To ask Her Majesty's Government what assessment they have made of reports that loopholes in Google's advertising networks allow companies to target vulnerable groups.
25 February 2020
All organisations that process data that contains personal or identifying information about individuals in the UK must comply with the General Data Protection Regulation and the Data Protection Act 2018. The Privacy and Electronic Communication Regulations 2003 also imposes certain restrictions on the processing of personal data for direct marketing purposes.
These rules impose strict obligations on organisations to process people’s data fairly and lawfully and to ensure that any data collected is held securely. Organisations must also ensure they have a legal basis for processing data, are clear and transparent about how personal data will be handled, and ensure that the data is processed in a way which individuals would expect. Organisations that fail to comply may be subject to enforcement action by the Information Commissioner’s Office.
The ICO are consulting on a draft code of practice on Direct Marking, which is available on the ICO's website.
Last year the government announced its intention to consider how online advertising is regulated in the UK. One of the key aims of this work is to drive transparent and ethical targeting practices for advertising online so that consumers are informed, empowered and can have trust in online advertising. The Centre for Data Ethics and Innovation published a Review of online targeting on the 4th February 2020, which explicitly considers the impact of targeting on vulnerable people. This included a number of recommendations which the Government is considering; we will respond to the report by October. In addition, the ICO is currently investigating real time bidding practices within online advertising to ensure they are GDPR compliant.