of data in RTB, the fact the ICO has reacted with such a large fine for BA is worrying for RTB and programmatic players still using personal data with no consent.”

The fact that the ICO has issued warnings explicitly spelling out what is – and what is not – compliant around targeted ads, consent, and treatment of data means companies have no excuses when the ICO comes knocking. This month the ICO is launching “targeted information-gathering activities related to the data supply chain and profiling aspects, the controls in place, and the DPIAs (data protection impact assessments) undertaken.”

It has also flagged a further review or ‘industry sweep’ of the ad tech market around the end of this year.

The size of last week's fines should also have a lot of companies looking at the liability clauses in their data processing contracts, as Digiday suggests.

Meanwhile the ICO’s Irish counterpart is currently investigating data breaches at Facebook, Apple and Google, and the EU has a whole bunch of cases underway. Some outlets speculate that the really big fines are yet to come.

What do you think?

Search Mi3 Articles