The internet is changing rapidly, and one area that is causing a lot of concern is the way users’ information is handled by media companies and data protection authorities. Recently, the Irish DPC fined Meta, and this is likely to lead to more legal action around online advertising, especially when it comes to behavioural advertising and ad tech.
Media companies are increasingly using their customers’ data in ways that customers may not realize when they give their information. It started with companies reselling subscribers’ data, but it has become much more sophisticated. Sometimes, data is collected to improve users’ browsing experience and understand their content preferences, but it is also used to tailor ads to individuals.
Browser cookies were originally designed to help websites remember some information about users so that they could improve their experience. However, cookies can also be used to collect information about users’ preferences and habits, which can then be used to make marketing messages more effective. All of these practices are now being closely examined and regulated.
As lawmakers define the rights of individuals to know how their data is being used and to control it, media companies will have to change their business practices to stay compliant. For companies that have been careless with their customers’ data, this could mean big trouble.
What is Behavioural advertising?
Have you ever noticed that sometimes the ads you see online seem eerily tailored to your interests? Well, that is because of something called behavioural advertising. Essentially, it is a type of online advertising that collects and analyses your online behaviour data in order to show you ads that are supposed to be more relevant to you.
On the one hand, the idea is that this will create a more personalized experience for you as a user. But on the other hand, there are some concerns that come with this type of advertising.
Privacy concerns with online advertising
- Tracking – Behavioural advertising often involves tracking your activity across multiple websites and devices. This can make people worry that they are being monitored and profiled in a way that could lead to discrimination.
- Data collection and sharing – When you interact with online ads, your personal data can be collected and shared with third-party advertisers and other entities. This raises concerns about the misuse of personal information.
- Inaccurate data – The accuracy of behavioural advertising relies on accurate personal data, but sometimes that data can be outdated or just plain wrong.
- Data security – Storing personal data for advertising purposes raises concerns about data breaches and the exposure of sensitive information.
- Lack of control – As a user, you often have limited control over the collection and use of your personal data for advertising purposes. You may not even be aware of how much of your personal information is being collected and used.
What are the GRC trends of 2023?
The internet is built on agreements between media companies and us, the users. This allows social media, search engines, and other innovative platforms to give these companies our personal data for free, which they use to give us personalized advertisements.
However, the amount of personal data being collected and used is worrying. This raises concerns about the misuse of our personal information. To address these concerns, people are asking for more regulation of online advertising and data collection practices. Some countries have already put new laws and regulations in place, and companies that rely on selling targeted ads are being impacted by new privacy measures.
As technology advances and privacy concerns are addressed, it is likely that online advertising will continue to evolve. The industry will need to find a balance between delivering relevant and effective advertisements while also protecting our privacy.
Wait, do not we have a law for that?
The European Union is trying to regulate the mass collection of data. They have implemented the General Data Protection Regulation (GDPR) in Europe, and similar rules have been put in place in other countries.
The idea behind these regulations is pretty simple: consumers have specific rights when it comes to companies collecting and processing their information. These rights include:
- Right to information (Articles 12 to 14 GDPR): Affected persons have the right to be informed about the collection and use of their personal data.
- Right to information (Article 15 GDPR): Data subjects have the right to inspect and request a copy of their personal data.
- Right to rectification (Article 16 GDPR): The data subject has the right to have inaccurate or outdated personal data updated or corrected.
- Right to be forgotten/right to erasure (Art. 17 GDPR): Data subjects have the right to have their personal data erased. Please note that this is not an absolute right and may be subject to exceptions provided by certain laws.
- Right to data portability (Article 20 GDPR): Data subjects have the right to request that their data be transferred to another controller or made available to them. Data must be provided in a machine-readable electronic format.
- Right to restriction of processing (Article 18): Data subjects have the right to request the restriction or erasure of their personal data.
- Right to withdraw consent (Article 7 GDPR): Data subjects have the right to withdraw their prior consent to the processing of their personal data.
- Right to object (Art. 21 GDPR): Data subjects have the right to object to the processing of their personal data.
- Right to object to automated processing (Article 22 GDPR): Data subjects have the right to object to decisions made using their data based solely on automated decision-making or profiling.
Now, these rights may seem straightforward, but most publisher systems were not built with the intention of making it easy for consumers to view or delete their data, let alone restrict its use. The GDPR also stipulates that collected data should only be used for purposes that were clearly stated at the time it was collected.
This is where apps like Google Maps got into trouble with French authorities. While Google uses your location information to give you directions, they were also using it to sell ads to nearby retailers without explicitly telling users about this use. For example, if you searched for a lunch spot, Google might use your location to market nearby shops to you, which was not part of your intention when you used Maps.
European authorities want to disclose how such personal data is used when you use Maps unless you explicitly consent to your location being used in this way. This concludes with a brief overview of European efforts to regulate data collection and use by software companies.
Giving consent for algorithmic data collection: a practical challenge
These laws could affect many ways of collecting data that are not considered Personal Identifiable Information (PII). Ad retargeting has become pretty commonplace, but also a little bit creepy. You probably had the experience of checking out a product online and then seeing ads for that same product popping up everywhere you go on the internet. The way this works is that your internet browser collects your browsing history and uses that information to determine what ads to show you. It is a big business in the digital world.
But when it comes to algorithms using your browsing data to serve you ads, how do you give your consent in a way that makes sense, and how do you even know who has access to your data? The idea that consumers should be responsible for managing their own data is nice in theory, but in practice, it is incredibly overwhelming because of the sheer volume of data that is out there.
Back in 2002, Europe tackled some of these issues with the ePrivacy directive. The result was that websites were required to display cookie banners to notify visitors that their data was being stored. Because it was a directive, it took some time for member states to get on board with the cookie banner solution. From the beginning, European lawmakers wanted to make sure that sites and app makers had to get consent before storing any data on an individual his device.
Alternative privacy friendly online advertising
The objective of privacy-friendly alternatives is to show users relevant ads while respecting their privacy and minimizing the collection and use of personal data. There are various privacy-friendly alternatives available, including:
- Contextual advertising – This method of advertising displays ads based on the context of the content on a website or app, instead of collecting and analysing personal data.
- Decentralized technologies – Decentralized advertising platforms enable advertisers to target users without collecting and centralizing their personal data. For instance, blockchain-based advertising platforms can use encrypted data and smart contracts to display ads that are both relevant and respectful of users’ privacy.
- Ad-supported content – Some websites and apps provide their content for free in exchange for displaying ads. This approach allows for the display of relevant ads without collecting personal data or tracking online activity.
- Ad-free subscriptions – Some websites and apps offer ad-free versions for a fee, providing an alternative for users who are concerned about their privacy and personal data collection.
These are just a few examples of how to display ads without making users feel like they are being monitored online. As the industry evolves rapidly, there may be new options available in the future.
Alternative privacy friendly online advertising
However, there are significant privacy concerns associated with the collection and utilization of personal data. Companies typically prioritize the collection and sharing of as much data as possible, with the safeguarding of personal data often playing a secondary role. Nevertheless, the utilization of targeted advertising is on the rise as it is thought to boost sales effectively. Meanwhile, other types of advertising, such as those perceived as intrusive or disruptive, are expected to be utilized less as users demand improved online advertising experiences. It is crucial to strike a balance between delivering pertinent and personalized ads to users while ensuring the protection of their privacy and personal data.
Nixon Digital offers an advanced Data Privacy Manager tool to help businesses manage their data privacy compliance. Equipped with the latest tools and technologies, the platform is designed to help businesses meet regulatory requirements while enhancing their data security practices. The solution provides businesses with a comprehensive set of features and functionalities to navigate the complex world of data privacy regulations. Request a demo to understand the various features of our platform and how it can help overcome compliance challenges. Nixon Digital’s team of experts guide businesses through the entire process from understanding unique business needs to deploying and configuring the solution.